Compare commits

..

1491 Commits

Author SHA1 Message Date
06848be14b fix nak in peap
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:04 +02:00
4bae3bbe60 most of gtc
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:04 +02:00
e33f839d7f add basic testing readme
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:04 +02:00
f5eb827d14 start reworking response modification
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:03 +02:00
9045f5ba73 add tests for peap-extensions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:03 +02:00
7b97e92094 hmm
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:03 +02:00
3027cdcc4b mschapv2 working
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:03 +02:00
67f627a925 mostly working
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:03 +02:00
f1101e0c01 mostly parsing eavp extensions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:03 +02:00
fb01a117ad encode extension AVPs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:03 +02:00
fad18db70b more mschap v2, start peap extension type 33
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:02 +02:00
e0c837257c fix decode not called in inner protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:02 +02:00
2a567ccc85 peap: fix encode
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:02 +02:00
e36373ceab cleanup parsing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:02 +02:00
d8a625be03 fix a bunch of stuff ig
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:02 +02:00
4d944f7444 eap/tls: trunc data to size we read
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:02 +02:00
c49274042b slightly better decoding
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:01 +02:00
10fc15ffe0 more debug tools
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:01 +02:00
7c996d9d9d start handling inner
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:01 +02:00
5d25f68b71 start inner STM
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:01 +02:00
8da54d5811 more refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:00 +02:00
4571f5e644 working PEAP decode
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:00 +02:00
ee234ea3aa simplify
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:00 +02:00
82c177b7eb try to make this work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:00 +02:00
1155ccb3e8 support SSLKEYLOGFILE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:43:00 +02:00
1575b96262 separate eap logic into protocol
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:59 +02:00
19bb77638a folder structure to prepare eap in eap
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:59 +02:00
d6cf129eaa attempt peap
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:59 +02:00
b6686cff14 refactor v1, start support for more protocols and implement nak
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:59 +02:00
8cf8f1e199 keep eap state when refreshing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:59 +02:00
50c50c4109 remove panic
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:59 +02:00
51f4a8d83d fix outpost not having perms for cert
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:58 +02:00
3ada3a7e0e make certificate configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:58 +02:00
fa06c9fe4e start tying it into the flow
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:58 +02:00
2a024238fe slightly better logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:58 +02:00
91c87b7c3c ok this works kinda
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:58 +02:00
318443f270 hmmm idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:57 +02:00
ac88784089 maybe?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:57 +02:00
855afa7b9f slight read refactor (seems to fix flaky issues?)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:57 +02:00
240abfef41 use tighter retry that cancels and backs off
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:57 +02:00
03075f1890 slight refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:57 +02:00
5bc0ed6e11 apparently it works now
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:57 +02:00
8f4cfc28c7 fix outgoing buffer not cleared when sending unchunked
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:57 +02:00
6d77eaaab7 deduplicate
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:56 +02:00
9cee59537c prep ctx
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:56 +02:00
fc5c0e2789 generate MPPE key
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:56 +02:00
573446689f fix remaning tls data not sent
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:56 +02:00
fd4bfe604d more fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:56 +02:00
06e76a5b37 it's almost working
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:56 +02:00
3c228bf5c3 try to make the finish work
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:55 +02:00
8a80f07db2 this might actually be cooking
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:55 +02:00
ae59a3e576 we're getting somewhere
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:55 +02:00
df21e678d6 fix a bunch more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:55 +02:00
a71532b3e3 refactor more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:55 +02:00
d7cb0b3ea1 fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:54 +02:00
ba8f137885 keep track of total payload size
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:54 +02:00
958ff66070 fix parsing when lengincluded is not set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:54 +02:00
ad57c66a32 better log
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:54 +02:00
2bba0ddd74 might actually happen?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 22:42:54 +02:00
767c0a8e45 website/docs: enhance customization docs (#15081)
* drafty

* rearrange everything

* fix links

* fixed link

* more links to fix

* tweaks

* not sure

* Optimised images with calibre/image-actions

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/_global/global.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/sys-mgmt/brands.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/_global/global.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/_global/global.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/user-admin/customization.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/user-admin/customization.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/user-admin/customization.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/user-admin/customization.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/user-admin/customization.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/netlify.toml

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/flow/customization.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* tweak

* separated admin and user again

* so many busted things, now unbusted

* redirect yesterday's redirects

* dewi edits

* tweak to bump build

* revert package.json change

* links, tweaks

* Optimised images with calibre/image-actions

* Update website/docs/customize/interfaces/admin/customization_admin_ui.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/admin/customization_admin_ui.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/flow/customization_flow.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/flow/customization_flow.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/user/customization_user_ui.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/customize/interfaces/admin/customization_admin_ui.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* simplify sidebar

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix redirect indent

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename files

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* flows -> flow interface

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 15:24:56 -05:00
b10c795a26 website: bump the build group across 1 directory with 9 updates (#15332)
Bumps the build group with 9 updates in the /website directory:

| Package | From | To |
| --- | --- | --- |
| [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.4.1` | `1.4.2` |
| [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.4.1` | `1.4.2` |
| [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.4.1` | `1.4.2` |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.12.7` | `1.12.9` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.7` | `1.12.9` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.7` | `1.12.9` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.12.7` | `1.12.9` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.7` | `1.12.9` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.7` | `1.12.9` |



Updates `@rspack/binding-darwin-arm64` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.4.2/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.4.2/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.4.2/packages/rspack)

Updates `@swc/core-darwin-arm64` from 1.12.7 to 1.12.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.7...v1.12.9)

Updates `@swc/core-linux-arm64-gnu` from 1.12.7 to 1.12.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.7...v1.12.9)

Updates `@swc/core-linux-x64-gnu` from 1.12.7 to 1.12.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.7...v1.12.9)

Updates `@swc/html-darwin-arm64` from 1.12.7 to 1.12.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.7...v1.12.9)

Updates `@swc/html-linux-arm64-gnu` from 1.12.7 to 1.12.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.7...v1.12.9)

Updates `@swc/html-linux-x64-gnu` from 1.12.7 to 1.12.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.7...v1.12.9)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.12.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.12.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.12.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.12.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.12.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.12.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-01 20:16:11 +02:00
8088e08fd9 website/docs: re-add gtag (#15334)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 19:32:39 +02:00
eab6e288d7 core: bump lxml from 5.4.0 to 6.0.0 (#15281)
Bumps [lxml](https://github.com/lxml/lxml) from 5.4.0 to 6.0.0.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](https://github.com/lxml/lxml/compare/lxml-5.4.0...lxml-6.0.0)

---
updated-dependencies:
- dependency-name: lxml
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-01 17:19:01 +02:00
91c2863358 website: bump @types/node from 24.0.7 to 24.0.8 in /website (#15328)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.7 to 24.0.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-01 17:01:24 +02:00
1638e95bc7 website: bump the build group in /website with 3 updates (#15279)
Bumps the build group in /website with 3 updates: [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack), [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) and [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack).


Updates `@rspack/binding-darwin-arm64` from 1.3.15 to 1.4.0
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.4.0/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.3.15 to 1.4.0
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.4.0/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.3.15 to 1.4.0
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.4.0/packages/rspack)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-01 17:00:46 +02:00
8f75131541 website: bump the eslint group in /website with 3 updates (#15329)
Bumps the eslint group in /website with 3 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@typescript-eslint/eslint-plugin` from 8.35.0 to 8.35.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.35.0 to 8.35.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.1/packages/parser)

Updates `typescript-eslint` from 8.35.0 to 8.35.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.35.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.35.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.35.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-01 17:00:00 +02:00
c85471575a stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#15327)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-07-01 10:40:19 +02:00
5d00dc7e9e enterprise/search: fix search fallback for non QL queries (#15325)
* enterprise/search: fix search fallback for non QL queries

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix fixed tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 00:55:23 +02:00
6982e7d1c9 web/elements: fix table search not resetting page when query changes (#15324)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-07-01 00:55:09 +02:00
c7fe987c5a core: fix missing serializer on AuthenticatedSession (#15323)
fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-30 21:30:34 +02:00
e48739c8a0 stages/email: remove superflous <td> from account_confirmation template (#15297)
🐛 FIX: stages/email: remove superflous <td> from account_confirmation template

Signed-off-by: Jonas Sulzer <jonas@violoncello.ch>
2025-06-30 11:02:52 +00:00
b2ee585c43 website: bump @types/node from 24.0.4 to 24.0.7 in /website (#15307)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.4 to 24.0.7.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 12:37:30 +02:00
97e8ea8e76 website: bump prettier-plugin-packagejson from 2.5.16 to 2.5.17 in /website (#15308)
website: bump prettier-plugin-packagejson in /website

Bumps [prettier-plugin-packagejson](https://github.com/matzkoh/prettier-plugin-packagejson) from 2.5.16 to 2.5.17.
- [Release notes](https://github.com/matzkoh/prettier-plugin-packagejson/releases)
- [Commits](https://github.com/matzkoh/prettier-plugin-packagejson/compare/v2.5.16...v2.5.17)

---
updated-dependencies:
- dependency-name: prettier-plugin-packagejson
  dependency-version: 2.5.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 12:37:11 +02:00
1f1e0c9db1 website: bump the eslint group in /website with 2 updates (#15309)
Bumps the eslint group in /website with 2 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) and [eslint](https://github.com/eslint/eslint).


Updates `@eslint/js` from 9.29.0 to 9.30.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.30.0/packages/js)

Updates `eslint` from 9.29.0 to 9.30.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.29.0...v9.30.0)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.30.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint
  dependency-version: 9.30.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 12:37:01 +02:00
ca47a803fe core: bump uvicorn[standard] from 0.34.3 to 0.35.0 (#15312)
Bumps [uvicorn[standard]](https://github.com/encode/uvicorn) from 0.34.3 to 0.35.0.
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/docs/release-notes.md)
- [Commits](https://github.com/encode/uvicorn/compare/0.34.3...0.35.0)

---
updated-dependencies:
- dependency-name: uvicorn[standard]
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 12:36:45 +02:00
c606eb53b0 core: bump goauthentik.io/api/v3 from 3.2025062.6 to 3.2025063.1 (#15306)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 09:32:40 +00:00
62357133b0 core: bump astral-sh/uv from 0.7.15 to 0.7.17 (#15311)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 10:03:54 +02:00
99d2d91257 core: bump sentry-sdk from 2.31.0 to 2.32.0 (#15314)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 10:02:43 +02:00
69d9363fce core: bump axllent/mailpit from v1.26.2 to v1.27.0 in /tests/e2e (#15315)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 10:02:28 +02:00
cfc7f6b993 core, web: update translations (#15298)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-30 03:17:37 +02:00
bebbbe9b90 website/integrations: add omada controller doc (#14523)
* Adds omada controller doc and updated integration sidebar

* Update verification section

* WIP

* WIP

* Updated encoding section

* Finished document

* Applied suggestions

* Applied suggestions

* Entity ID changed to issuer

* Update website/integrations/services/omada-controller/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omada-controller/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omada-controller/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omada-controller/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omada-controller/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omada-controller/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omada-controller/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omada-controller/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* And then

* Remove errant :::

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-28 15:50:22 +00:00
188d3c69c1 Change issuer from zulip to authentik in zulip integration documentation (#15296)
I tried to follow this documentation. My zulip instance (running docker-zulip 10.3-0)  did not recognize the IdP when a user returned from authentik to zulip, until I changed the issuer in the authentik settings from `zulip.company` to `authentik.company`.

Signed-off-by: CSDUMMI <31551856+CSDUMMI@users.noreply.github.com>
2025-06-28 13:25:54 +01:00
877f312145 website/integrations: bookstack: fix redirect URI (#15295)
Signed-off-by: Dominic R <dominic@sdko.org>
2025-06-28 11:13:19 +01:00
f471a98bc7 website/integrations: fix typo in actual budget (#15293)
docs: Update index.mdx

Signed-off-by: Bryan J. <132493975+chkpwd@users.noreply.github.com>
2025-06-27 12:52:42 -05:00
e874cfc21d website: bump prettier from 3.6.1 to 3.6.2 in /website (#15280)
Bumps [prettier](https://github.com/prettier/prettier) from 3.6.1 to 3.6.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.6.1...3.6.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.6.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-27 17:04:52 +02:00
ec7bdf74aa core, web: update translations (#15278)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-27 14:56:51 +00:00
e87bc94b95 release: backport 2025.6.3 (#15292)
release: 2025.6.3
2025-06-27 16:21:18 +02:00
a3865abaa9 website: changelog for security releases (#15291)
* website: changelog for security releases

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-27 15:42:02 +02:00
7100d3c674 security: fix CVE-2025-52553 (#15289)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-27 15:26:39 +02:00
c0c2d2ad3c website/docs: updated security release procedure (#15288)
* ci: skip translate compile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ci: allow skipping build container for website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix gha perms?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-27 14:18:29 +02:00
dc287989db translate: Updates for file web/xliff/en.xlf in zh-Hans (#15285)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-27 14:02:01 +02:00
03204f6943 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#15284)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-27 14:01:48 +02:00
fcd369e466 translate: Updates for file web/xliff/en.xlf in zh_CN (#15283)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-27 14:01:38 +02:00
cb79407bc1 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#15282)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-27 14:01:16 +02:00
04a88daf34 translate: Updates for file locale/en/LC_MESSAGES/django.po in it (#15273)
Translate locale/en/LC_MESSAGES/django.po in it

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'it'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-27 13:59:54 +02:00
c6a49da5c3 translate: Updates for file web/xliff/en.xlf in it (#15272)
Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-27 13:59:35 +02:00
bfeeecf3fa ci: more adjustable mirror options (#15287)
* custom mirror which doesn't get rid of other branches

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add workflow for manual semi-release

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make ci work on internal

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-27 13:48:20 +02:00
d86b5e7c8a web/packages: NPM workspace: Mini Cleanup (#14767)
* web: Move non-workspace package.

* web: Update ESBuild package version.

* web: Use NPM link to alias local package.

* web: Update lock.

* web: Fix regression where bundler is expected.
2025-06-26 17:29:35 -04:00
a95776891e website/docs: add hint that flows need cookies (#15252)
* website/docs: add hint that flows need cookies

The executor itself does not set a session cookie, but requires
one to be set before. This took me days to figure out, so maybe
this will be helpful to somebody in the future.

Signed-off-by: Leonardo Mörlein <git@irrelefant.net>

* Update website/docs/developer-docs/api/flow-executor.md

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-06-26 15:40:40 +00:00
031158fdba website: bump prettier from 3.6.0 to 3.6.1 in /website (#15263)
Bumps [prettier](https://github.com/prettier/prettier) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.6.0...3.6.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.6.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:51:40 +02:00
b2fbb92498 core: bump django-prometheus from 2.4.0 to 2.4.1 (#15253)
Bumps [django-prometheus](https://github.com/korfuri/django-prometheus) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/korfuri/django-prometheus/releases)
- [Changelog](https://github.com/django-commons/django-prometheus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/korfuri/django-prometheus/compare/v2.4.0...v2.4.1)

---
updated-dependencies:
- dependency-name: django-prometheus
  dependency-version: 2.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:51:29 +02:00
b1b6bf1a19 core, web: update translations (#15251)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-26 14:28:13 +02:00
179d9d0721 core: bump goauthentik.io/api/v3 from 3.2025062.5 to 3.2025062.6 (#15259)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025062.5 to 3.2025062.6.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025062.5...v3.2025062.6)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025062.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:25:27 +02:00
8e94d58851 core: bump google-api-python-client from 2.173.0 to 2.174.0 (#15255)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.173.0 to 2.174.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.173.0...v2.174.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-version: 2.174.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:25:10 +02:00
026669cfce core: bump msgraph-sdk from 1.34.0 to 1.35.0 (#15256)
Bumps [msgraph-sdk](https://github.com/microsoftgraph/msgraph-sdk-python) from 1.34.0 to 1.35.0.
- [Release notes](https://github.com/microsoftgraph/msgraph-sdk-python/releases)
- [Changelog](https://github.com/microsoftgraph/msgraph-sdk-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/microsoftgraph/msgraph-sdk-python/compare/v1.34.0...v1.35.0)

---
updated-dependencies:
- dependency-name: msgraph-sdk
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:25:01 +02:00
c83cea6963 core: bump astral-sh/uv from 0.7.14 to 0.7.15 (#15257)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.14 to 0.7.15.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.14...0.7.15)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:24:38 +02:00
8e01cc2df8 lifecycle/aws: bump aws-cdk from 2.1019.1 to 2.1019.2 in /lifecycle/aws (#15258)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1019.1 to 2.1019.2.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1019.2/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1019.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:23:22 +02:00
279cec203d core: bump django-guardian from 3.0.0 to 3.0.3 (#15254)
Bumps [django-guardian](https://github.com/django-guardian/django-guardian) from 3.0.0 to 3.0.3.
- [Release notes](https://github.com/django-guardian/django-guardian/releases)
- [Commits](https://github.com/django-guardian/django-guardian/compare/3.0.0...3.0.3)

---
updated-dependencies:
- dependency-name: django-guardian
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:21:58 +02:00
41c5030c1e web: bump @sentry/browser from 9.31.0 to 9.32.0 in /web in the sentry group across 1 directory (#15260)
web: bump @sentry/browser in /web in the sentry group across 1 directory

Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 9.31.0 to 9.32.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/9.31.0...9.32.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 9.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:16:27 +02:00
3206fdb7ef website: bump the build group in /website with 6 updates (#15261)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.12.6` | `1.12.7` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.6` | `1.12.7` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.6` | `1.12.7` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.12.6` | `1.12.7` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.6` | `1.12.7` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.6` | `1.12.7` |


Updates `@swc/core-darwin-arm64` from 1.12.6 to 1.12.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.6...v1.12.7)

Updates `@swc/core-linux-arm64-gnu` from 1.12.6 to 1.12.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.6...v1.12.7)

Updates `@swc/core-linux-x64-gnu` from 1.12.6 to 1.12.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.6...v1.12.7)

Updates `@swc/html-darwin-arm64` from 1.12.6 to 1.12.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.6...v1.12.7)

Updates `@swc/html-linux-arm64-gnu` from 1.12.6 to 1.12.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.6...v1.12.7)

Updates `@swc/html-linux-x64-gnu` from 1.12.6 to 1.12.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.6...v1.12.7)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.12.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.12.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.12.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.12.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.12.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.12.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:16:18 +02:00
d7c0868eef website: bump @types/lodash from 4.17.18 to 4.17.19 in /website (#15262)
Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.17.18 to 4.17.19.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash)

---
updated-dependencies:
- dependency-name: "@types/lodash"
  dependency-version: 4.17.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:16:01 +02:00
7d96a89697 website: bump prettier-plugin-packagejson from 2.5.15 to 2.5.16 in /website (#15264)
website: bump prettier-plugin-packagejson in /website

Bumps [prettier-plugin-packagejson](https://github.com/matzkoh/prettier-plugin-packagejson) from 2.5.15 to 2.5.16.
- [Release notes](https://github.com/matzkoh/prettier-plugin-packagejson/releases)
- [Commits](https://github.com/matzkoh/prettier-plugin-packagejson/compare/v2.5.15...v2.5.16)

---
updated-dependencies:
- dependency-name: prettier-plugin-packagejson
  dependency-version: 2.5.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-26 14:15:45 +02:00
dfb0007777 translate: Updates for file web/xliff/en.xlf in it (#15266)
Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-26 13:09:49 +02:00
816d9668eb website: add reference to "writing documentation" to readme (#15245)
* website: add reference to "writing documentation" to readme

As per: https://www.notion.so/authentiksecurity/Check-ins-17caee05b24e80a0aec6c7d508406435?source=copy_link#21daee05b24e8041adbadd3082ec7c8f

* Update website/README.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* lint readme

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-25 14:45:01 -05:00
371d35ec06 website: minimalistic readme (#14240)
* website: propose minimalistic readme

Introduce a minimalistic README for the website, link official website, and direct users to contribution guidelines, and finally also removes build commands from README (as source of truth is website)

Signed-off-by: Dominic R <dominic@sdko.org>

* Update README.md

Signed-off-by: Dominic R <dominic@sdko.org>

* fix md link 

Signed-off-by: Dominic R <dominic@sdko.org>

* I suppose i'm used to appending /CONTRUBUTING(.md or not) to contrib docs

Signed-off-by: Dominic R <dominic@sdko.org>

* add utm source as used on the main readme

Signed-off-by: Dominic R <dominic@sdko.org>

* Apply suggestions from code review

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/README.md

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-06-25 18:00:14 +00:00
664d3593ca core: bump oauthlib from 3.2.2 to v3.3.1 (#15242) 2025-06-25 17:09:50 +00:00
7acd27eea8 core: bump boto3 from 1.38.29 to v1.38.43 (#15239) 2025-06-25 16:48:52 +00:00
83550dc50d core: bump multidict from 6.4.4 to v6.5.1 (#15241) 2025-06-25 16:48:37 +00:00
c272dd70fd core: bump click-plugins from 1.1.1 to v1.1.1.2 (#15240) 2025-06-25 16:48:24 +00:00
ae1d82dc69 core: bump python-dotenv from 1.1.0 to v1.1.1 (#15244) 2025-06-25 16:48:17 +00:00
dd42eeab62 core: bump pygments from 2.19.1 to v2.19.2 (#15243) 2025-06-25 16:48:01 +00:00
680db9bae6 events: use pending_user as user when possible (#15238)
* unrelated: dont show nested for user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix error when no extents in. map

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* events: use pending_user when possible

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix for identification stage "fake" user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better username rendering

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-25 18:22:51 +02:00
31b72751bc blueprints: add JSON tag to parse JSON from string (#15235) 2025-06-25 18:19:28 +02:00
8210067479 website/integrations: add ssh active user filter to sssd integration doc (#15203)
* Update sssd integration doc

* Improve language

* Update website/integrations/services/sssd/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/sssd/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/sssd/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/sssd/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/sssd/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Minor changes

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-06-25 17:01:23 +01:00
423911d974 web: bump API Client version (#15237)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-25 13:24:56 +00:00
d4ca070d76 core: better API validation for JSON fields (#15236)
* core: better API validation for JSON fields

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-25 15:05:32 +02:00
db1e8b291f website: bump @types/node from 24.0.3 to 24.0.4 in /website (#15230)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.3 to 24.0.4.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-25 13:47:04 +02:00
44ff6fce23 core: bump github.com/redis/go-redis/v9 from 9.10.0 to 9.11.0 (#15231)
Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.10.0 to 9.11.0.
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/go-redis/compare/v9.10.0...v9.11.0)

---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-25 13:47:01 +02:00
085c22a41a core: bump goauthentik.io/api/v3 from 3.2025062.4 to 3.2025062.5 (#15232)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025062.4 to 3.2025062.5.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025062.4...v3.2025062.5)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025062.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-25 13:46:58 +02:00
fb2887fa4b core: bump sentry-sdk from 2.30.0 to 2.31.0 (#15233)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.30.0 to 2.31.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.30.0...2.31.0)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-version: 2.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-25 13:46:56 +02:00
ed41eb66de core, web: update translations (#15229)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-25 13:04:31 +02:00
ee8122baa7 website/docs: fix documentation for external group write commands in hashicorp-vault integrations (#15234)
Fix external group write

Signed-off-by: Balázs Hasprai <balazs.hasprai@hbalazs.com>
2025-06-25 10:01:17 +00:00
f0d70eef6f website/docs: enterprise: fix link for customer portal (#15225)
* website/docs: enterprise: fix link for customer portal

* fix more

Signed-off-by: Dominic R <dominic@sdko.org>

* fix more

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/enterprise/manage-enterprise.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-24 18:14:19 -05:00
ff966d763b providers/oauth2: add conformance tools (#15228)
add conformance tools

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-25 00:43:15 +02:00
e00b68cafe web: bump API Client version (#15227)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-24 22:13:34 +00:00
bf4e8dbedc core: include more authenticator details when possible (#15224)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-24 23:52:06 +02:00
d09b7757b6 root: fix some cases of invalid data triggering exceptions (#14799)
* sentry: separate checker if exception should be ignored

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use should_ignore_exception in flow executor (fix ParseError)

fix system exceptions for unsupported media type, json decode error

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve API validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-24 22:42:59 +02:00
ca2f0439f6 website/docs: add links to Customer Portal (#15223)
* add direct link to Portal, remove screenshot

* fix link

* Update website/docs/enterprise/get-started.md

Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
2025-06-24 15:34:37 -05:00
27b7b0b0e7 web/elements/empty-state: Fix issues with EmptyState and Loading Overlay (#15152)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/element: empty-state should not have a default label when used as a loading indicator

* .

* web/bug/empty-state: Fix issues with EmptyState and Loading Overlay

- Add a method, `hasSlotted()`, to the Base component.
- Revise `EmptyState` to use `hasSlotted()`.
- Revise `LoadingOverlay` to use `hasSlotted()`.
- Provide (hopefully complete) Storybook stories for both
- Revise use of these components throughout the codebase.

The essential problem here was mine: I misunderstood what the Patternfly `SlotController` does (and,
yikes, how it does it). Slots aren't magical; they're just named containers, in which lightDOM
elements that appear between the opening and closing tags of a web component can be strategically
placed, shown or hidden, and to some extent styled, within the rendered and visible results of the
shadowDOM component that will fill the browser's RECT allocated to that component.

SlotController tries to associate the template with slots by creating the shadowDOM *first*, then
working backwards to see if there are lightDOM components to put into those slots.  That's not what
we want; we want to see if there are lightDOM components that meet our slot requirements and, if
there are, create corresponding slots for them.

That's what `hasSlotted()` does: it returns true or false to the question, "Is there currently in
the lightDOM for this component an entry requesting a known slot name?"  Components are free to do
what they want with that knowledge.

`<ak-empty-state>` now has several modes, all well-documented in the Storybook story.  But in short,
the Title is now a default slot; any HTML Element not sent to one of the named slots are put into
the Title.  The two named slots are `body` and `primary`.  The header is bold and large; body is
just text, and primary is boxed to indicate that one or more buttons should be placed there, to
allow interaction.

The extra modes are controlled by boolean attributes:

- `loading`: Shows the loading spinner, overriding the `icon` attribute
- `default`: Shows the loading spinner *and* the word "Loading" (i18n-aware).

The priority for all of these is:

- Has something in the default (header) slot: That text will be shown. Overrides both
- `default` overrides `loading`
- `loading`

q`<ak-loading-overlay>` is a specialized variant of `<ak-empty-state>` over what will become
`<ak-backdrop>`, but for now is just internal.  It allows only for the heading and primary slots,
forwarding them `<ak-empty-state>`.  Since this is literally the *Loading*Overlay, showing the
`loading` spinner is the default; to prevent it, pass `no-spinner` as an attribute.

* Grammatical error.

* Prettier had opinions that shouldn't have been aired in public.

* Prettier had opinions that shouldn't have been aired in public.

* Collapsing unnecessary boolean nest.

* fix typo

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* always render icon

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* missing default in flow exec

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix loading interface

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename default attr

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix jsdoc

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-24 21:33:07 +02:00
88073305eb *: remove redundant user_logged_out signals (#15221) 2025-06-24 18:29:05 +02:00
37657e47a3 web: bump the eslint group across 2 directories with 3 updates (#15215)
Bumps the eslint group with 1 update in the /packages/eslint-config directory: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).
Bumps the eslint group with 1 update in the /web directory: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `typescript-eslint` from 8.34.1 to 8.35.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.0/packages/typescript-eslint)

Updates `@typescript-eslint/eslint-plugin` from 8.34.1 to 8.35.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.34.1 to 8.35.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.0/packages/parser)

Updates `typescript-eslint` from 8.34.1 to 8.35.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.0/packages/typescript-eslint)

Updates `@typescript-eslint/eslint-plugin` from 8.34.1 to 8.35.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.34.1 to 8.35.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.0/packages/parser)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.35.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.35.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-24 16:51:10 +02:00
0d649a70c9 core: bump github.com/getsentry/sentry-go from 0.33.0 to 0.34.0 (#15213)
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.33.0 to 0.34.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.33.0...v0.34.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-24 16:51:00 +02:00
7ec3055018 web: bump @sentry/browser from 9.30.0 to 9.31.0 in /web in the sentry group across 1 directory (#15214)
web: bump @sentry/browser in /web in the sentry group across 1 directory

Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 9.30.0 to 9.31.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/9.30.0...9.31.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 9.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-24 16:50:48 +02:00
50ffce87c4 website: bump the eslint group in /website with 3 updates (#15216)
Bumps the eslint group in /website with 3 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@typescript-eslint/eslint-plugin` from 8.34.1 to 8.35.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.34.1 to 8.35.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.0/packages/parser)

Updates `typescript-eslint` from 8.34.1 to 8.35.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-24 16:50:33 +02:00
a4393ac9f0 core: bump astral-sh/uv from 0.7.13 to 0.7.14 (#15217)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.13 to 0.7.14.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.13...0.7.14)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-24 16:50:14 +02:00
e235c854a5 website: bump the build group in /website with 6 updates (#15218)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.12.5` | `1.12.6` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.5` | `1.12.6` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.5` | `1.12.6` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.12.5` | `1.12.6` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.5` | `1.12.6` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.5` | `1.12.6` |


Updates `@swc/core-darwin-arm64` from 1.12.5 to 1.12.6
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.5...v1.12.6)

Updates `@swc/core-linux-arm64-gnu` from 1.12.5 to 1.12.6
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.5...v1.12.6)

Updates `@swc/core-linux-x64-gnu` from 1.12.5 to 1.12.6
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.5...v1.12.6)

Updates `@swc/html-darwin-arm64` from 1.12.5 to 1.12.6
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.5...v1.12.6)

Updates `@swc/html-linux-arm64-gnu` from 1.12.5 to 1.12.6
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.5...v1.12.6)

Updates `@swc/html-linux-x64-gnu` from 1.12.5 to 1.12.6
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.5...v1.12.6)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.12.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.12.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.12.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.12.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.12.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.12.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-24 16:50:04 +02:00
910b69f89d translate: Updates for file web/xliff/en.xlf in it (#15219)
Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-24 16:49:41 +02:00
f89cc98014 sources/scim: add group patch support (#15212)
* set auth_via

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow requests with json content type

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix group schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start improving error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add scim group patch for members

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated #1: fix debug check on startup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated fix #2: fix path for user page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add group view tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more user tests too

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-24 16:48:48 +02:00
91a675a5a1 web/admin: point create application to wizard (#15211)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-24 01:36:20 +02:00
71be3acd1a web/elements: typing error when variables are not converted to string (#15169)
fix: typing error when variables are not converted to string

Co-authored-by: leandro.saraiva <leandro.saraiva@adonite.com>
2025-06-23 23:40:36 +02:00
0b6ab171ce website: bump prettier from 3.5.3 to 3.6.0 in /website (#15199)
* website: bump prettier from 3.5.3 to 3.6.0 in /website

Bumps [prettier](https://github.com/prettier/prettier) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.5.3...3.6.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-23 21:29:14 +02:00
0c73572b0c ci: update daily tested versions (#15196)
* ci: update daily tested versions

Signed-off-by: Dominic R <dominic@sdko.org>

* Update ci-main-daily.yml

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Jens L. <jens@beryju.org>
2025-06-23 21:16:47 +02:00
03d0899a76 website/docs: sys mgmt: clean up certificates and add steps to download saml certs (#14497)
* website/docs: sys mgmt: clean up certificates and add steps to download
saml certs

* fix broken link

* Apply suggestions from code review

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Dewi review comments

* Update website/docs/sys-mgmt/certificates.md

Signed-off-by: Dominic R <dominic@sdko.org>

* Apply suggestions from code review

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/certificates.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/sys-mgmt/certificates.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/sys-mgmt/certificates.md

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/certificates.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/certificates.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/certificates.md

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/certificates.md

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/certificates.md

Signed-off-by: Dominic R <dominic@sdko.org>

* lint fix following header rm

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-23 18:56:50 +00:00
91f79c97d8 ci: fix CodeQL failing on cherry-pick PRs (#15205) 2025-06-23 16:55:08 +02:00
19324c61a3 root: add system check for database encoding (#15186)
* root: add system check for database encoding

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* oops

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-23 15:17:48 +02:00
d297733614 enterprise/stages/source: update outer flow with context from inner flow (#15177)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-23 15:13:27 +02:00
f201f41a1b website: bump the build group in /website with 6 updates (#15200)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.12.4` | `1.12.5` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.4` | `1.12.5` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.4` | `1.12.5` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.12.4` | `1.12.5` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.4` | `1.12.5` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.4` | `1.12.5` |


Updates `@swc/core-darwin-arm64` from 1.12.4 to 1.12.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.4...v1.12.5)

Updates `@swc/core-linux-arm64-gnu` from 1.12.4 to 1.12.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.4...v1.12.5)

Updates `@swc/core-linux-x64-gnu` from 1.12.4 to 1.12.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.4...v1.12.5)

Updates `@swc/html-darwin-arm64` from 1.12.4 to 1.12.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.4...v1.12.5)

Updates `@swc/html-linux-arm64-gnu` from 1.12.4 to 1.12.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.4...v1.12.5)

Updates `@swc/html-linux-x64-gnu` from 1.12.4 to 1.12.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.4...v1.12.5)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.12.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-23 13:54:27 +02:00
f58f679171 web: bump the eslint group across 2 directories with 1 update (#15198)
Bumps the eslint group with 1 update in the /packages/eslint-config directory: [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import).
Bumps the eslint group with 1 update in the /web directory: [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import).


Updates `eslint-plugin-import` from 2.31.0 to 2.32.0
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.31.0...v2.32.0)

Updates `eslint-plugin-import` from 2.31.0 to 2.32.0
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.31.0...v2.32.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
  dependency-version: 2.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint-plugin-import
  dependency-version: 2.32.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-23 13:54:16 +02:00
1bea5e38a1 core: bump goauthentik.io/api/v3 from 3.2025062.3 to 3.2025062.4 (#15197)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025062.3 to 3.2025062.4.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025062.3...v3.2025062.4)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025062.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-23 13:54:08 +02:00
4d1c63e7fa core: bump axllent/mailpit from v1.26.1 to v1.26.2 in /tests/e2e (#15201)
Bumps axllent/mailpit from v1.26.1 to v1.26.2.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.26.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-23 13:52:03 +02:00
e341032bf9 website/integrations: bitwarden: fix certificate download section (#15184)
* website/integrations: bitwarden: fix certificate download section

Fix whatever happened here

Signed-off-by: Dominic R <dominic@sdko.org>

* keep it as it was before I copy-pasted from stripe

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-06-23 10:28:38 +01:00
e3ff242956 core, web: update translations (#15194)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-23 02:45:30 +02:00
c6756bf809 web: bump API Client version (#15193)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-23 02:45:03 +02:00
cf9b7eaa64 web/user: fix infinite loop when no user settings flow is set (#15188)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-23 01:49:43 +02:00
53d8f9bd8c stages/authenticator_webauthn: add option to configure max attempts (#15041)
* house keeping - migrate to session part 1

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup v2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add max_attempts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* teeny tiny cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-23 01:49:07 +02:00
f76becfd86 stages/user_login: fix session binding logging (#15175)
* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix logging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update test db?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ah there we go; fix mmdb not being reloaded with test settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-21 00:21:49 +02:00
080e2311fe website: bump the build group in /website with 6 updates (#15166)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.12.1` | `1.12.4` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.1` | `1.12.4` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.1` | `1.12.4` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.12.1` | `1.12.4` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.1` | `1.12.4` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.1` | `1.12.4` |


Updates `@swc/core-darwin-arm64` from 1.12.1 to 1.12.4
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.1...v1.12.4)

Updates `@swc/core-linux-arm64-gnu` from 1.12.1 to 1.12.4
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.1...v1.12.4)

Updates `@swc/core-linux-x64-gnu` from 1.12.1 to 1.12.4
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.1...v1.12.4)

Updates `@swc/html-darwin-arm64` from 1.12.1 to 1.12.4
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.1...v1.12.4)

Updates `@swc/html-linux-arm64-gnu` from 1.12.1 to 1.12.4
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.1...v1.12.4)

Updates `@swc/html-linux-x64-gnu` from 1.12.1 to 1.12.4
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.1...v1.12.4)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-20 22:14:03 +02:00
eacc0eb546 website/docs: fix egregious maintenance fail (#15176)
fix egregious maintenance fail

Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-06-20 14:04:45 +00:00
c77a54dc2a revert: web/flow: cleanup WebAuthn helper functions (#14460)" (#15172)
Revert "web/flow: cleanup WebAuthn helper functions (#14460)"

This reverts commit e86c40a00c.

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	web/package-lock.json
2025-06-20 15:01:51 +02:00
84781df51b root: update bumpversion changed list (#15170) 2025-06-20 14:50:42 +02:00
a640866534 lifecycle/aws: bump aws-cdk from 2.1018.1 to 2.1019.1 in /lifecycle/aws (#15162)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-20 14:30:46 +02:00
e070241407 core: bump google-api-python-client from 2.172.0 to 2.173.0 (#15167)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-20 14:30:38 +02:00
85985c3673 sources/ldap: fix sync on empty groups (#15158) 2025-06-20 13:34:12 +02:00
3abe6cd02c website/integrations: update actual budget docs link (#15156)
* Update index.mdx

Update URL to Actual Docs

Signed-off-by: theshoehorn <blair@blairschumann.com>

* Update website/integrations/services/actual-budget/index.mdx

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: theshoehorn <blair@blairschumann.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-06-20 08:51:31 +00:00
90c5b5c475 website: Docusaurus 3.8 shared fixes part 2 (#15155)
* website: Fix issue where files are ignored during build.

* Update packages/docusaurus-config/lib/routing.js

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* website: Update paths.

---------

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-06-19 17:37:35 -04:00
adfbd1e0f2 events: fix map again and fix flaky tests (#15154)
* web/admin: fix OL Map loading external CSS

why are web developers like this dd8ccf12a1/elements/openlayers-core/ol-map.ts (L238)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix map chart display without map

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make test less flaky

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-19 23:10:17 +02:00
caa5617ce6 website: Touch up shared config. (#15153)
* website: Touch up shared config.

* website: Update deps. Fix issues surrounding cross-package formatting.
2025-06-19 14:11:55 -04:00
d043dacece root: extract custom setup code (#15150) 2025-06-19 15:56:35 +02:00
6a367d4ddf web: bump @spotlightjs/spotlight from 3.0.0 to 3.0.1 in /web in the sentry group across 1 directory (#15144)
web: bump @spotlightjs/spotlight

Bumps the sentry group with 1 update in the /web directory: @spotlightjs/spotlight.


Updates `@spotlightjs/spotlight` from 3.0.0 to 3.0.1

---
updated-dependencies:
- dependency-name: "@spotlightjs/spotlight"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-19 13:13:40 +02:00
e802c536a5 core, web: update translations (#15139)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-19 13:02:37 +02:00
39db9d9e6a core: bump msgraph-sdk from 1.33.0 to 1.34.0 (#15146)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-19 12:59:19 +02:00
f9ea4fc8e7 core: bump django-prometheus from 2.3.1 to 2.4.0 (#15147)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-19 12:59:02 +02:00
2320efc256 core: bump python-kadmin-rs from 0.6.0 to 0.6.1 (#15145)
Bumps [python-kadmin-rs](https://github.com/authentik-community/kadmin-rs) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/authentik-community/kadmin-rs/releases)
- [Commits](https://github.com/authentik-community/kadmin-rs/compare/kadmin/version/0.6.0...kadmin/version/0.6.1)

---
updated-dependencies:
- dependency-name: python-kadmin-rs
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-19 12:56:36 +02:00
7b81cbbb43 core: bump goauthentik.io/api/v3 from 3.2025062.1 to 3.2025062.3 (#15148)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025062.1 to 3.2025062.3.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025062.1...v3.2025062.3)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025062.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-19 12:55:42 +02:00
2d480bffb4 events: disable all JSON autocomplete (#15138)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-19 02:36:55 +02:00
e6e0e49535 events: disable computation of autocomplete structure for event context (#15137)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-19 01:21:51 +02:00
31b90d5e1d web/admin: hide webhook URL by default (#15136)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-19 01:21:39 +02:00
e39f186e26 core: bump google-auth from 2.40.2 to v2.40.3 (#15122) 2025-06-19 00:23:19 +02:00
cdb1351cfb core: bump requests from 2.32.3 to v2.32.4 (#15129) 2025-06-18 23:36:53 +02:00
7b2c08073f core: bump zipp from 3.22.0 to v3.23.0 (#15134) 2025-06-18 23:16:08 +02:00
9ad4dfb522 core: bump yarl from 1.20.0 to v1.20.1 (#15133) 2025-06-18 23:15:13 +02:00
6b05195add core: bump watchfiles from 1.0.5 to v1.1.0 (#15132) 2025-06-18 23:14:49 +02:00
2ae095bfeb core: bump urllib3 from 2.4.0 to v2.5.0 (#15131) 2025-06-18 23:14:41 +02:00
cc68d8dd92 core: bump twisted from 24.11.0 to v25.5.0 (#15130) 2025-06-18 23:14:31 +02:00
89a158f66c core: bump propcache from 0.3.1 to v0.3.2 (#15128) 2025-06-18 23:14:23 +02:00
c56ee219a9 core: bump opentelemetry-api from 1.34.0 to v1.34.1 (#15127) 2025-06-18 23:14:15 +02:00
d596c08954 core: bump oauthlib from 3.2.2 to v3.3.0 (#15126) 2025-06-18 23:14:07 +02:00
070cdba521 core: bump multidict from 6.4.4 to v6.5.0 (#15125) 2025-06-18 23:13:58 +02:00
148d83c519 core: bump msgpack from 1.1.0 to v1.1.1 (#15124) 2025-06-18 23:13:50 +02:00
77146d2bac core: bump google-api-core from 2.25.0 to v2.25.1 (#15121) 2025-06-18 23:13:36 +02:00
03d5cde5fa core: bump kombu from 5.5.3 to v5.5.4 (#15123) 2025-06-18 23:13:13 +02:00
4af922165e core: bump frozenlist from 1.6.2 to v1.7.0 (#15120) 2025-06-18 23:13:00 +02:00
c3e57a7566 core: bump certifi from 2025.4.26 to v2025.6.15 (#15119) 2025-06-18 23:12:51 +02:00
423354fb09 core: bump boto3 from 1.38.29 to v1.38.38 (#15118) 2025-06-18 23:12:45 +02:00
f3fb064908 core: bump aiohttp from 3.12.8 to v3.12.13 (#15117) 2025-06-18 23:12:37 +02:00
492ef54d55 core: bump django-cte from 1.3.3 to 2.0.0 (#15088)
* core: bump django-cte from 1.3.3 to 2.0.0

Bumps [django-cte](https://github.com/dimagi/django-cte) from 1.3.3 to 2.0.0.
- [Changelog](https://github.com/dimagi/django-cte/blob/main/CHANGELOG.md)
- [Commits](https://github.com/dimagi/django-cte/compare/v1.3.3...v2.0.0)

---
updated-dependencies:
- dependency-name: django-cte
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-18 17:46:29 +02:00
8eaed2b2f4 website: add netlify cache plugin (#15113)
* website: add cache plugin

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ok fine

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* absolute path?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix, include npm cache for docusaurus 3.8 and rspack

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-18 15:07:15 +02:00
092b6f7faf website: split integrations partially (#15076)
* config for split

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update alllll the links

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add redirect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add separate job for integrations build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/netlify.toml

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Jens L. <jens@beryju.org>

* Revert "update alllll the links"

This reverts commit 872c5870a8.

* absolute relative URLs only

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* but use a plugin to rewrite them

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix external URL regex

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make rewrite plugin more re-usable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix the reverse links

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix root redirect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix rediret

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix root redirect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix redirect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-06-18 14:51:26 +02:00
d145f91be7 web: bump API Client version (#15112)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-18 13:50:12 +02:00
36c9929e1f events: add option to send notifications to event user (#15083)
* events: add option to send notifications to event user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-18 13:39:56 +02:00
3fa6ce2e34 enterprise/web/admin: OSM for events (#9287)
* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* initial OSM for events

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove card title

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* split with volume

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add pin

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* basic map selection

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update pin

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rewrite map points to be more imperative

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* zoom to fit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Ken Sternberg <ken@goauthentik.io>
2025-06-18 13:36:40 +02:00
073c02cbb9 core: bump tornado from 6.4.2 to v6.5.1 (#15100) 2025-06-18 13:16:44 +02:00
bc8971f19d core: bump django-redis from 5.4.0 to 6.0.0 (#15107)
Bumps [django-redis](https://github.com/jazzband/django-redis) from 5.4.0 to 6.0.0.
- [Release notes](https://github.com/jazzband/django-redis/releases)
- [Changelog](https://github.com/jazzband/django-redis/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jazzband/django-redis/compare/5.4.0...6.0.0)

---
updated-dependencies:
- dependency-name: django-redis
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-18 10:49:10 +00:00
104c116678 web: bump API Client version (#15110)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-18 12:24:49 +02:00
f025d0d1d5 enterprise/search: ability to use more precise search queries (#7698)
* api: use DjangoQL for searches

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* expand search input and use textarea for multiline

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start implementing autocomplete

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only use ql for events

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make QL search opt in

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make pretend json relation work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make autocomplete l1 work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use forked js lib with types, separate QL

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* first attempt at making it fit our UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make dark theme somewhat work, fix search

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make more parts work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make auto complete box be under cursor

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: ripplefcl <github@ripple.contact>

* remove django autocomplete for now

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add event filtering

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix search when no ql is enabled

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make meta+enter submit, fix colour

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make dark theme

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* formatting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enterprise

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update authentik/enterprise/search/apps.py

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens L. <jens@beryju.org>

* add json element autocomplete

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: ripplefcl <github@ripple.contact>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix query

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix search reset

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix dark theme

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: ripplefcl <github@ripple.contact>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-06-18 12:23:00 +02:00
52115f9345 core, web: update translations (#15102)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-18 11:15:00 +02:00
b476551f13 web: bump @sentry/browser from 9.29.0 to 9.30.0 in /web in the sentry group across 1 directory (#15104)
web: bump @sentry/browser in /web in the sentry group across 1 directory

Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 9.29.0 to 9.30.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/9.29.0...9.30.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 9.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-18 11:14:24 +02:00
f9563c25cd core: bump github.com/jellydator/ttlcache/v3 from 3.3.0 to 3.4.0 (#15105)
Bumps [github.com/jellydator/ttlcache/v3](https://github.com/jellydator/ttlcache) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/jellydator/ttlcache/releases)
- [Commits](https://github.com/jellydator/ttlcache/compare/v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: github.com/jellydator/ttlcache/v3
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-18 11:14:15 +02:00
0067e6e155 website: bump @types/lodash from 4.17.17 to 4.17.18 in /website (#15106)
Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.17.17 to 4.17.18.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash)

---
updated-dependencies:
- dependency-name: "@types/lodash"
  dependency-version: 4.17.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-18 11:14:08 +02:00
ce183929d4 website/integrations: zipline: add offline_access scope (#15099)
Closes https://github.com/goauthentik/authentik/issues/15098

Signed-off-by: Dominic R <dominic@sdko.org>
2025-06-17 16:15:07 -05:00
2fdf345271 website/docs: Add steps to troubleshoot /initial-setup/ (#15011)
* Add steps to troubleshoot /initial-setup/

* fix linting

* Apply suggestions from code review

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* Apply suggestions from code review

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* add email part

* Apply suggestions from code review

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* change wording

---------

Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-17 08:40:14 -05:00
bbcf8418b4 core, web: update translations (#15084)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-17 13:50:05 +02:00
dc57be46f4 website: bump the eslint group in /website with 3 updates (#15085)
Bumps the eslint group in /website with 3 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@typescript-eslint/eslint-plugin` from 8.34.0 to 8.34.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.34.0 to 8.34.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.1/packages/parser)

Updates `typescript-eslint` from 8.34.0 to 8.34.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.34.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.34.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.34.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 13:31:27 +02:00
d68b3ba516 website: bump @types/node from 24.0.1 to 24.0.3 in /website (#15086)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.1 to 24.0.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 13:31:20 +02:00
a9c46cfcbd website: bump postcss from 8.5.5 to 8.5.6 in /website (#15087)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.5 to 8.5.6.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.5...8.5.6)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 13:31:12 +02:00
c50353ebf6 core: bump webauthn from 2.5.2 to 2.6.0 (#15089)
Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 2.5.2 to 2.6.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Changelog](https://github.com/duo-labs/py_webauthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v2.5.2...v2.6.0)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-version: 2.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 13:30:57 +02:00
db6be9e1b6 core: bump goauthentik.io/api/v3 from 3.2025061.2 to 3.2025062.1 (#15090)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025061.2 to 3.2025062.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025061.2...v3.2025062.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025062.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 13:30:50 +02:00
a74892886d web: bump the eslint group across 2 directories with 3 updates (#15091)
Bumps the eslint group with 1 update in the /packages/eslint-config directory: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).
Bumps the eslint group with 1 update in the /web directory: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `typescript-eslint` from 8.34.0 to 8.34.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.1/packages/typescript-eslint)

Updates `@typescript-eslint/eslint-plugin` from 8.34.0 to 8.34.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.34.0 to 8.34.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.1/packages/parser)

Updates `typescript-eslint` from 8.34.0 to 8.34.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.1/packages/typescript-eslint)

Updates `@typescript-eslint/eslint-plugin` from 8.34.0 to 8.34.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.34.0 to 8.34.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.1/packages/parser)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.34.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.34.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.34.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.34.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.34.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.34.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-17 13:30:42 +02:00
74cd4c2236 translate: Updates for file web/xliff/en.xlf in zh_CN (#15074)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-17 13:28:56 +02:00
ef3bd7e77b translate: Updates for file web/xliff/en.xlf in zh-Hans (#15075)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-17 13:28:42 +02:00
3f5ad2baa4 ci: fix post-release e2e builds failing (#15082)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-17 09:10:26 +02:00
24805f087b web: bump API Client version (#15079)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-17 01:51:07 +02:00
9464b422a3 web/common: fix uiConfig not merged correctly (#15080)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-17 01:36:39 +02:00
da6d4ede51 root: backport version bump 2025.6.2 (#15078)
release: 2025.6.2
2025-06-17 00:21:39 +02:00
cecad5bfd3 website/integrations: add note to nextcloud OIDC config (#15073)
Add note to OIDC config
2025-06-16 16:47:16 +00:00
bc4b07d57b web/admin: remove all special cases of slug handling, replace with a "smart slug" component (#14983)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/components: Remove all special cases of slug handling, replace with a "smart slug" component

This commit removes all special handling for the `slug` attribute in our text. A variant of the text
input control that can handle formatting-as-slugs has replaced all the slugificiation code; simply
drop it onto a page and tell it the (must be unique) selector from which to get the data to be
slugified. It only looks up one tier of the DOM so be careful that both the text input and its slug
accessory occupy the same DOM context.

## Details

### The Component

Now that we know a (lot) more about Lit, this component has been slightly updated to meet our
current standards.

- web/src/components/ak-slug-input.ts

Changes made:

- The "listen for the source object" has been moved to the `firstUpdated`, so that it no longer has
  to wait for the end of a render.
 - The `dirtyFlag` handler now uses the `@input` syntax.
- Updated the slug formatter to permit trailing dashes.
- Uses the `@bound` decorator, eliminating the need to do binding in the constructor (and so
  eliminating the constructor completely).

### Component uses:

The following components were revised to use `ak-slug-input` instead of a plain text input with the
slug-handling added by our forms manager.

- applications/ApplicationForm.ts
- flows/FlowForm.ts
- sources/kerberos/KerberosSourceForm.ts
- sources/ldap/LDAPSourceForm.ts
- sources/oauth/OAuthSourceForm.ts
- sources/plex/PlexSourceForm.ts
- sources/saml/SAMLSourceForm.ts
- sources/scim/SCIMSourceForm.ts

### Remove the redundant special slug handling code

- web/src/elements/forms/Form.ts
- web/src/elements/forms/HorizontalFormElement.ts

### A special case among special cases

- web/src/admin/stages/invitation/InvitationForm.ts

This form is our one case where we have a slug input field with no corresponding text source. Adding
a simple event handler to validate the value whenever it changed and write back a "clean" slug was
the most straightforward solution. I added a help line; it seemed "surprising" to ask someone for a
name and not follow the same rules as "names" everywhere else in our UI without explanation.

* After writing the commit message, I realized some of the comments I made MUST be added to the component.

* The `source` attribute needed its own comment to indicate that a `query()` compatible selector is expected.

* Added public/private/protected/# indicators to all fields.  Trying to balance between getting it 'right' and leaving an opening for harmonizing style-sharing and state-sharing between (text / textarea), slug, password and (visible / hidden / secret).

* Removed the ids as requested; the default "look for this" matches the original behavior without requiring it be hard-coded and unchangable.
2025-06-16 09:04:00 -07:00
e85d2d0096 Web/cleanup/empty state better slot handling (#14289)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web: remove Lit syntax from always true attributes

## What

Replaces instances of `?loading=${true}` and `?loading="${true}"` with `loading`

## Why

The Lit syntax is completely unnecessary when the attribute's state is constant, and it's a few
(just a few) extra CPU cycles for Lit to process that.

More to the point, it annoys me.

## How

```
$ perl -pi.bak -e 's/\?loading=\$\{true\}/loading/' $(rg -l '\?loading=\$\{true\}')
$ find . -name '*.bak' -exec rm {} \;
$ perl -pi.bak -e 's/\?loading="\$\{true\}"/loading/' $(rg -l '\?loading="\$\{true\}"')
$ find . -name '*.bak' -exec rm {} \;
```

* Prettier had opinions

* web: move optional textual information out of attributes and into slots

## What

Replaces instances of:

```
<ak-empty-state header=${msg(...)}></ak-empty-state>
```

with

```
<ak-empty-state><span slot="header">${msg(...)}</span></ak-empty-state>
```

## Why

1. It's correct.
2. It lets us elide the decorations for any slots we aren't using.
3. It's preparation for moving to Patternfly 5
4. It annoyed me.

## How

Since we already have Patternfly Elements installed, we have access to the PFE-Core, which has the
unbelievable useful `SlotsController`.  Using it, I created a conditional render template that will
only put in the header, body, and primary slots if there is something in the lightDOM requesting
those slots.  The conditional template will still put the spinner in if the header is not provided
but the loading state is true.

I then had to edit all the places where this is used. For about 30 of them, this script sufficed:

```
perl -pi.bak -e 's/header="?(\$\{msg\([^)]+\)\})"?>/><span slot="header">\1<\/span>/' \
     $(rg -l `<ak-empty-state[^>]header')

```

The other six had to be done by hand.  I have tested a handful of the automatic ones, and all of the
ones that were edited manually.  I'm pleasantly surprised that the textual rules [are inherited by
the slots as expected](https://htmlwithsuperpowers.netlify.app/styling/inheritable.htm).
2025-06-16 08:17:11 -07:00
be1dd3103b website/docs: release notes for 2025.6.2 (#15065)
* website/docs: release notes for `2025.6.2`

* fixup! website/docs: release notes for `2025.6.2`
2025-06-16 17:01:56 +02:00
5dfde5e1d3 website/docs: remove commented out config options (#15064)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-16 16:35:23 +02:00
7cb1e6d81e website/docs: postgres troubleshooting: get PGPASSWORD from POSTGRES_PASSWORD_FILE (#15039) 2025-06-16 15:00:23 +02:00
d7c3129b1c core: bump goauthentik/fips-python from 3.13.4-slim-bookworm-fips to 3.13.5-slim-bookworm-fips (#15058)
core: bump goauthentik/fips-python

Bumps goauthentik/fips-python from 3.13.4-slim-bookworm-fips to 3.13.5-slim-bookworm-fips.

---
updated-dependencies:
- dependency-name: goauthentik/fips-python
  dependency-version: 3.13.5-slim-bookworm-fips
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 12:28:39 +02:00
2a1d33021b website: bump the eslint group in /website with 2 updates (#15059)
Bumps the eslint group in /website with 2 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) and [eslint](https://github.com/eslint/eslint).


Updates `@eslint/js` from 9.28.0 to 9.29.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.29.0/packages/js)

Updates `eslint` from 9.28.0 to 9.29.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.28.0...v9.29.0)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.29.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint
  dependency-version: 9.29.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 12:28:21 +02:00
f273e49ae6 web: bump the wdio group across 1 directory with 3 updates (#14593)
Bumps the wdio group with 3 updates in the /web directory: [@wdio/browser-runner](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-browser-runner), [@wdio/cli](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-cli) and [@wdio/spec-reporter](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-spec-reporter).


Updates `@wdio/browser-runner` from 9.4.1 to 9.14.0
- [Release notes](https://github.com/webdriverio/webdriverio/releases)
- [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webdriverio/webdriverio/commits/v9.14.0/packages/wdio-browser-runner)

Updates `@wdio/cli` from 9.4.1 to 9.14.0
- [Release notes](https://github.com/webdriverio/webdriverio/releases)
- [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webdriverio/webdriverio/commits/v9.14.0/packages/wdio-cli)

Updates `@wdio/spec-reporter` from 9.1.2 to 9.14.0
- [Release notes](https://github.com/webdriverio/webdriverio/releases)
- [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webdriverio/webdriverio/commits/v9.14.0/packages/wdio-spec-reporter)

---
updated-dependencies:
- dependency-name: "@wdio/browser-runner"
  dependency-version: 9.14.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: wdio
- dependency-name: "@wdio/cli"
  dependency-version: 9.14.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: wdio
- dependency-name: "@wdio/spec-reporter"
  dependency-version: 9.14.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: wdio
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 12:28:10 +02:00
cc31957900 web: bump @sentry/browser from 9.28.1 to 9.29.0 in /web in the sentry group across 1 directory (#15061)
web: bump @sentry/browser in /web in the sentry group across 1 directory

Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 9.28.1 to 9.29.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/9.28.1...9.29.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 9.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 12:27:30 +02:00
b1ccdecc8e web: bump the eslint group across 2 directories with 2 updates (#15062)
Bumps the eslint group with 1 update in the /packages/eslint-config directory: [eslint](https://github.com/eslint/eslint).
Bumps the eslint group with 1 update in the /web directory: [eslint](https://github.com/eslint/eslint).


Updates `eslint` from 9.28.0 to 9.29.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.28.0...v9.29.0)

Updates `@eslint/js` from 9.28.0 to 9.29.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.29.0/packages/js)

Updates `eslint` from 9.28.0 to 9.29.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.28.0...v9.29.0)

Updates `@eslint/js` from 9.28.0 to 9.29.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.29.0/packages/js)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@eslint/js"
  dependency-version: 9.29.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint
  dependency-version: 9.29.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@eslint/js"
  dependency-version: 9.29.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 12:27:17 +02:00
34031003a4 core: bump axllent/mailpit from v1.26.0 to v1.26.1 in /tests/e2e (#15060)
Bumps axllent/mailpit from v1.26.0 to v1.26.1.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.26.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 12:27:01 +02:00
055e1d1025 core: bump pydantic from 2.11.5 to 2.11.7 (#15063)
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.11.5 to 2.11.7.
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.11.5...v2.11.7)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-version: 2.11.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-16 12:26:52 +02:00
59a804273e providers/oauth2: bug fixes from conformance testing (#15056)
* check authorize request param earlier

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix basic suite?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* another actual fix; don't return access_token when using response_type id_token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only run basic+implicit for now, fix other tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	tests/openid_conformance/test_conformance.py

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-16 12:23:18 +02:00
bce70a1796 website/integrations: change nextcloud scope name to avoid confusion (#15050)
changed "profile" to "nextcloud"

Signed-off-by: Marlin <77961876+Keksmo@users.noreply.github.com>
2025-06-16 03:10:53 +02:00
e86c40a00c web/flow: cleanup WebAuthn helper functions (#14460)
* pass #1

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* pass #2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add polyfill

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-16 02:39:50 +02:00
20e07486ee web/elements: fix typo in localeComparator (#15054)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-16 01:37:38 +02:00
0cb7cf2c96 stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#15049)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-15 23:54:50 +02:00
07736a90b2 translate: Updates for file locale/en/LC_MESSAGES/django.po in es (#15047)
* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

* Translate locale/en/LC_MESSAGES/django.po in es

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'es'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-15 22:48:33 +02:00
ec28a86259 core, web: update translations (#15048)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-15 22:48:21 +02:00
260800c60b blueprints: add section support for organisation (#15045)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-15 20:49:21 +02:00
ee4780394d core, web: update translations (#15043)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-14 02:44:35 +02:00
23b746941f web/admin: adopt ak-hidden-text (#15042)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-14 02:22:14 +02:00
3c2ce40afd web/admin: Text and Textarea Fields that "hide" their contents until prompted (#15024)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/admin: Provide `hidden` text and textarea components

## Details

This commit provides two new elements (technically, since they're API-unaware), one for `<input
type="text">`, and one for `<textarea>`, that provide for the ability to create fields that are (or
can be) hidden. A new boolean attribute, `revealed`, shows the state of the component (the content
is therefore *not* revealed by default).

It also includes a third new element, `ak-visibility-toggle`, that creates a hide/show toggle with
all the right icons, styling, and eventing.  It's straightforward, and isolating it improved the
DX of everything that uses that feature by quite a bit.

Storybook stories (with autodoc documentation) have been provided for `ak-hidden-text-input`,
`ak-hidden-textarea-input`, and `ak-visibility-toggle`.

## Maintenance Notice

As a maintenance detail, the field `ak-private-text` has been renamed `ak-secret-text` to reflect
its usage, and the places where it was used have all been changed to reflect that update.

* web/component: embed styling (for now) to handle the lightDom/shadowDom/slot conflicts in HorizontalLightComponent and HorizontalFormElement

* Comments and Types. I really shouldn't have to catch this stuff with my eyeballs.

* fix typo

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-14 01:48:34 +02:00
2aceed285e providers/rac: fixes prompt data not being merged with connection_settings (#15037)
* Fixes line that pulls in prompt data

* fallback to old settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-13 18:54:20 +02:00
81e5fef667 website/docs: also hide the postgres pool_options setting (#15023) 2025-06-13 13:36:52 +00:00
7aa6593760 blueprints: sort schema items (#15022) 2025-06-13 13:34:49 +00:00
c40a17beb9 website: bump the build group in /website with 6 updates (#15027)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.12.0` | `1.12.1` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.0` | `1.12.1` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.0` | `1.12.1` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.12.0` | `1.12.1` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.12.0` | `1.12.1` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.12.0` | `1.12.1` |


Updates `@swc/core-darwin-arm64` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.0...v1.12.1)

Updates `@swc/core-linux-arm64-gnu` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.0...v1.12.1)

Updates `@swc/core-linux-x64-gnu` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.0...v1.12.1)

Updates `@swc/html-darwin-arm64` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.0...v1.12.1)

Updates `@swc/html-linux-arm64-gnu` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.0...v1.12.1)

Updates `@swc/html-linux-x64-gnu` from 1.12.0 to 1.12.1
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.12.0...v1.12.1)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-13 14:44:06 +02:00
335c9fbc10 core: bump astral-sh/uv from 0.7.12 to 0.7.13 (#15028)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.12 to 0.7.13.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.12...0.7.13)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-13 14:44:04 +02:00
51b53caf61 core: bump twilio from 9.6.2 to 9.6.3 (#15029)
Bumps [twilio](https://github.com/twilio/twilio-python) from 9.6.2 to 9.6.3.
- [Release notes](https://github.com/twilio/twilio-python/releases)
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md)
- [Commits](https://github.com/twilio/twilio-python/compare/9.6.2...9.6.3)

---
updated-dependencies:
- dependency-name: twilio
  dependency-version: 9.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-13 14:44:01 +02:00
989100a900 core: bump sentry-sdk from 2.29.1 to 2.30.0 (#15030)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.29.1 to 2.30.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.29.1...2.30.0)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-version: 2.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-13 14:43:58 +02:00
8e1531d051 core: bump kubernetes from 32.0.1 to 33.1.0 (#15031)
Bumps [kubernetes](https://github.com/kubernetes-client/python) from 32.0.1 to 33.1.0.
- [Release notes](https://github.com/kubernetes-client/python/releases)
- [Changelog](https://github.com/kubernetes-client/python/blob/v33.1.0/CHANGELOG.md)
- [Commits](https://github.com/kubernetes-client/python/compare/v32.0.1...v33.1.0)

---
updated-dependencies:
- dependency-name: kubernetes
  dependency-version: 33.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-13 14:43:22 +02:00
f6f37d6d92 core, web: update translations (#15026)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-13 02:21:16 +02:00
5b6ca70f22 web: bump the sentry group across 1 directory with 2 updates (#15025)
Bumps the sentry group with 2 updates in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript) and @spotlightjs/spotlight.


Updates `@sentry/browser` from 9.28.0 to 9.28.1
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/9.28.0...9.28.1)

Updates `@spotlightjs/spotlight` from 2.13.3 to 3.0.0

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 9.28.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: sentry
- dependency-name: "@spotlightjs/spotlight"
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-13 02:09:40 +02:00
a74674c3d6 translate: Updates for file web/xliff/en.xlf in zh_CN (#15018)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-13 02:08:55 +02:00
f46984dec4 lifecycle/aws: bump aws-cdk from 2.1018.0 to 2.1018.1 in /lifecycle/aws (#15016)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1018.0 to 2.1018.1.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1018.1/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1018.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-13 02:08:34 +02:00
c7963e4af7 website: bump postcss from 8.5.4 to 8.5.5 in /website (#15013)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.4 to 8.5.5.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.4...8.5.5)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-13 02:08:21 +02:00
6e30b11974 website: bump @types/node from 24.0.0 to 24.0.1 in /website (#15014)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.0 to 24.0.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-13 02:08:11 +02:00
13bd4069e4 core: fix transaction test case (#15021)
* move patched ct to root

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use our transaction test case as base

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix...?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* well apparently that works

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-13 01:48:26 +02:00
3b913ac5ef translate: Updates for file web/xliff/en.xlf in zh-Hans (#15019)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-12 14:03:15 +02:00
fed094b317 website/docs: correct minor version in release notes (#15012)
Signed-off-by: Zeik0s <35345686+Zeik0s@users.noreply.github.com>
2025-06-11 22:13:53 +00:00
88d83c10a4 root: test label handling and error reporting in PytestTestRunner (#14000)
* root: test label handling and error reporting in PytestTestRunner

- Added a check for empty test labels and return a clear error instead of failing silently.
- Improved handling of dotted module paths + included support for single-module names.
- Replaced a RuntimeError with a printed error message when a test label can't be resolved.
- Wrapped the pytest.main call in a try/except to catch unexpected errors and print them nicely.

* Fix handling for test file without extension and lint

* oops

* little improvments too
2025-06-11 19:14:38 +02:00
5af2378738 outposts/ldap: Handle comma-separated attributes in LDAP search requests (#15000)
Closes https://github.com/goauthentik/authentik/issues/13539

When LDAP clients like Jira submit search requests with comma-separated attributes
(e.g., ["uid,cn,sn"] instead of ["uid", "cn", "sn"]), the LDAP outpost would return
an "Operations Error". Ths fix adds attribute normalization to properly handle
both formats by splitting comma separated attributes into individual entries.

Tests pass:
```
=== RUN   TestNormalizeAttributes
=== RUN   TestNormalizeAttributes/Empty_input
=== RUN   TestNormalizeAttributes/No_commas
=== RUN   TestNormalizeAttributes/Single_comma-separated_string
=== RUN   TestNormalizeAttributes/Mixed_input
=== RUN   TestNormalizeAttributes/With_spaces
=== RUN   TestNormalizeAttributes/Empty_parts
=== RUN   TestNormalizeAttributes/Single_element
=== RUN   TestNormalizeAttributes/Only_commas
=== RUN   TestNormalizeAttributes/Multiple_comma-separated_attributes
=== RUN   TestNormalizeAttributes/Case_preservation
=== RUN   TestNormalizeAttributes/Leading_and_trailing_spaces
=== RUN   TestNormalizeAttributes/Real-world_LDAP_attribute_examples
=== RUN   TestNormalizeAttributes/Jira-style_attribute_format
=== RUN   TestNormalizeAttributes/Single_string_with_single_attribute
=== RUN   TestNormalizeAttributes/Mix_of_standard_and_operational_attributes
--- PASS: TestNormalizeAttributes (0.00s)
    --- PASS: TestNormalizeAttributes/Empty_input (0.00s)
    --- PASS: TestNormalizeAttributes/No_commas (0.00s)
    --- PASS: TestNormalizeAttributes/Single_comma-separated_string (0.00s)
    --- PASS: TestNormalizeAttributes/Mixed_input (0.00s)
    --- PASS: TestNormalizeAttributes/With_spaces (0.00s)
    --- PASS: TestNormalizeAttributes/Empty_parts (0.00s)
    --- PASS: TestNormalizeAttributes/Single_element (0.00s)
    --- PASS: TestNormalizeAttributes/Only_commas (0.00s)
    --- PASS: TestNormalizeAttributes/Multiple_comma-separated_attributes (0.00s)
    --- PASS: TestNormalizeAttributes/Case_preservation (0.00s)
    --- PASS: TestNormalizeAttributes/Leading_and_trailing_spaces (0.00s)
    --- PASS: TestNormalizeAttributes/Real-world_LDAP_attribute_examples (0.00s)
    --- PASS: TestNormalizeAttributes/Jira-style_attribute_format (0.00s)
    --- PASS: TestNormalizeAttributes/Single_string_with_single_attribute (0.00s)
    --- PASS: TestNormalizeAttributes/Mix_of_standard_and_operational_attributes (0.00s)
PASS
ok      goauthentik.io/internal/outpost/ldap/search     0.194s
```
2025-06-11 18:16:40 +02:00
6ec745ddc0 website/integrations: standardize application slug placeholder in docs (#15007)
Standardizes application slug placeholder in docs
2025-06-11 16:52:21 +01:00
a44375a9d8 core: bump django from 5.1.10 to 5.1.11 (#14997) 2025-06-11 17:26:52 +02:00
3bf9cf681a web/elements: Add light mode custom css handling (#14944)
* fix(ui): Add light mode custom css handling

Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx1@users.noreply.github.com>

* Update Base.ts

Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx1@users.noreply.github.com>

---------

Signed-off-by: CodeMax IT Solutions Pvt. Ltd. <137166088+cdmx1@users.noreply.github.com>
2025-06-11 15:03:05 +02:00
b8cf0e5dc4 website/docs: add host header dynamic property mapping (#15006)
* Adds the property mapping and updates some language in the doc

* Typos
2025-06-11 13:50:18 +01:00
2180bdf7c2 core, web: update translations (#14999)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-11 12:35:18 +00:00
8af2d189d9 website/docs: fixes misplaced sentence (#14998)
fixes misplaced sentence

Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-06-11 07:17:03 -05:00
66f96a280e website/docs: note usage of is_restored by source stage (#13422) 2025-06-11 13:52:26 +02:00
09d5c6fa43 website: bump the build group in /website with 6 updates (#15001)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.31` | `1.12.0` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.31` | `1.12.0` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.31` | `1.12.0` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.31` | `1.12.0` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.31` | `1.12.0` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.31` | `1.12.0` |


Updates `@swc/core-darwin-arm64` from 1.11.31 to 1.12.0
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.31...v1.12.0)

Updates `@swc/core-linux-arm64-gnu` from 1.11.31 to 1.12.0
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.31...v1.12.0)

Updates `@swc/core-linux-x64-gnu` from 1.11.31 to 1.12.0
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.31...v1.12.0)

Updates `@swc/html-darwin-arm64` from 1.11.31 to 1.12.0
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.31...v1.12.0)

Updates `@swc/html-linux-arm64-gnu` from 1.11.31 to 1.12.0
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.31...v1.12.0)

Updates `@swc/html-linux-x64-gnu` from 1.11.31 to 1.12.0
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.31...v1.12.0)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-11 12:23:47 +02:00
6eb4e78b22 web: bump @sentry/browser from 9.27.0 to 9.28.0 in /web in the sentry group across 1 directory (#15002)
web: bump @sentry/browser in /web in the sentry group across 1 directory

Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 9.27.0 to 9.28.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/9.27.0...9.28.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 9.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-11 12:23:36 +02:00
c3eada8d33 core: bump msgraph-sdk from 1.32.0 to 1.33.0 (#15003)
Bumps [msgraph-sdk](https://github.com/microsoftgraph/msgraph-sdk-python) from 1.32.0 to 1.33.0.
- [Release notes](https://github.com/microsoftgraph/msgraph-sdk-python/releases)
- [Changelog](https://github.com/microsoftgraph/msgraph-sdk-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/microsoftgraph/msgraph-sdk-python/compare/v1.32.0...v1.33.0)

---
updated-dependencies:
- dependency-name: msgraph-sdk
  dependency-version: 1.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-11 12:22:53 +02:00
48130a7463 core: bump google-api-python-client from 2.171.0 to 2.172.0 (#15004)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.171.0 to 2.172.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.171.0...v2.172.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-version: 2.172.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-11 12:22:44 +02:00
9ffb2443f6 web/admin: fix language in certificate import (#14953)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/admin: fix language in certificate import modal

There are two buttons on the CertificateKeyPairList: "Create" and "Generate".  This language is confusing, as it is unclear what the difference between those two options could be.  The
second generates and stores a new key pair; the first only creates an entry in our database for an existing pair generated externally. After a short conversation, changing it to
"Import" seemed like a safe option.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

---------

Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-10 18:49:15 +02:00
0b4aed7a3d website/integrations: add new categories and update sidebar info (#14995)
* Added categories and moved docs

* Moved more docs

* move a couple more things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* auto-sort categories

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Updated sidebar info

* Add path to integrations file

* Moves meshcentral to device management. Moves cloudflare access and globalprotect to networking

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-10 17:18:09 +01:00
86dd1a96f6 brands: fix custom_css being escaped (#14994)
* brands: fix custom_css being escaped

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* escape adequately

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-10 17:19:38 +02:00
0ce017b77e web/admin: show selected policy engine mode on bindings pages, allow setting it on sources (#12963)
* web/admin: show select policy engine mode on bindings pages, allow setting it in sources

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* slight cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-10 16:17:31 +02:00
e22e79f310 website/integrations: add bitwarden (#14922)
* Add doc and update sidebar

* WIP

* WIP

* SAML configuration complete

* Capitalisation

* Added OIDC instructions

* Update website/integrations/services/bitwarden/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/bitwarden/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/bitwarden/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Applied Dominic's suggestions

* Update website/integrations/services/bitwarden/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/bitwarden/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Applied suggestion from Dominic

* Update website/integrations/services/bitwarden/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/bitwarden/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/bitwarden/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/bitwarden/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Applied Tana's suggestions

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-10 08:35:13 -05:00
ac575aecfa core: bump goauthentik.io/api/v3 from 3.2025061.1 to 3.2025061.2 (#14986)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025061.1 to 3.2025061.2.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025061.1...v3.2025061.2)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025061.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 14:57:49 +02:00
fd61fb31b5 website: bump @types/node from 22.15.30 to 24.0.0 in /website (#14988)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.15.30 to 24.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 14:57:42 +02:00
d7f6e5b79d website: bump the eslint group in /website with 3 updates (#14987)
Bumps the eslint group in /website with 3 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@typescript-eslint/eslint-plugin` from 8.33.1 to 8.34.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.33.1 to 8.34.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.0/packages/parser)

Updates `typescript-eslint` from 8.33.1 to 8.34.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 14:56:07 +02:00
09ded2a19a web: bump the eslint group across 2 directories with 3 updates (#14991)
Bumps the eslint group with 1 update in the /packages/eslint-config directory: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).
Bumps the eslint group with 1 update in the /web directory: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `typescript-eslint` from 8.33.1 to 8.34.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.0/packages/typescript-eslint)

Updates `@typescript-eslint/eslint-plugin` from 8.33.1 to 8.34.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.33.1 to 8.34.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.0/packages/parser)

Updates `typescript-eslint` from 8.33.1 to 8.34.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.0/packages/typescript-eslint)

Updates `@typescript-eslint/eslint-plugin` from 8.33.1 to 8.34.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.33.1 to 8.34.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.34.0/packages/parser)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.34.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.34.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 14:55:58 +02:00
6d4c9a3446 website/integrations: fix typos, update language and styling (#14978)
* Typo and improved language

* Changes "admin" to "administrator" and updates indentation

* Updates miniflux to newer styling

* Combines two notes at beginning of jellyfin doc into one

* Replaces all "your application slug" with "application_slug" and replaces tags that are no longer in use

* Replaces tags that are no longer in use

* Updates immich indentation, application_slug and removes tags

* Updated bookstack indentation, tags and application slug

* Removes kbd and em tags, and updates the application slug

* Gix metadata header in bookstack doc

* Lint fix miniflux

* ArgoCD indentation

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
2025-06-10 12:48:49 +01:00
74b5380f32 website/integrations: add 1password (#14815)
* Add doc and update sidebar

* Begin document

* WIP

* Typo

* Added automated user privisioning steps

* Added note about redirect URIs

* Update website/integrations/services/1password/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/1password/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/1password/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/1password/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/1password/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Updated based on recommendations from Dominic

* Update website/integrations/services/1password/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/1password/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/1password/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-10 11:43:43 +00:00
c65b3e8ae5 website/integrations: add nextcloud ldap config and update doc to new styling (#14866)
* Initial changes

* Added LDAP config

* WIP

* WIP

* Updated document to new style and added LDAP config

* Make website

* WIP

* Fixed formatting on SAML section

* Typo

* Update website/integrations/services/nextcloud/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/nextcloud/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/nextcloud/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/nextcloud/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Applied suggestions from Dominic

* Applied more suggestions

* Typo

* Applied suggestions

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-06-10 12:09:43 +01:00
88fa7e37dc outposts: Refactor session end signal and add LDAP support (#14539)
* outpost: promote session end signal to non-provider specific

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* implement server-side logout in ldap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix previous import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use better retry logic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* log

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make more generic if we switch from ws to something else

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make it possible to e2e test WS

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ldap session id

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ok I actually need to go to bed this took me an hour to fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format; add ldap test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix leftover state

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove thread

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use ws base for radius

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* separate test utils

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing super calls

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* websocket tests with browser 🎉

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add proxy test for sign out

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix install_id issue with channels tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix proxy basic auth test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* big code dedupe

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow passing go build args

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve waiting for outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rewrite ldap tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ok actually fix the tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* undo a couple things that need more time to cook

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove unused lockfile-lint dependency since we use a shell script and SFE does not have a lockfile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix session id for ldap

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing createTimestamp and modifyTimestamp ldap attributes

closes #10474

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-10 12:11:21 +02:00
8bfc9ab7c9 core: bump cryptography from 45.0.3 to 45.0.4 (#14989)
Bumps [cryptography](https://github.com/pyca/cryptography) from 45.0.3 to 45.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/45.0.3...45.0.4)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 45.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 11:25:52 +02:00
f145580dae core: bump goauthentik/fips-python from 3.13.3-slim-bookworm-fips to 3.13.4-slim-bookworm-fips (#14990)
core: bump goauthentik/fips-python

Bumps goauthentik/fips-python from 3.13.3-slim-bookworm-fips to 3.13.4-slim-bookworm-fips.

---
updated-dependencies:
- dependency-name: goauthentik/fips-python
  dependency-version: 3.13.4-slim-bookworm-fips
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 11:25:33 +02:00
31eb4a6315 web: bump API Client version (#14985)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-10 02:39:20 +02:00
48696e3d7d core, web: update translations (#14984)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-10 02:36:27 +02:00
734db4dee6 events: rework metrics endpoint (#14934)
* rework event volume

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* migrate more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* the rest of the owl

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* client-side data padding

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* I love deleting code

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix clamping

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* chunk it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add event-to-color map

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sync colours

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* switch colours

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* heatmap?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Revert "heatmap?"

This reverts commit c1f549a18b.

* Revert "Revert "heatmap?""

This reverts commit 6d6175b96b.

* Revert "Revert "Revert "heatmap?"""

This reverts commit 3717903f12.

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-10 02:36:09 +02:00
856ac052e7 website/integrations: replaces all kbd and em tags (#14980)
Replaces all kbd and em tags
2025-06-09 21:06:37 +01:00
dea2d67ceb internal/outpost: fix incorrect usage of golang SHA API (#14981)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-09 20:57:36 +02:00
a844fb41d4 web/elements: fix dual select without sortBy (#14977)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-09 19:04:07 +02:00
f4da22aea8 website/docs: added a link in our Upgrade docs to the Outpost upgrade docs, slight reformatting (#14931)
* add link to outpost upgrade doc

* darn build breaks

* kens edits

* again

---------

Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-06-09 10:14:43 -05:00
1464852b92 website: fix search across multiple subdomains (#14976)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-09 17:13:04 +02:00
6aebf45aea core: bump goauthentik.io/api/v3 from 3.2025060.1 to 3.2025061.1 (#14972)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025060.1 to 3.2025061.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025060.1...v3.2025061.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025061.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 14:52:58 +02:00
fad6ac76af web: bump API Client version (#14971) 2025-06-09 02:43:50 +00:00
c60a145f95 root: backport 2025.6.1 bump (#14970)
release: 2025.6.1

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-06-09 04:15:33 +02:00
652a32d968 stages/email: Only attach logo to email if used (#14835)
* Only attach logo to email if used

* Fix MIME logo attachment to adhere to standard

* format, fix web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* not tuple

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-09 03:49:00 +02:00
bd5a66a3c7 web: bump @codemirror/lang-python from 6.1.6 to 6.2.1 in /web (#14713)
Bumps [@codemirror/lang-python](https://github.com/codemirror/lang-python) from 6.1.6 to 6.2.1.
- [Changelog](https://github.com/codemirror/lang-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-python/compare/6.1.6...6.2.1)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-python"
  dependency-version: 6.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:46:41 +02:00
a4c4b07614 website: bump prettier-plugin-packagejson from 2.5.14 to 2.5.15 in /website (#14829)
website: bump prettier-plugin-packagejson in /website

Bumps [prettier-plugin-packagejson](https://github.com/matzkoh/prettier-plugin-packagejson) from 2.5.14 to 2.5.15.
- [Release notes](https://github.com/matzkoh/prettier-plugin-packagejson/releases)
- [Commits](https://github.com/matzkoh/prettier-plugin-packagejson/compare/v2.5.14...v2.5.15)

---
updated-dependencies:
- dependency-name: prettier-plugin-packagejson
  dependency-version: 2.5.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:39:00 +02:00
aaf76bab92 core: bump selenium/standalone-chrome from 136.0 to 137.0 in /tests/e2e (#14963)
Bumps selenium/standalone-chrome from 136.0 to 137.0.

---
updated-dependencies:
- dependency-name: selenium/standalone-chrome
  dependency-version: '137.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:32:59 +02:00
814f3fc43d core: bump axllent/mailpit from v1.25.1 to v1.26.0 in /tests/e2e (#14964)
Bumps axllent/mailpit from v1.25.1 to v1.26.0.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.26.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:32:51 +02:00
d017af1347 core: bump astral-sh/uv from 0.7.11 to 0.7.12 (#14965)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.11 to 0.7.12.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.11...0.7.12)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:32:36 +02:00
6e11554f62 core: bump github.com/redis/go-redis/v9 from 9.9.0 to 9.10.0 (#14966)
Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.9.0 to 9.10.0.
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/go-redis/compare/v9.9.0...v9.10.0)

---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:32:27 +02:00
14f2edc04b web: bump @types/mocha from 10.0.8 to 10.0.10 in /web (#14684)
Bumps [@types/mocha](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mocha) from 10.0.8 to 10.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/mocha)

---
updated-dependencies:
- dependency-name: "@types/mocha"
  dependency-version: 10.0.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:30:46 +02:00
9f6173d8b2 web: bump ts-pattern from 5.4.0 to 5.7.1 in /web (#14686)
Bumps [ts-pattern](https://github.com/gvergnaud/ts-pattern) from 5.4.0 to 5.7.1.
- [Release notes](https://github.com/gvergnaud/ts-pattern/releases)
- [Commits](https://github.com/gvergnaud/ts-pattern/compare/v5.4.0...v5.7.1)

---
updated-dependencies:
- dependency-name: ts-pattern
  dependency-version: 5.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:30:29 +02:00
52c3ba551d website: bump @types/node from 22.15.29 to 22.15.30 in /website (#14968)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.15.29 to 22.15.30.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 22.15.30
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:30:02 +02:00
633c6ff245 web: bump mermaid from 11.4.1 to 11.6.0 in /web (#14688)
Bumps [mermaid](https://github.com/mermaid-js/mermaid) from 11.4.1 to 11.6.0.
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Changelog](https://github.com/mermaid-js/mermaid/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.4.1...mermaid@11.6.0)

---
updated-dependencies:
- dependency-name: mermaid
  dependency-version: 11.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:28:44 +02:00
e5cb925f70 web: bump @fortawesome/fontawesome-free from 6.6.0 to 6.7.2 in /web (#14716)
Bumps [@fortawesome/fontawesome-free](https://github.com/FortAwesome/Font-Awesome) from 6.6.0 to 6.7.2.
- [Release notes](https://github.com/FortAwesome/Font-Awesome/releases)
- [Changelog](https://github.com/FortAwesome/Font-Awesome/blob/6.x/CHANGELOG.md)
- [Commits](https://github.com/FortAwesome/Font-Awesome/compare/6.6.0...6.7.2)

---
updated-dependencies:
- dependency-name: "@fortawesome/fontawesome-free"
  dependency-version: 6.7.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:28:18 +02:00
a0b1327456 web: bump the eslint group across 2 directories with 3 updates (#14833)
Bumps the eslint group with 1 update in the /packages/eslint-config directory: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).
Bumps the eslint group with 1 update in the /web directory: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `typescript-eslint` from 8.33.0 to 8.33.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/typescript-eslint)

Updates `@typescript-eslint/eslint-plugin` from 8.33.0 to 8.33.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.33.0 to 8.33.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/parser)

Updates `typescript-eslint` from 8.33.0 to 8.33.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/typescript-eslint)

Updates `@typescript-eslint/eslint-plugin` from 8.33.0 to 8.33.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.33.0 to 8.33.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/parser)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.33.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.33.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.33.1
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.33.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.33.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.33.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:26:02 +02:00
891907390b website: bump the eslint group in /website with 4 updates (#14967)
Bumps the eslint group in /website with 4 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [eslint](https://github.com/eslint/eslint) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@eslint/js` from 9.27.0 to 9.28.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.28.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.32.1 to 8.33.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/eslint-plugin)

Updates `eslint` from 9.27.0 to 9.28.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.27.0...v9.28.0)

Updates `typescript-eslint` from 8.32.1 to 8.33.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.33.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint
  dependency-version: 9.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.33.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 03:14:20 +02:00
e1c47c0f00 website: bump @typescript-eslint/parser from 8.32.1 to 8.33.1 in /website (#14828)
* website: bump @typescript-eslint/parser in /website

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.32.1 to 8.33.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.33.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update dependabot groups for website

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-09 03:03:49 +02:00
0b71aa43d1 core, web: update translations (#14962)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-09 03:01:25 +02:00
b4d26d5092 web: bump @sentry/browser from 9.24.0 to 9.25.1 in /web in the sentry group across 1 directory (#14865)
web: bump @sentry/browser in /web in the sentry group across 1 directory

Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 9.24.0 to 9.25.1
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/9.24.0...9.25.1)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 9.25.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 02:11:29 +02:00
8a9f6fb1ce core, web: update translations (#14954)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-09 02:11:11 +02:00
355f302cb7 lifecycle/aws: bump aws-cdk from 2.1017.1 to 2.1018.0 in /lifecycle/aws (#14939)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1017.1 to 2.1018.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1018.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1018.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 02:10:16 +02:00
11666f5658 core: bump golang.org/x/sync from 0.14.0 to 0.15.0 (#14936)
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/sync/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-version: 0.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 02:09:41 +02:00
d54fe15511 website: bump the build group across 1 directory with 9 updates (#14937)
Bumps the build group with 9 updates in the /website directory:

| Package | From | To |
| --- | --- | --- |
| [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.11` | `1.3.15` |
| [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.11` | `1.3.15` |
| [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.11` | `1.3.15` |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.29` | `1.11.31` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.29` | `1.11.31` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.29` | `1.11.31` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.29` | `1.11.31` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.29` | `1.11.31` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.29` | `1.11.31` |



Updates `@rspack/binding-darwin-arm64` from 1.3.11 to 1.3.15
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.15/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.3.11 to 1.3.15
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.15/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.3.11 to 1.3.15
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.15/packages/rspack)

Updates `@swc/core-darwin-arm64` from 1.11.29 to 1.11.31
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.29...v1.11.31)

Updates `@swc/core-linux-arm64-gnu` from 1.11.29 to 1.11.31
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.29...v1.11.31)

Updates `@swc/core-linux-x64-gnu` from 1.11.29 to 1.11.31
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.29...v1.11.31)

Updates `@swc/html-darwin-arm64` from 1.11.29 to 1.11.31
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.29...v1.11.31)

Updates `@swc/html-linux-arm64-gnu` from 1.11.29 to 1.11.31
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.29...v1.11.31)

Updates `@swc/html-linux-x64-gnu` from 1.11.29 to 1.11.31
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.29...v1.11.31)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-version: 1.3.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-version: 1.3.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-version: 1.3.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.11.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.11.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.11.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.11.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.11.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.11.31
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-09 02:06:18 +02:00
baa4deda99 tests/e2e: WebAuthn E2E tests (#14461)
* a start of webauthn testing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* separate file, just do it via localhost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove unneeded stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add auth and sfe tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* auto select device challenge if only 1

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revert a thing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-07 09:31:16 +02:00
b7417e77c7 outposts: remove duplicate startup/setup code, add pyroscope, make sentry not reconfigure every time (#14724)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-07 03:01:00 +02:00
a01bb551d0 web/standards: fix boolean attribute abuse (#14662)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/maintenance: correct the usage of boolean (false) attributes

## What

Just cleaning up a bad habit; we have a lot of `?attribute=${true|false}` (or, more alarmingly,
`.attribute=${true|false}`.  These should just be `attribute` or be missing; anything else is
unnecessary.

Where the attribute is `true` by default, no changes have been made; there are only a few of them,
and they require re-working of the logic to assist with the changes. Booleans should never be `true` by
default, and if you absolutely cannot find an alternative phrasing that makes having them be `false`
by default a valid choice, they should be `reflect: true` to make their presence visible to screen
readers and debuggers.

## Why

Removing non-standard HTML uses from web components matches our programming standards and is an
important step toward the Authentik Elements NPM package, as well as the Schema-Driven Forms update.

## Boring excessive detail.

Because there are literally hundreds of changes, I've documented the boring ones here.

Changes that do *not* meet the basic criteria of "made the component comply with the standards" are
commented in the PR.

Here are all the Boolean property declarations in the system, delta the ones that declare `= true`;
those are documented at the bottom of this commit, and are not addressed in this PR.  This
information is included to guide your decision making.  The second block, below, documents the
actual changes made to component declarations throughout our code.  The third block, at the bottom,
documents changes not made due to logic and effort constraints.

```
components/ak-switch-input.ts:
    @property({ type: Boolean })
    checked: boolean = false;
--
components/ak-switch-input.ts:
    @property({ type: Boolean })
    required = false;
--
components/ak-file-input.ts:
    @property({ type: Boolean })
    required = false;
--
components/HorizontalLightComponent.ts:
    @property({ type: Boolean })
    required = false;
--
components/ak-multi-select.ts:
    @property({ type: Boolean })
    required = false;
--
elements/TreeView.ts:
    @property({ type: Boolean })
    open = false;
--
components/ak-status-label.ts:
    @property({ type: Boolean })
    good = false;
--
components/ak-status-label.ts:
    @property({ type: Boolean })
    compact = false;
--
elements/CodeMirror.ts:
    @property({ type: Boolean })
    readOnly = false;
--
elements/buttons/ModalButton.ts:
    @property({ type: Boolean })
    open = false;
--
elements/EmptyState.ts:
    @property({ type: Boolean })
    fullHeight = false;
--
elements/Tabs.ts:
    @property({ type: Boolean })
    vertical = false;
--
elements/ak-checkbox-group/ak-checkbox-group.ts:
    @property({ type: Boolean })
    required = false;
--
elements/Label.ts:
    @property({ type: Boolean })
    compact = false;
--
elements/forms/FormGroup.ts:
    @property({ type: Boolean, reflect: true })
    expanded = false;
--
elements/Expand.ts:
    @property({ type: Boolean })
    expanded = false;
--
elements/forms/HorizontalFormElement.ts:
    @property({ type: Boolean })
    required = false;
--
elements/forms/HorizontalFormElement.ts:
    @property({ type: Boolean })
    slugMode = false;
--
elements/forms/SearchSelect/ak-portal.ts:
    @property({ type: Boolean, reflect: true })
    open = false;
--
elements/Alert.ts:
    @property({ type: Boolean })
    inline = false;
--
elements/forms/SearchSelect/ak-search-select-view.ts:
    @property({ type: Boolean, reflect: true })
    open = false;
--
elements/forms/SearchSelect/ak-search-select-view.ts:
    @property({ type: Boolean })
    blankable = false;
--
elements/sidebar/SidebarItem.ts:
    @property({ type: Boolean })
    expanded = false;
--
admin/stages/StageWizard.ts:
    @property({ type: Boolean })
    showBindingPage = false;
--
elements/forms/FormElement.ts:
    @property({ type: Boolean })
    required = false;
--
admin/common/ak-flow-search/FlowSearch.ts:
    @property({ type: Boolean })
    required?: boolean = false;
--
admin/applications/ProviderSelectModal.ts:
    @property({ type: Boolean })
    backchannel = false;
--
elements/forms/SearchSelect/SearchSelect.ts:
    @property({ type: Boolean })
    blankable = false;
--
admin/applications/components/ak-provider-search-input.ts:
    @property({ type: Boolean })
    required = false;
--
admin/applications/components/ak-provider-search-input.ts:
    @property({ type: Boolean })
    blankable = false;
--
admin/applications/components/ak-backchannel-input.ts:
    @property({ type: Boolean })
    required = false;
--
admin/policies/PolicyWizard.ts:
    @property({ type: Boolean })
    showBindingPage = false;
```

The attribute 'required' is an HTML native, and is false by default.

Here are all the change pairs around HTML attrbutes:

```
$ git diff | rg -A 1 '\?(backchannel|blankable|checked|compact|expanded|fullHeight|good|inline|open|readOnly|required|showBindingPage|slugMode|vertical)\b'

-                ?required=${true}
+                required

-                    <ak-provider-select-table ?backchannel=${true} .confirm=${this.confirm}>
+                    <ak-provider-select-table backchannel .confirm=${this.confirm}>

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                ?required=${false}

-                    ?required=${true}
+                    required

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                                  ?blankable=${true}
+                                  blankable

-                        ?required=${true}
+                        required

-                ?blankable=${true}
+                blankable

-                ?blankable=${true}
+                blankable

-            ?required=${true}
+            required

-            ?required=${true}
+            required

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-        return html` <ak-form-element-horizontal label=${msg("Name")} name="name" ?required=${true}>
+        return html` <ak-form-element-horizontal label=${msg("Name")} name="name" required>

-                ?required=${true}
+                required

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                    ?blankable=${true}
+                    blankable

-                ?required=${true}
+                required

-            <ak-form-element-horizontal label=${msg("Severity")} ?required=${true} name="severity">
+            <ak-form-element-horizontal label=${msg("Severity")} required name="severity">

-                        ?showBindingPage=${true}
+                        showBindingPage

-                ?showBindingPage=${true}
+                showBindingPage

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Title")} ?required=${true} name="title">
+            <ak-form-element-horizontal label=${msg("Title")} required name="title">

-            <ak-form-element-horizontal label=${msg("Slug")} ?required=${true} name="slug">
+            <ak-form-element-horizontal label=${msg("Slug")} required name="slug">

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            ?required=${true}
+            required

-            <ak-form-element-horizontal label=${msg("Stage")} ?required=${true} name="stage">
+            <ak-form-element-horizontal label=${msg("Stage")} required name="stage">

-            <ak-form-element-horizontal label=${msg("Order")} ?required=${true} name="order">
+            <ak-form-element-horizontal label=${msg("Order")} required name="order">

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                    ?blankable=${true}
+                    blankable

-                ?required=${true}
+                required

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Type")} ?required=${true} name="type">
+            <ak-form-element-horizontal label=${msg("Type")} required name="type">

-                    ?blankable=${true}
+                    blankable

-                        <ak-label color=${PFColor.Green} ?compact=${true}>
+                        <ak-label color=${PFColor.Green} compact>

-                            ? html`<ak-label color=${PFColor.Red} ?compact=${true}
+                            ? html`<ak-label color=${PFColor.Red} compact

-                            : html`<ak-label color=${PFColor.Green} ?compact=${true}
+                            : html`<ak-label color=${PFColor.Green} compact

-                    ? html`<ak-label color=${PFColor.Orange} ?compact=${true}>
+                    ? html`<ak-label color=${PFColor.Orange} compact>

-                    : html`<ak-label color=${PFColor.Green} ?compact=${true}>
+                    : html`<ak-label color=${PFColor.Green} compact>

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Docker URL")} ?required=${true} name="url">
+            <ak-form-element-horizontal label=${msg("Docker URL")} required name="url">

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?showBindingPage=${true}
+                        showBindingPage

-                      ?showBindingPage=${true}
+                      showBindingPage

-                            ?blankable=${true}
+                            blankable

-                            ?blankable=${true}
+                            blankable

-                            ?blankable=${true}
+                            blankable

-            <ak-form-element-horizontal label=${msg("Order")} ?required=${true} name="order">
+            <ak-form-element-horizontal label=${msg("Order")} required name="order">

-            <ak-form-element-horizontal label=${msg("Timeout")} ?required=${true} name="timeout">
+            <ak-form-element-horizontal label=${msg("Timeout")} required name="timeout">

-                    ? html`<ak-label color=${PFColor.Green} ?compact=${true}>
+                    ? html`<ak-label color=${PFColor.Green} compact>

-                    : html`<ak-label color=${PFColor.Orange} ?compact=${true}>
+                    : html`<ak-label color=${PFColor.Orange} compact>

-        return html`<ak-form-element-horizontal label=${msg("User")} ?required=${true} name="user">
+        return html`<ak-form-element-horizontal label=${msg("User")} required name="user">

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                            ?blankable=${true}
+                            blankable

-                            ?blankable=${true}
+                            blankable

-                            ?blankable=${true}
+                            blankable

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                    ?required=${true}
+                    required

-                    ?required=${true}
+                    required

-                    ?required=${true}
+                    required

-                    ?required=${true}
+                    required

-                    ?required=${true}
+                    required

-                    ?required=${true}
+                    required

-                    ?required=${true}
+                    required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                ?required=${true}
+                required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                      ?readOnly=${true}
+                      readOnly

-            return html`<ak-empty-state loading ?fullHeight=${true}></ak-empty-state>`;
+            return html`<ak-empty-state loading fullHeight></ak-empty-state>`;

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-group ?expanded=${true}>
+            <ak-form-group expanded>

-                            ?blankable=${true}
+                            blankable

-            <ak-form-group ?expanded=${true}>
+            <ak-form-group expanded>

-                    ?required=${true}
+                    required

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-group ?expanded=${true}>
+            <ak-form-group expanded>

-                            ?blankable=${true}
+                            blankable

-            <ak-form-group ?expanded=${true}>
+            <ak-form-group expanded>

-            ?required=${true}
+            required

-                    ?required=${true}
+                    required

-                                        ?blankable=${true}
+                                        blankable

-            <ak-form-element-horizontal label=${msg("Name")} name="name" ?required=${true}>
+            <ak-form-element-horizontal label=${msg("Name")} name="name" required>

-            <ak-form-element-horizontal label=${msg("Protocol")} ?required=${true} name="protocol">
+            <ak-form-element-horizontal label=${msg("Protocol")} required name="protocol">

-            <ak-form-element-horizontal label=${msg("Host")} name="host" ?required=${true}>
+            <ak-form-element-horizontal label=${msg("Host")} name="host" required>

-                ?required=${true}
+                required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                    ?required=${false}

-                        ?blankable=${true}
+                        blankable

-                        ?blankable=${true}
+                        blankable

-        return html`<ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html`<ak-form-element-horizontal label=${msg("Name")} required name="name">

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                                      ?readOnly=${true}
+                                      readOnly

-                                    ?blankable=${true}
+                                    blankable

-        return html`<ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html`<ak-form-element-horizontal label=${msg("Name")} required name="name">

-                    : html`<ak-label color=${PFColor.Orange} ?compact=${true}>
+                    : html`<ak-label color=${PFColor.Orange} compact>

-                <ak-label color=${PFColor.Grey} ?compact=${true}> ${msg("Built-in")}</ak-label>
+                <ak-label color=${PFColor.Grey} compact> ${msg("Built-in")}</ak-label>

-            return html`<ak-empty-state loading ?fullHeight=${true}></ak-empty-state>`;
+            return html`<ak-empty-state loading fullHeight></ak-empty-state>`;

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-group ?expanded=${false}>
+            <ak-form-group>

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Slug")} ?required=${true} name="slug">
+            <ak-form-element-horizontal label=${msg("Slug")} required name="slug">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-group ?expanded=${true}>
+            <ak-form-group expanded>

-                            ?blankable=${true}
+                            blankable

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Slug")} ?required=${true} name="slug">
+            <ak-form-element-horizontal label=${msg("Slug")} required name="slug">

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-group ?expanded=${true}>
+            <ak-form-group expanded>

-                ?required=${true}
+                required

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Slug")} ?required=${true} name="slug">
+            <ak-form-element-horizontal label=${msg("Slug")} required name="slug">

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                        ?required=${true}
+                        required

-            <ak-form-group ?expanded=${true}>
+            <ak-form-group expanded>

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Slug")} ?required=${true} name="slug">
+            <ak-form-element-horizontal label=${msg("Slug")} required name="slug">

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-group ?expanded=${true}>
+            <ak-form-group expanded>

-                        ?required=${true}
+                        required

-                                ?readOnly=${true}
+                                readOnly

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Slug")} ?required=${true} name="slug">
+            <ak-form-element-horizontal label=${msg("Slug")} required name="slug">

-            <ak-form-group ?expanded=${true}>
+            <ak-form-group expanded>

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                ?required=${true}
+                required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                            ?blankable=${true}
+                            blankable

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                <ak-form-element-horizontal label=${msg("SMTP Host")} ?required=${true} name="host">
+                <ak-form-element-horizontal label=${msg("SMTP Host")} required name="host">

-                <ak-form-element-horizontal label=${msg("SMTP Port")} ?required=${true} name="port">
+                <ak-form-element-horizontal label=${msg("SMTP Port")} required name="port">

-                    ?required=${true}
+                    required

-                    ?required=${true}
+                    required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                            ?blankable=${true}
+                            blankable

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                ?required=${true}
+                required

-                    ?blankable=${true}
+                    blankable

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                            ?blankable=${true}
+                            blankable

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                            ?blankable=${true}
+                            blankable

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                            ?blankable=${true}
+                            blankable

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        <ak-alert ?inline=${true}>
+                        <ak-alert inline>

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                            ?blankable=${true}
+                            blankable

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                    <ak-form-element-horizontal label=${msg("Mode")} ?required=${true} name="mode">
+                    <ak-form-element-horizontal label=${msg("Mode")} required name="mode">

-                        ?required=${true}
+                        required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                <ak-form-element-horizontal label=${msg("SMTP Host")} ?required=${true} name="host">
+                <ak-form-element-horizontal label=${msg("SMTP Host")} required name="host">

-                <ak-form-element-horizontal label=${msg("SMTP Port")} ?required=${true} name="port">
+                <ak-form-element-horizontal label=${msg("SMTP Port")} required name="port">

-                    ?required=${true}
+                    required

-                    ?required=${true}
+                    required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                ?slugMode=${true}
+                slugMode

-                ?required=${true}
+                required

-            <ak-form-element-horizontal label=${msg("Expires")} ?required=${true} name="expires">
+            <ak-form-element-horizontal label=${msg("Expires")} required name="expires">

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                            ?blankable=${true}
+                            blankable

-                        ?required=${true}
+                        required

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Field Key")} ?required=${true} name="fieldKey">
+            <ak-form-element-horizontal label=${msg("Field Key")} required name="fieldKey">

-            <ak-form-element-horizontal label=${msg("Label")} ?required=${true} name="label">
+            <ak-form-element-horizontal label=${msg("Label")} required name="label">

-            <ak-form-element-horizontal label=${msg("Type")} ?required=${true} name="type">
+            <ak-form-element-horizontal label=${msg("Type")} required name="type">

-            <ak-form-element-horizontal label=${msg("Order")} ?required=${true} name="order">
+            <ak-form-element-horizontal label=${msg("Order")} required name="order">

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Source")} ?required=${true} name="source">
+            <ak-form-element-horizontal label=${msg("Source")} required name="source">

-                ?required=${true}
+                required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                        ?required=${true}
+                        required

-                        <ak-alert ?inline=${true}>
+                        <ak-alert inline>

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-                        ?required=${true}
+                        required

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-            <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+            <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                            ?blankable=${true}
+                            blankable

-                ?required=${true}
+                required

-            <ak-form-element-horizontal label=${msg("User")} ?required=${true} name="user">
+            <ak-form-element-horizontal label=${msg("User")} required name="user">

-            <ak-form-element-horizontal label=${msg("Intent")} ?required=${true} name="intent">
+            <ak-form-element-horizontal label=${msg("Intent")} required name="intent">

-                ?required=${true}
+                required

-                    <input class="pf-c-switch__input" type="checkbox" ?checked=${true} />
+                    <input class="pf-c-switch__input" type="checkbox" checked />

-                    <input class="pf-c-switch__input" type="checkbox" ?checked=${true} />
+                    <input class="pf-c-switch__input" type="checkbox" checked />

-                ?required=${true}
+                required

-            <ak-form-element-horizontal label=${msg("User type")} ?required=${true} name="type">
+            <ak-form-element-horizontal label=${msg("User type")} required name="type">

-            <ak-form-element-horizontal label=${msg("Path")} ?required=${true} name="path">
+            <ak-form-element-horizontal label=${msg("Path")} required name="path">

-            ?required=${true}
+            required

-            ?required=${true}
+            required

-            <ak-tabs pageIdentifier="userCredentialsTokens" ?vertical=${true}>
+            <ak-tabs pageIdentifier="userCredentialsTokens" vertical>

-                <ak-status-label ?good=${true}></ak-status-label>
+                <ak-status-label good></ak-status-label>

-                    ?open=${true}
+                    open

-                ?blankable=${true}
+                blankable

-                <ak-tabs ?vertical="${true}">
+                <ak-tabs vertical>

-        return html` <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
+        return html` <ak-form-element-horizontal label=${msg("Name")} required name="name">

-                ?required=${true}
+                required

```

The following issues are the `true` by default Booleans.  As mentioned, these are **not addressed** by this PR.

```
elements/table/Table.ts::
    @property({ type: Boolean })
    paginated = true;

elements/forms/ModalForm.ts::
    @property({ type: Boolean })
    closeAfterSuccessfulSubmit = true;

elements/forms/ModalForm.ts::
    @property({ type: Boolean })
    showSubmitButton = true;

elements/CodeMirror.ts::
    @property({ type: Boolean })
    parseValue = true;

elements/LoadingOverlay.ts::
    @property({ type: Boolean })
    loading = true;

admin/stages/authenticator_validate/AuthenticatorValidateStageForm.ts::
    @property({ type: Boolean })
    showConfigurationStages = true;

elements/user/sources/SourceSettings.ts::
    @property({ type: Boolean })
    canConnect = true;

admin/outposts/OutpostHealthSimple.ts::
    @property({ attribute: false })
    showVersion = true;

elements/wizard/Wizard.ts::
    @property({ type: Boolean })
    canCancel = true;

elements/wizard/Wizard.ts::
    @property({ type: Boolean })
    canBack = true;
```

* Prettier had opinions.

* Caught during code review.

* Merged incorrectly; not sure what went wrong, but this re-applies the removal of the  syntax from the current LDAPSourceForm.ts from  to this branch.
2025-06-06 23:06:25 +00:00
9a03bdeaf1 web/maintenance: remove writeOnly hacks from Form and HorizontalFormElement (#14649)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/standards: use attribute naming scheme for attributes

## What

Renamed the 'inputHint' attribute to 'input-hint', because it is an attribute, not a property.
Properties are camelCased, but attributes are kebab-cased.

Updated all instances where this appears with the usual magic:

```
$ perl -pi.bak -e 's/inputHint="code"/input-hint="code"/' $(rg -l 'inputHint="code"')
```

This fix is in preparation for both the Patternfly 5 project and the Schema-Driven Forms project.

* web/maintenance: remove `writeOnly` hacks from Form and HorizontalFormElement

## What

The `writeOnly` hack substituted an obscuring, read-only field for secret keys and passwords that an
admin should never be able to see/read, only *write*, but allowed the user to click on and replace
the key or password. The hack performed this substitution within `HorizontalFormElement` and
dispersed a flag throughout the code to enforce it. Another hack within `Form` directed the API to
not update / write changes to that field if the field had never been activated.

This commit replaces the `writeOnly` hack with a pair of purpose-built components,
`ak-private-text-input` and `ak-private-textarea-input`, that perform the exact same functionality
but without having to involve the HorizontalFormElement, which really should just be layout and
generic functionality.  It also replaces all the `writeOnly` hackery in Form with a simple
`doNotProcess` flag, which extends and genericizes this capability to any and all input fields.

The only major protocol change is that `?writeOnly` was a *positive* flag; you controlled it by
saying `this.instance !== undefined`; `?revealed` is a *positive* flog; you reveal the working input
field when `this.instance === undefined`.

It is not necessary to specify the monospace, autocomplete, and spell-check features; those are
enabled or disabled automatically when the `input-hint="code"` flag is passed.

## Why

Removing special cases from processing code is an important step toward the Authentik Elements NPM
package, as well as the Schema-Driven Forms update.

## Note

This is actually a very significant change; this is important functionality that I have hand-tested
quite a bit, but could wish for automated testing that also checks the database back-end to ensure
the fixes made write the keys and passwords as required. Checking the back-end directly is important
since these fields are never re-sent to the front-end after being saved!

Things like `placeholder`, `required`, and getting the `name`, `label` or `help` are all issues very
subject to Last-Line Effect, so give this the hairiest eyeball you've got, please.

* Found a few small things, like a missing import that might have broken something.

* web/admin: Update `private-text` field to pass new linting requirement.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes
2025-06-06 15:11:49 -07:00
6b530ff764 web/admin: use attribute naming scheme for attributes (#14644)
web/standards: use attribute naming scheme for attributes

## What

Renamed the 'inputHint' attribute to 'input-hint', because it is an attribute, not a property.
Properties are camelCased, but attributes are kebab-cased.

Updated all instances where this appears with the usual magic:

```
$ perl -pi.bak -e 's/inputHint="code"/input-hint="code"/' $(rg -l 'inputHint="code"')
```

This fix is in preparation for both the Patternfly 5 project and the Schema-Driven Forms project.

* Revision: You almost certainly do NOT want every field to be reflected.  Booleans are okay, especially for fields that may be changed internally but need to be read by screen-readers, sunch as 'hidden' or 'invalid'.  But if a field is a string or a number and has a default value, you do not want it to be reflected.
2025-06-06 14:49:47 -07:00
e77a3241f0 core: bump django from 5.1.9 to 5.1.10 (#14951)
bump django to 5.1.10
2025-06-06 20:42:15 +02:00
a718ff2617 website/docs: add 2025.6.1 release notes (#14948) 2025-06-06 15:28:10 +00:00
969fa82b7f root: remove /if/help (#14929)
Co-authored-by: Teffen Ellis <teffen@sister.software>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-06 17:21:07 +02:00
bb47a70310 core, web: update translations (#14933)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-06 14:58:30 +02:00
a306cecb73 providers/proxy: add option to override host header with property mappings (#14927) 2025-06-06 14:54:59 +02:00
760879c3db website/integrations: fix webfinger link in tailscale doc (#14942)
* Update index.md

Modify the link in webfinger

Signed-off-by: Bisn <b@bisn.cn>

* Update website/integrations/services/tailscale/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Bisn <b@bisn.cn>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-06-06 11:27:45 +00:00
ef5d3580e8 web/admin: make message container bottom aligned for admin interface (#14816)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-06 01:09:46 +02:00
d14b480926 web/user: fix user settings flow not loading (#14911)
* web/user: fix user settings flow not loading

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated fix: fix select caret color in dark theme

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-06-05 23:26:06 +02:00
d9c79558b1 website/docs: fix outdated and incorrect example kubernetes deployment (#14928)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-05 21:09:56 +02:00
ed20d1b6aa docusaurus-config: Update deps, colors. (#14796) 2025-06-05 14:00:06 -04:00
f03ee47bb3 admin: only run update checks in the default tenant (#14874) 2025-06-05 13:51:27 +00:00
396366a99a translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#14923)
Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-05 13:42:38 +00:00
13d2df3bf6 core: bump astral-sh/uv from 0.7.10 to 0.7.11 (#14918)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-05 12:33:17 +00:00
d65b8ae029 providers/proxy: set_oauth_defaults in reconcile instead of task (#14875) 2025-06-05 14:28:18 +02:00
296031c5df *: use ManagedAppConfig everywhere (#14839) 2025-06-05 14:28:11 +02:00
452639d6d2 tenants: fix tenant aware celery scheduler (#14921) 2025-06-05 12:20:01 +00:00
465ccb7ab9 core, web: update translations (#14910)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-05 14:11:00 +02:00
fdce812ddc core: bump goauthentik.io/api/v3 from 3.2025041.4 to 3.2025060.1 (#14919)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-05 14:05:29 +02:00
005da84dbe translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#14915)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-05 14:04:46 +02:00
b098971718 translate: Updates for file web/xliff/en.xlf in zh_CN (#14916)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-05 14:04:27 +02:00
147bfa3f97 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#14914)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-06-05 14:04:22 +02:00
fc5f91ea29 website/integrations: improve komodo config verification (#14849)
### What

Some wording improvements to the Komodo configuration verification. Not sure I like it, but I found parts of the old wording a little strange

Signed-off-by: Dominic R <dominic@sdko.org>
2025-06-05 10:32:51 +01:00
e29961b088 website/integrations: fix komodo provider url (#14912)
* fix KOMODO_OIDC_PROVIDER uri docs

* Update website/integrations/services/komodo/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dylan Gottlieb <dylangottlieb@users.noreply.github.com>

---------

Signed-off-by: Dylan Gottlieb <dylangottlieb@users.noreply.github.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-06-05 09:30:47 +00:00
52ca70d6bb website/docs: fix note at end of rac credentials prompt (#14909)
* Fixes note section at end of document

* tweak to bump build

---------

Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-06-04 17:12:40 -05:00
42cb9cb531 website/docs: add credentials prompt for rac doc (#14840)
* Adds document

* Typo

* Clarified RAC endpoint sentence based on Tana's suggestion.

* Update website/docs/add-secure-apps/providers/rac/rac_credentials_prompt.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Small wording improvements

* Added connection security type information

* A word

* Added to sidebar

* Update website/docs/add-secure-apps/providers/rac/rac_credentials_prompt.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Applied suggestions from Tana

* Update website/docs/add-secure-apps/providers/rac/rac_credentials_prompt.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-04 20:40:43 +00:00
837cd3bcb0 core: bump redis from 6.0.0 to v6.2.0 (#14895) 2025-06-04 20:17:09 +02:00
53a9c147cd core: bump protobuf from 6.30.2 to v6.31.1 (#14894) 2025-06-04 20:16:54 +02:00
d7f166f260 core: bump click from 8.2.0 to v8.2.1 (#14881) 2025-06-04 20:16:45 +02:00
8ce9343457 core: bump uritemplate from 4.1.1 to v4.2.0 (#14902) 2025-06-04 15:11:21 -03:00
6af27d0c90 core: bump azure-identity from 1.22.0 to v1.23.0 (#14879) 2025-06-04 19:36:46 +02:00
6fd48ccf9b core: bump durationpy from 0.9 to v0.10 (#14883) 2025-06-04 19:36:27 +02:00
5567967848 core: bump prometheus-client from 0.21.1 to v0.22.1 (#14893) 2025-06-04 19:36:14 +02:00
090a377c78 core: bump jsonschema from 4.23.0 to v4.24.0 (#14887) 2025-06-04 19:35:59 +02:00
3e7bda87ea core: bump std-uritemplate from 2.0.3 to v2.0.5 (#14898) 2025-06-04 19:35:47 +02:00
f22a539b50 core: bump aiohttp from 3.11.18 to v3.12.8 (#14878) 2025-06-04 19:35:33 +02:00
54811b2b05 core: bump pluggy from 1.5.0 to v1.6.0 (#14892) 2025-06-04 19:35:19 +02:00
35263f71ee core: bump msgraph-core from 1.3.3 to v1.3.4 (#14889) 2025-06-04 19:35:03 +02:00
f0bc809389 core: bump daphne from 4.1.2 to v4.2.0 (#14882) 2025-06-04 19:34:47 +02:00
75b45312ee core: bump typing-extensions from 4.13.2 to v4.14.0 (#14900) 2025-06-04 19:34:34 +02:00
e4eeb43f8a core: bump google-api-core from 2.24.2 to v2.25.0 (#14885) 2025-06-04 19:34:19 +02:00
04850e5c84 core: bump rpds-py from 0.24.0 to v0.25.1 (#14896) 2025-06-04 19:34:07 +02:00
fbae9f2f34 core: bump google-auth from 2.40.1 to v2.40.2 (#14886) 2025-06-04 19:33:54 +02:00
3c966d9252 core: bump setuptools from 80.4.0 to v80.9.0 (#14897) 2025-06-04 19:33:38 +02:00
9f1cef18b2 core: bump frozenlist from 1.6.0 to v1.6.2 (#14884) 2025-06-04 19:33:23 +02:00
aae20dc399 core: bump multidict from 6.4.3 to v6.4.4 (#14890) 2025-06-04 19:33:12 +02:00
4dc43b788a core: bump boto3 from 1.38.13 to v1.38.29 (#14880) 2025-06-04 19:32:57 +02:00
a3b40a97ef core: bump opentelemetry-api from 1.33.0 to v1.34.0 (#14891) 2025-06-04 19:32:43 +02:00
852106f02f core: bump typing-inspection from 0.4.0 to v0.4.1 (#14901) 2025-06-04 19:32:32 +02:00
7a34428aff core: bump zipp from 3.21.0 to v3.22.0 (#14903) 2025-06-04 19:32:18 +02:00
c1b6a681a0 web: bump API Client version (#14907)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-04 16:57:58 +00:00
7a8c2e7ad9 root: backport version bump 2025.6.0 (#14904)
* release: 2025.6.0-rc1

* release: 2025.6.0
2025-06-04 18:28:52 +02:00
a57381ca4a website/docs: rotate supported versions: 2025.6 (#14856) 2025-06-04 16:33:57 +02:00
154dde9a9a website/release notes: add tailscale to new integrations (#14859)
* website/release notes: add tailscale to new integrations

### What

Adds Tailscale to the list of new integrations this release as it was merged like 5 minutes ago and technically 2025.6 isn't released just yet

Signed-off-by: Dominic R <dominic@sdko.org>

* tweaks to bump build

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-06-04 09:10:49 -05:00
a15365a9f1 website/docs: release notes for 2025.4.2 (#14868) 2025-06-04 15:23:01 +02:00
10f11cbc31 core: bump google-api-python-client from 2.170.0 to 2.171.0 (#14864)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-04 13:22:01 +00:00
caec23d52a core, web: update translations (#14858)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-04 15:05:25 +02:00
7e1781ed76 core: bump astral-sh/uv from 0.7.9 to 0.7.10 (#14861)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-04 15:04:12 +02:00
0cfdbbbec6 core: bump argon2-cffi from 23.1.0 to 25.1.0 (#14862)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-04 15:04:02 +02:00
8a1b7cb166 core: bump msgraph-sdk from 1.31.0 to 1.32.0 (#14863)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-04 15:03:23 +02:00
f367a84676 website/integrations: tailscale (#14499)
* init

* wording

* lint

* Update website/integrations/services/tailscale/index.md

Signed-off-by: Dominic R <dominic@sdko.org>

* Dewi's suggestions

* still mention that its a placeholder

* fix

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/tailscale/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* mv to end

Signed-off-by: Dominic R <dominic@sdko.org>

* indent

* Update website/integrations/services/tailscale/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/tailscale/index.md

Signed-off-by: Dominic R <dominic@sdko.org>

* tweak to bump build

* another tweak to bump build

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-06-03 21:28:23 -05:00
32d6b03a3c website/releases: order new integrations alphabetically (#14850)
### What

Orders the 2025.6 release note's new integrations alphabetically. It just bothers me.

Signed-off-by: Dominic R <dominic@sdko.org>
2025-06-03 16:35:06 -05:00
08027bf0ad website/docs: update style guide (#14373)
* wip

Signed-off-by: Dominic R <dominic@sdko.org>

* fix ` ` `

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* fix a few review suggestions

* review

* lint

* rm examples

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/developer-docs/docs/style-guide.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/docs/style-guide.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/docs/style-guide.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* tweak to bump build

* tweak

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-06-03 15:33:12 -05:00
8c02b25677 website/docs: finalize release notes for 2025.6 (#14854)
* remove internal changes from release notes

* add late additions to release notes

* remove release candidate notice from `2025.6`

* rotate supported versions

* rotate releases in sidebar

* Revert "rotate supported versions"

This reverts commit eea9d03e1d.

I'd like to do the release tonight, but I can't merge this because it
needs a review from @teams/security. I'll open a separate PR for it.
2025-06-03 21:55:29 +02:00
160f137707 providers/rac: apply ConnectionToken scoped-settings last (#14838)
* providers/rac: apply ConnectionToken scoped-settings last

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-03 20:23:37 +02:00
52c35fab06 lib/sync: fix static incorrect label of pages (#14851)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-03 20:22:50 +02:00
69a07c1c88 website/docs: Add FIDO2 references to the documentation (#14826)
* Add FIDO2 references to the documentation

* Update website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

---------

Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-03 18:36:15 +02:00
691a0d66ee website/docs: add LDAP docs for forward deletion and memberUid (#14814)
* website/docs: add LDAP docs for forward deletion and `memberUid`

* reword LDAP docs

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>

---------

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-06-03 17:44:32 +02:00
3f4328bf2a stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#14801)
* stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* replace removed device type in tests

Android Authenticator with SafetyNet Attestation was removed from
blob.jwt in the previous commit

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
2025-06-03 15:36:42 +00:00
b945552b7c core: bump structlog from 25.3.0 to 25.4.0 (#14834)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-03 15:16:17 +02:00
5347b85c9f web: bump tar-fs from 3.0.8 to 3.0.9 in /web (#14836)
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 3.0.8 to 3.0.9.
- [Commits](https://github.com/mafintosh/tar-fs/compare/v3.0.8...v3.0.9)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-version: 3.0.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-03 13:55:27 +02:00
fb2401cf9e website/integrations: Update Zammad SAML Instructions (#14774)
* Update Zammad SAML Instructions

I just configured Zammad 6.4.1 to work with Authentik 2025.4.1. There seem to have been some changes since these instructions were written. The Name ID Format cannot be left blank. The SSO URL and the logout URL were incorrect. I was getting an Error 422 from Zammad until I turned on signing assertions, so I conclude that is required and I wrote instructions for that. I saw some discussion online elsewhere that the `----BEGIN` and `---END` lines should be removed. I tested it both ways and it worked both ways. I wrote the instructions to keep those lines in because it seemed simplest and most intuitive.

Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Incorporate separate instructions for certificate file

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Incorporate simplified copy/paste instructions

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Incoporate formatting change

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Incorporate formatting changes

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Removed reference to custom properties

* Capitalisation

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Formatting

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Formatting

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Updated language

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Update website/integrations/services/zammad/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* Update website/integrations/services/zammad/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>

* tweak to bump build

* bump build

* use bold font for UI labels

* my typo

* capitalization fix

---------

Signed-off-by: Paco Hope <pacohope@users.noreply.github.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-06-02 14:20:28 -05:00
b161315811 website/integrations: remove trailing slash from budibase redirect (#14823)
Removes trailing slash from redirect
2025-06-02 18:41:45 +01:00
0fa2267b86 remove fluff from release notes 2025.6 (#14819)
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-06-02 17:12:08 +02:00
4bbdddb876 web: bump @sentry/browser from 9.22.0 to 9.23.0 in /web in the sentry group across 1 directory (#14776)
web: bump @sentry/browser in /web in the sentry group across 1 directory

Bumps the sentry group with 1 update in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 9.22.0 to 9.23.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/9.22.0...9.23.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 9.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:16:08 +02:00
bca9c0965e website: bump postcss from 8.5.3 to 8.5.4 in /website (#14787)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.3 to 8.5.4.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.3...8.5.4)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:15:53 +02:00
dd58b5044e web: bump the esbuild group across 2 directories with 4 updates (#14711)
Bumps the esbuild group with 1 update in the /web directory: [esbuild](https://github.com/evanw/esbuild).
Bumps the esbuild group with 1 update in the /web/packages/esbuild-plugin-live-reload directory: [esbuild](https://github.com/evanw/esbuild).


Updates `esbuild` from 0.25.4 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.4...v0.25.5)

Updates `@esbuild/darwin-arm64` from 0.25.4 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.4...v0.25.5)

Updates `@esbuild/linux-arm64` from 0.25.4 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.4...v0.25.5)

Updates `@esbuild/linux-x64` from 0.25.4 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.4...v0.25.5)

Updates `esbuild` from 0.25.4 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.4...v0.25.5)

Updates `@esbuild/darwin-arm64` from 0.25.4 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.4...v0.25.5)

Updates `@esbuild/linux-arm64` from 0.25.4 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.4...v0.25.5)

Updates `@esbuild/linux-x64` from 0.25.4 to 0.25.5
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.4...v0.25.5)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.25.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: esbuild
- dependency-name: "@esbuild/darwin-arm64"
  dependency-version: 0.25.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: esbuild
- dependency-name: "@esbuild/linux-arm64"
  dependency-version: 0.25.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: esbuild
- dependency-name: "@esbuild/linux-x64"
  dependency-version: 0.25.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: esbuild
- dependency-name: esbuild
  dependency-version: 0.25.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: esbuild
- dependency-name: "@esbuild/darwin-arm64"
  dependency-version: 0.25.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: esbuild
- dependency-name: "@esbuild/linux-arm64"
  dependency-version: 0.25.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: esbuild
- dependency-name: "@esbuild/linux-x64"
  dependency-version: 0.25.5
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: esbuild
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:15:34 +02:00
c4f081cb68 core: bump github.com/redis/go-redis/v9 from 9.8.0 to 9.9.0 (#14733)
Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.8.0 to 9.9.0.
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/go-redis/compare/v9.8.0...v9.9.0)

---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:14:55 +02:00
59aad31459 core: bump twilio from 9.6.1 to 9.6.2 (#14789)
Bumps [twilio](https://github.com/twilio/twilio-python) from 9.6.1 to 9.6.2.
- [Release notes](https://github.com/twilio/twilio-python/releases)
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md)
- [Commits](https://github.com/twilio/twilio-python/compare/9.6.1...9.6.2)

---
updated-dependencies:
- dependency-name: twilio
  dependency-version: 9.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:14:41 +02:00
de9db3cb83 website: bump @types/node from 22.15.21 to 22.15.29 in /website (#14808)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.15.21 to 22.15.29.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 22.15.29
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:13:27 +02:00
24eb5fcda9 core: bump astral-sh/uv from 0.7.8 to 0.7.9 (#14806)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.8 to 0.7.9.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.8...0.7.9)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:13:17 +02:00
556ae6a5cb core: bump uvicorn[standard] from 0.34.2 to 0.34.3 (#14811)
Bumps [uvicorn[standard]](https://github.com/encode/uvicorn) from 0.34.2 to 0.34.3.
- [Release notes](https://github.com/encode/uvicorn/releases)
- [Changelog](https://github.com/encode/uvicorn/blob/master/docs/release-notes.md)
- [Commits](https://github.com/encode/uvicorn/compare/0.34.2...0.34.3)

---
updated-dependencies:
- dependency-name: uvicorn[standard]
  dependency-version: 0.34.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:13:06 +02:00
a479d9c1d8 core: bump goauthentik.io/api/v3 from 3.2025041.2 to 3.2025041.4 (#14809)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025041.2 to 3.2025041.4.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025041.2...v3.2025041.4)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025041.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:12:53 +02:00
b8bb969ee7 lifecycle/aws: bump aws-cdk from 2.1016.1 to 2.1017.1 in /lifecycle/aws (#14810)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1016.1 to 2.1017.1.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1017.1/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1017.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:12:46 +02:00
7d361e4734 core: bump celery from 5.5.2 to 5.5.3 (#14812)
Bumps [celery](https://github.com/celery/celery) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/celery/celery/releases)
- [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst)
- [Commits](https://github.com/celery/celery/compare/v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: celery
  dependency-version: 5.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:12:34 +02:00
dc7c7686a3 web: bump the eslint group across 2 directories with 5 updates (#14813)
Bumps the eslint group with 2 updates in the /packages/eslint-config directory: [eslint](https://github.com/eslint/eslint) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).
Bumps the eslint group with 2 updates in the /web directory: [eslint](https://github.com/eslint/eslint) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `eslint` from 9.27.0 to 9.28.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.27.0...v9.28.0)

Updates `typescript-eslint` from 8.32.1 to 8.33.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.0/packages/typescript-eslint)

Updates `@eslint/js` from 9.27.0 to 9.28.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.28.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.32.1 to 8.33.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.32.1 to 8.33.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.0/packages/parser)

Updates `eslint` from 9.27.0 to 9.28.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.27.0...v9.28.0)

Updates `typescript-eslint` from 8.32.1 to 8.33.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.0/packages/typescript-eslint)

Updates `eslint` from 9.27.0 to 9.28.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.27.0...v9.28.0)

Updates `typescript-eslint` from 8.32.1 to 8.33.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.0/packages/typescript-eslint)

Updates `@eslint/js` from 9.27.0 to 9.28.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.28.0/packages/js)

Updates `@typescript-eslint/eslint-plugin` from 8.32.1 to 8.33.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.32.1 to 8.33.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.0/packages/parser)

Updates `eslint` from 9.27.0 to 9.28.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.27.0...v9.28.0)

Updates `typescript-eslint` from 8.32.1 to 8.33.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@eslint/js"
  dependency-version: 9.28.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.33.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.33.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint
  dependency-version: 9.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint
  dependency-version: 9.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@eslint/js"
  dependency-version: 9.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: eslint
  dependency-version: 9.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: typescript-eslint
  dependency-version: 8.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-02 14:12:26 +02:00
94b4977397 website/integrations: update cloudflare access callback url (#14807)
Update CLoudflare Access index.md

The callback URL had a trailing / that breaks the callback URL being matched by a strict policy.

Signed-off-by: terafirmanz <53923271+terafirmanz@users.noreply.github.com>
2025-06-02 08:44:27 +00:00
7f822e1cb7 core, web: update translations (#14800)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-06-02 02:43:38 +02:00
fb3ec1f38b web: minor design tweaks (#14803)
* fix spacing between header and page desc

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix icon alignment

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fallback text when we dont have a user yet

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-01 21:01:43 +02:00
87505517ee website/docs: add more to style guide (#14797)
* lists and variables

* lists and variables

* tweaks

* kens edit

---------

Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-05-30 18:57:56 -05:00
4c5fe84f92 website: release notes for 2025.6 (#14703)
* release notes for 2025.6: first pass

* release notes for 2025.6: second pass

* list new integration docs

* reword LDAP forward deletions

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>

* fix typo

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>

* add Komodo

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>

* don't do sidebar stuff just yet

whoops

* generate boilerplate

* release notes for 2025.6: third pass

* add CloudFormation

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>

---------

Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-31 00:12:12 +02:00
5faa224c81 docs/troubleshooting: cleanup upgrade instructions for postgres k8s (#14773)
* docs/troubleshooting: cleanup upgrade instructions for postgres k8s

* website/troubleshooting: upgrade pg on k8s: use lowercase for headers

* Update website/docs/troubleshooting/postgres/upgrade_kubernetes.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/troubleshooting/postgres/upgrade_kubernetes.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/troubleshooting/postgres/upgrade_kubernetes.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/troubleshooting/postgres/upgrade_kubernetes.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/troubleshooting/postgres/upgrade_kubernetes.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/troubleshooting/postgres/upgrade_kubernetes.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/troubleshooting/postgres/upgrade_kubernetes.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* bump build

* tweak

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-05-30 14:06:00 -05:00
736da3abef providers/scim: allow for specifying custom SCIM schemas for users and groups (#14794)
* providers/scim: allow for specifying custom SCIM schemas for users and groups

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

* fix broken tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
2025-05-30 20:08:28 +02:00
52d90f8d3b website/docs: Change wording in the upgrade guidelines (#14793)
* Change wording in the upgrade guidelines

* Update website/docs/install-config/upgrade.mdx

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* fix linting

---------

Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
2025-05-30 19:47:47 +02:00
7b812de977 web: bump API Client version (#14795)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-30 19:19:58 +02:00
a4bd2cc263 website/integrations: add komodo (#14790)
* Add doc and update sidebar

* WIP

* Finished Komodo configuration steps

* Applied suggestions from Dominic

* Missing indentation

* Update website/integrations/services/komodo/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Applied Tana's suggestions

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-05-30 17:10:03 +00:00
14038ba8d2 website/docs: configuration: remove deprecated key for session storage location (#14431)
* website/docs: configuration: remove deprecated key for session storage location

Signed-off-by: Dominic R <dominic@sdko.org>

* Update default.yml

Signed-off-by: Dominic R <dominic@sdko.org>

* cve fix

Signed-off-by: Dominic R <dominic@sdko.org>

* Update CVE-2025-29928.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* add

* Update website/docs/security/cves/CVE-2025-29928.md

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/security/cves/CVE-2025-29928.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/install-config/configuration/configuration.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/install-config/configuration/configuration.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/security/cves/CVE-2025-29928.md

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/security/cves/CVE-2025-29928.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/security/cves/CVE-2025-29928.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/security/cves/CVE-2025-29928.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* bump build

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-05-30 12:05:04 -05:00
eaff59b6b0 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#14780)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-30 18:43:10 +02:00
cb702ca07a translate: Updates for file web/xliff/en.xlf in zh_CN (#14781)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-30 18:42:49 +02:00
cb0bfb0dad translate: Updates for file web/xliff/en.xlf in zh-Hans (#14782)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-30 18:42:35 +02:00
bf46d5c916 stages/user_login: remove success message (#13775) 2025-05-30 16:38:44 +00:00
59e686c8b9 sources/ldap: add user_membership_attribute (#14784) 2025-05-30 18:34:13 +02:00
9e736f2838 website: use "administrator" instead of "admin" for Admin interface (#14771)
* website: use "administrator" instead of "admin" for Admin interface

* website: some manual touches

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-30 09:29:30 -05:00
c2dd3d9c1b website/docs: update user ref doc with parent group example (#14779)
* Adds example

* Update website/docs/users-sources/user/user_ref.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Small updates

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-30 08:45:33 -05:00
42302d3187 core: Migrate permissions before deleteing OldAuthenticatedSession (#14788)
* add migrate_permissions_before_delete to authentik_core 0047 migration

* fix linting

* new approach

* fixup! new approach

---------

Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
2025-05-30 15:43:45 +02:00
20ccabf3ec web: Fix issue where dual select type is not specific. (#14783) 2025-05-30 11:30:47 +02:00
8f939fa577 website: fix incorrect usage of "login to" + "log into" vs "log in to" (#14772) 2025-05-29 09:23:19 -05:00
2519bcef89 website/integrations: move resource section to end of documents (#14668)
Moves the resource section to the end of each document

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
2025-05-29 12:42:48 +01:00
3e3615a859 website/docs: add docs for MTLS Stage (#14571)
* website/docs: add docs for MTLS Stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* update brand docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove code changes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* reword

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/docs/add-secure-apps/flows-stages/stages/mtls/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/add-secure-apps/flows-stages/stages/mtls/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-28 19:34:58 +00:00
79e82c8dc9 website/integrations: add pangolin (#14614)
* Adds pangolin integration doc and updates the integrations sidebar.

* Added pangolin instructions

* Applied fixes based on review

* Fixed signing key line

* Added missing .

* Missing .

* Update website/integrations/services/pangolin/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/pangolin/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/pangolin/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/pangolin/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/pangolin/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/pangolin/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/pangolin/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/pangolin/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/pangolin/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-28 14:01:53 -05:00
ccd4432e1f website/integrations: add filerise (#14610)
* Added filerise doc and updated integrations sidebar

* WIP

* Completed filerise instructions

* Minor wording fixes

* Applied suggestions from Dominic

* Clarified admin icon step.

* Update website/integrations/services/filerise/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/filerise/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Missing .

* Update website/integrations/services/filerise/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/filerise/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-28 14:00:03 -05:00
b3137f5307 website/docs: spell out administrator in service template (#14770)
* spell out administrator

* tweak to bump build checks

---------

Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-05-28 13:26:41 -05:00
2591ed9840 web/flows: update default flow background (#14769)
* web/flows: update default flow background

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Optimised images with calibre/image-actions

* update image

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Optimised images with calibre/image-actions

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-28 19:05:36 +02:00
b3e89ef570 website/integrations: add stripe (#14618)
* Adds almost completed Stripe integration doc and updated integration sidebar

* Minor update to Stripe config section

* Added stripe instructions

* Typo

* Typo

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/stripe/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/stripe/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/stripe/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/stripe/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-28 11:29:25 -05:00
45b48c5cd6 core, web: update translations (#14766)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-28 13:57:15 +00:00
1eefd834fc web: fix lock file once again yay JS (#14765) 2025-05-28 15:22:52 +02:00
4cc6ed97c5 translate: Updates for file web/xliff/en.xlf in tr [Manual Sync] (#14745)
Translate web/xliff/en.xlf in tr [Manual Sync]

89% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'tr'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 15:22:14 +02:00
bb55d9b3de translate: Updates for file locale/en/LC_MESSAGES/django.po in pt_PT [Manual Sync] (#14764)
Translate django.po in pt_PT [Manual Sync]

60% of minimum 60% translated source file: 'django.po'
on 'pt_PT'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 13:16:20 +00:00
3972afb865 translate: Updates for file locale/en/LC_MESSAGES/django.po in es [Manual Sync] (#14748)
Translate django.po in es [Manual Sync]

92% of minimum 60% translated source file: 'django.po'
on 'es'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 13:15:13 +00:00
04a013cc1b translate: Updates for file locale/en/LC_MESSAGES/django.po in pt_BR [Manual Sync] (#14750)
Translate django.po in pt_BR [Manual Sync]

75% of minimum 60% translated source file: 'django.po'
on 'pt_BR'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 13:10:28 +00:00
fb396f7737 translate: Updates for file web/xliff/en.xlf in it [Manual Sync] (#14744)
Translate web/xliff/en.xlf in it [Manual Sync]

99% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'it'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:50:23 +00:00
cf120ff3ff translate: Updates for file locale/en/LC_MESSAGES/django.po in pt [Manual Sync] (#14761)
Translate django.po in pt [Manual Sync]

98% of minimum 60% translated source file: 'django.po'
on 'pt'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:40:50 +00:00
3e4923d52e translate: Updates for file locale/en/LC_MESSAGES/django.po in ru [Manual Sync] (#14763)
Translate django.po in ru [Manual Sync]

87% of minimum 60% translated source file: 'django.po'
on 'ru'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:40:04 +00:00
01793088f0 translate: Updates for file locale/en/LC_MESSAGES/django.po in nl [Manual Sync] (#14760)
Translate django.po in nl [Manual Sync]

78% of minimum 60% translated source file: 'django.po'
on 'nl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:39:28 +00:00
e2bf2ec2cc translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_TW [Manual Sync] (#14756)
Translate django.po in zh_TW [Manual Sync]

77% of minimum 60% translated source file: 'django.po'
on 'zh_TW'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:38:49 +00:00
4dfbe28709 translate: Updates for file locale/en/LC_MESSAGES/django.po in fi [Manual Sync] (#14758)
Translate django.po in fi [Manual Sync]

91% of minimum 60% translated source file: 'django.po'
on 'fi'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:38:08 +00:00
b2021a7191 translate: Updates for file web/xliff/en.xlf in zh_CN [Manual Sync] (#14752)
Translate web/xliff/en.xlf in zh_CN [Manual Sync]

99% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:37:55 +00:00
81e5fb0c18 translate: Updates for file web/xliff/en.xlf in ru [Manual Sync] (#14751)
Translate web/xliff/en.xlf in ru [Manual Sync]

88% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'ru'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:37:49 +00:00
a2a2d940a8 translate: Updates for file web/xliff/en.xlf in cs_CZ [Manual Sync] (#14754)
Translate web/xliff/en.xlf in cs_CZ [Manual Sync]

60% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'cs_CZ'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:37:34 +00:00
c034930219 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN [Manual Sync] (#14762)
Translate django.po in zh_CN [Manual Sync]

99% of minimum 60% translated source file: 'django.po'
on 'zh_CN'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:37:02 +00:00
da3dc51d87 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans [Manual Sync] (#14757)
Translate django.po in zh-Hans [Manual Sync]

99% of minimum 60% translated source file: 'django.po'
on 'zh-Hans'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:36:27 +00:00
d217a39513 translate: Updates for file locale/en/LC_MESSAGES/django.po in it [Manual Sync] (#14759)
Translate django.po in it [Manual Sync]

98% of minimum 60% translated source file: 'django.po'
on 'it'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:34:42 +00:00
7729a9317c translate: Updates for file locale/en/LC_MESSAGES/django.po in tr [Manual Sync] (#14755)
Translate django.po in tr [Manual Sync]

88% of minimum 60% translated source file: 'django.po'
on 'tr'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:33:28 +00:00
be5f5dd3f0 translate: Updates for file locale/en/LC_MESSAGES/django.po in de [Manual Sync] (#14753)
Translate django.po in de [Manual Sync]

95% of minimum 60% translated source file: 'django.po'
on 'de'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:32:45 +00:00
bed8d5da4b translate: Updates for file web/xliff/en.xlf in zh-Hans [Manual Sync] (#14746)
Translate en.xlf in zh-Hans [Manual Sync]

99% of minimum 60% translated source file: 'en.xlf'
on 'zh-Hans'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:31:11 +00:00
4f70f84e80 translate: Updates for file locale/en/LC_MESSAGES/django.po in ko [Manual Sync] (#14749)
Translate django.po in ko [Manual Sync]

65% of minimum 60% translated source file: 'django.po'
on 'ko'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:30:55 +00:00
97b8551866 translate: Updates for file web/xliff/en.xlf in fi [Manual Sync] (#14742)
Translate web/xliff/en.xlf in fi [Manual Sync]

93% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'fi'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:29:45 +00:00
9a0b67e700 translate: Updates for file web/xliff/en.xlf in zh_TW [Manual Sync] (#14747)
Translate web/xliff/en.xlf in zh_TW [Manual Sync]

70% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'zh_TW'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:28:51 +00:00
97e4c89cec translate: Updates for file web/xliff/en.xlf in nl [Manual Sync] (#14743)
Translate web/xliff/en.xlf in nl [Manual Sync]

66% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'nl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:28:28 +00:00
65aedde8f7 translate: Updates for file web/xliff/en.xlf in pl [Manual Sync] (#14740)
Translate web/xliff/en.xlf in pl [Manual Sync]

84% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'pl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:28:09 +00:00
17450f23bf translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#14738)
* Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

* Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:27:51 +00:00
ab3ad6b7fd translate: Updates for file web/xliff/en.xlf in fr [Manual Sync] (#14739)
Translate web/xliff/en.xlf in fr [Manual Sync]

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:27:35 +00:00
45bc3cbd41 translate: Updates for file web/xliff/en.xlf in de [Manual Sync] (#14741)
Translate web/xliff/en.xlf in de [Manual Sync]

71% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'de'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-28 12:27:15 +00:00
9c1bcac6af web: bump API Client version (#14736)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-28 12:23:48 +00:00
0a133265c5 core, web: update translations (#14737)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-28 11:50:02 +00:00
57f25a97c9 providers/ldap: retain binder and update users instead of re-creating (#14735)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-28 13:43:35 +02:00
8f32242787 ESBuild Plugin: Setup and usage docs. (#14720)
* Prep readme for Typedoc. Clean up metadata.

* Add license.

* Ignore generated readme.

* Flesh out TypeDoc.

* Flesh out copy, usage.

* web: Update package-lock.
2025-05-28 11:35:53 +00:00
c4bb19051d sources/ldap: add forward deletion option (#14718)
* sources/ldap: add forward deletion option

* remove unnecessary `blank=True`

* clarify `validated_by` `help_text`

* add indices to `validated_by`

* factor out `get_identifier` everywhere and `get_attributes`

I don't know what that additional `in` check is for, but I'm not about
to find out.

* add tests for known good user and group

* fixup! add tests for known good user and group

* fixup! add tests for known good user and group
2025-05-28 13:22:59 +02:00
10f4fae711 stages/email: fix email scanner voiding token (#14325)
* stages/email: fix email scanner voiding flow token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* misc

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve consent stage error handling and testing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* draw the rest of the owl

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add e2e test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* idk why this is broken now?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix other e2e test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix the other test too

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-28 13:09:30 +02:00
2d9eab3f60 web/admin: fix permissions modal button missing for PolicyBindings and FlowStageBindings (#14619)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
2025-05-28 13:08:18 +02:00
fa66195619 web: Controller refinements, error handling (#14700)
* web: Partial fix for issue where config is not consistently available.

* web: Fix issues surrounding controller readiness.

* web: Catch abort errors when originating when wrapped by OpenAPI or Sentry.

* web: Fix color on dark mode.

---------

Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
2025-05-28 07:08:09 -04:00
134eb126b6 web: Add specific Storybook dependency. (#14719)
Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
2025-05-28 07:08:01 -04:00
f5a6136a58 web/NPM Workspaces: TypeScript API Client TSConfig. (#14555)
web: Use consistent TSConfig.
2025-05-28 07:07:52 -04:00
1a82dfcd61 web: bump core-js from 3.38.1 to 3.42.0 in /web (#14715)
Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.38.1 to 3.42.0.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.42.0/packages/core-js)

---
updated-dependencies:
- dependency-name: core-js
  dependency-version: 3.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-28 12:28:37 +02:00
61fc1dc1fb web: fix lock file once again yay JS (#14721)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-28 01:35:11 +02:00
1f921cc18e ci: fix broken cache (#14725)
* ci: fix broken cache

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix commit hash

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-28 01:06:49 +02:00
2f94ee3f1f core: bump msgraph-sdk from 1.30.0 to 1.31.0 (#14585)
Bumps [msgraph-sdk](https://github.com/microsoftgraph/msgraph-sdk-python) from 1.30.0 to 1.31.0.
- [Release notes](https://github.com/microsoftgraph/msgraph-sdk-python/releases)
- [Changelog](https://github.com/microsoftgraph/msgraph-sdk-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/microsoftgraph/msgraph-sdk-python/compare/v1.30.0...v1.31.0)

---
updated-dependencies:
- dependency-name: msgraph-sdk
  dependency-version: 1.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-27 19:55:12 +02:00
154fba12e0 website/docs: add login page source note to all source docs (#14667)
* Updates all source documents with note on how to add source to login page

* Updated the wording on the guide itself

* Updated wording on notes

* Fixes capitalization on header

* Fixed broken links in google docs
2025-05-27 12:31:23 -05:00
0d18c1d797 web: fix regression in subpath support (#14646)
* web: fix regression in subpath support, part 1

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix media path in subpath

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-27 18:42:47 +02:00
e905dd52d8 lib/sync/outgoing: sync in parallel (#14697)
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-27 15:26:43 +02:00
245126a1c3 core, web: update translations (#14707)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-05-27 11:32:31 +00:00
15d84d30ba tests/e2e: fix flaky SAML Source test (#14708) 2025-05-27 13:18:03 +02:00
c6333f9e19 web: fix lock (#14705)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-27 03:28:56 +02:00
56565b0895 Update packages-npm-publish.yml (#14702)
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
2025-05-26 16:20:58 +00:00
cbbc7c1825 website/integrations: coder: fix typo (#14514)
Signed-off-by: Dominic R <dominic@sdko.org>
2025-05-26 17:23:17 +02:00
908aaa5afa ci: Update packages-npm-publish.yml (#14701)
Update packages-npm-publish.yml

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
2025-05-26 15:10:47 +00:00
937342eab1 web: bump the swc group across 2 directories with 12 updates (#14623)
Bumps the swc group with 2 updates in the /web directory: [@swc/cli](https://github.com/swc-project/pkgs) and [@swc/core](https://github.com/swc-project/swc).
Bumps the swc group with 1 update in the /web/packages/sfe directory: [@swc/cli](https://github.com/swc-project/pkgs).


Updates `@swc/cli` from 0.4.0 to 0.7.7
- [Commits](https://github.com/swc-project/pkgs/commits)

Updates `@swc/core` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-darwin-arm64` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-darwin-x64` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-arm-gnueabihf` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-arm64-gnu` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-arm64-musl` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-x64-gnu` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-x64-musl` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-win32-arm64-msvc` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-win32-ia32-msvc` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-win32-x64-msvc` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-darwin-arm64` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-darwin-x64` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-arm-gnueabihf` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-arm64-gnu` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-arm64-musl` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-x64-gnu` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-linux-x64-musl` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-win32-arm64-msvc` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-win32-ia32-msvc` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/core-win32-x64-msvc` from 1.7.28 to 1.11.29
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.28...v1.11.29)

Updates `@swc/cli` from 0.4.0 to 0.7.7
- [Commits](https://github.com/swc-project/pkgs/commits)

---
updated-dependencies:
- dependency-name: "@swc/cli"
  dependency-version: 0.7.7
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-darwin-x64"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-arm-gnueabihf"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-arm64-musl"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-x64-musl"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-win32-arm64-msvc"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-win32-ia32-msvc"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-win32-x64-msvc"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-darwin-x64"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-arm-gnueabihf"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-arm64-musl"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-linux-x64-musl"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-win32-arm64-msvc"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-win32-ia32-msvc"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/core-win32-x64-msvc"
  dependency-version: 1.11.29
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: swc
- dependency-name: "@swc/cli"
  dependency-version: 0.7.7
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: swc
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 16:22:43 +02:00
82823a7449 web: Use engine available on Github Actions. (#14699) 2025-05-26 16:02:57 +02:00
ad50f14a3e web: bump the rollup group across 1 directory with 4 updates (#14682)
Bumps the rollup group with 4 updates in the /web directory: [@rollup/rollup-darwin-arm64](https://github.com/rollup/rollup), [@rollup/rollup-linux-arm64-gnu](https://github.com/rollup/rollup), [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) and [rollup](https://github.com/rollup/rollup).


Updates `@rollup/rollup-darwin-arm64` from 4.41.0 to 4.41.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.41.0...v4.41.1)

Updates `@rollup/rollup-linux-arm64-gnu` from 4.41.0 to 4.41.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.41.0...v4.41.1)

Updates `@rollup/rollup-linux-x64-gnu` from 4.41.0 to 4.41.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.41.0...v4.41.1)

Updates `rollup` from 4.41.0 to 4.41.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.41.0...v4.41.1)

---
updated-dependencies:
- dependency-name: "@rollup/rollup-darwin-arm64"
  dependency-version: 4.41.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rollup
- dependency-name: "@rollup/rollup-linux-arm64-gnu"
  dependency-version: 4.41.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rollup
- dependency-name: "@rollup/rollup-linux-x64-gnu"
  dependency-version: 4.41.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rollup
- dependency-name: rollup
  dependency-version: 4.41.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rollup
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 16:02:38 +02:00
e0cf6128df ci: test with postgres 17 (#13967) 2025-05-26 13:55:34 +00:00
bfbe8b8038 web: bump knip from 5.33.0 to 5.58.0 in /web (#14685)
Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) from 5.33.0 to 5.58.0.
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Changelog](https://github.com/webpro-nl/knip/blob/main/packages/knip/.release-it.json)
- [Commits](https://github.com/webpro-nl/knip/commits/5.58.0/packages/knip)

---
updated-dependencies:
- dependency-name: knip
  dependency-version: 5.58.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 15:06:28 +02:00
36ba8bc4e7 web: bump fuse.js from 7.0.0 to 7.1.0 in /web (#14687)
Bumps [fuse.js](https://github.com/krisk/Fuse) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/krisk/Fuse/releases)
- [Changelog](https://github.com/krisk/Fuse/blob/main/CHANGELOG.md)
- [Commits](https://github.com/krisk/Fuse/compare/v7.0.0...v7.1.0)

---
updated-dependencies:
- dependency-name: fuse.js
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 15:06:17 +02:00
dd5edf7fd9 web: bump @formatjs/intl-listformat from 7.5.7 to 7.7.11 in /web (#14689)
Bumps [@formatjs/intl-listformat](https://github.com/formatjs/formatjs) from 7.5.7 to 7.7.11.
- [Release notes](https://github.com/formatjs/formatjs/releases)
- [Commits](https://github.com/formatjs/formatjs/compare/@formatjs/intl-listformat@7.5.7...@formatjs/intl-listformat@7.7.11)

---
updated-dependencies:
- dependency-name: "@formatjs/intl-listformat"
  dependency-version: 7.7.11
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 15:06:07 +02:00
da1b252f3b root: do not use /bin/bash directly (#14698) 2025-05-26 14:38:29 +02:00
a8e543972a website/integrations: minio: notice about sso deprecation on CE (#14679)
* website/integrations: minio: notice about sso deprecation on CE

Starting with RELEASE.2025-05-24T17-08-30Z, MinIO has limited SSO support to their enterprise edition. This pr adds a warning to inform users and recommends sticking with earlier versions to retain SSO functionality.


Signed-off-by: Dominic R <dominic@sdko.org>

* sugg

Signed-off-by: Dominic R <dominic@sdko.org>

* tweak

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-05-26 07:37:49 -05:00
6e03045d1f core: bump cryptography from 44.0.3 to 45.0.3 (#14690)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 12:37:44 +00:00
f4b39e7465 core: bump django-tenants from 3.7.0 to 3.8.0 (#14691)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 12:36:49 +00:00
e7cd5880b5 core: bump astral-sh/uv from 0.7.7 to 0.7.8 (#14681)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 12:26:25 +00:00
d8c6a2417d core: bump axllent/mailpit from v1.25.0 to v1.25.1 in /tests/e2e (#14693)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 14:25:34 +02:00
a1fe471a59 core: Publish web packages. (#14648) 2025-05-26 08:25:20 -04:00
054dfda73f website/integrations: add push security (#14429)
* Updates integrations sidebar and adds push security doc. WIP

* Partially added push instructions

* Added final instructions

* Fixed broken link

* Added few lines and changed formatting.

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Added note about login from push login URL, and added suggestions from Dominic

* Applied suggestions from Dominic

* Fixed verification cert line

* Added note to recommend users follow the extra verificaton step

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/push-security/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/push-security/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/push-security/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/push-security/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/push-security/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/push-security/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/push-security/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/push-security/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* moved resouces section to end of document

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-26 07:23:40 -05:00
2e5e8f5c58 docs: fix typos in developer and user documentation (#14680) 2025-05-26 11:51:17 +00:00
c28b65a3f2 Web: Controllers cleanup (#14616)
* web: Fix issues surrounding availability of controllers during init.

web: Fix edgecase where flow does not have brand.

* web: Fix import path.

* web: Clean up mixin/controller paths.

* web: Prepare for consistent import styling.

- Prep for Storybook fixes.

* web: Update MDX types.

* web: Fix issues surrounding async imports, MDX typing, relative paths.

* web: Format. Clarify.

* web: Group module types.
2025-05-26 07:06:14 -04:00
afc9847e36 website: Fix issue where OpenAPI docs template generates semi-synthet… (#14674)
* website: Fix issue where OpenAPI docs template generates semi-synthetic title.

* website: Clarify linter behavior. Tidy components.
2025-05-26 10:50:45 +00:00
620c95dfa1 web: bump the goauthentik group across 4 directories with 3 updates (#14640)
Bumps the goauthentik group with 1 update in the /packages/docusaurus-config directory: @goauthentik/prettier-config.
Bumps the goauthentik group with 2 updates in the /packages/eslint-config directory: @goauthentik/prettier-config and @goauthentik/tsconfig.
Bumps the goauthentik group with 1 update in the /packages/prettier-config directory: @goauthentik/tsconfig.
Bumps the goauthentik group with 2 updates in the /web directory: @goauthentik/prettier-config and @goauthentik/eslint-config.


Updates `@goauthentik/prettier-config` from 1.0.4 to 1.0.5

Updates `@goauthentik/prettier-config` from 1.0.1 to 1.0.5

Updates `@goauthentik/tsconfig` from 1.0.1 to 1.0.4

Updates `@goauthentik/tsconfig` from 1.0.1 to 1.0.4

Updates `@goauthentik/prettier-config` from 1.0.4 to 1.0.5

Updates `@goauthentik/eslint-config` from 1.0.4 to 1.0.5

---
updated-dependencies:
- dependency-name: "@goauthentik/prettier-config"
  dependency-version: 1.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: goauthentik
- dependency-name: "@goauthentik/prettier-config"
  dependency-version: 1.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: goauthentik
- dependency-name: "@goauthentik/tsconfig"
  dependency-version: 1.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: goauthentik
- dependency-name: "@goauthentik/tsconfig"
  dependency-version: 1.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: goauthentik
- dependency-name: "@goauthentik/prettier-config"
  dependency-version: 1.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: goauthentik
- dependency-name: "@goauthentik/eslint-config"
  dependency-version: 1.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: goauthentik
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-26 03:52:23 +02:00
15c7a0a9be core, web: update translations (#14676)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-26 00:30:51 +02:00
5fed8ca575 web: Type Tidy (#14647)
* web: Update Sentry types.

* web: Update MDX types.

* web: Format. Remove unused script.

* web: Clean up test types.

* web: Fix label in dark mode.
2025-05-23 17:31:59 +02:00
f471ddfb29 core: bump pydantic from 2.11.4 to 2.11.5 (#14652)
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.11.4 to 2.11.5.
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/v2.11.5/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.11.4...v2.11.5)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-version: 2.11.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 17:24:55 +02:00
1b1f06c9f7 core: bump google-api-python-client from 2.169.0 to 2.170.0 (#14653)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.169.0 to 2.170.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.169.0...v2.170.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-version: 2.170.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 17:24:42 +02:00
67c31a8ac3 sources/scim: fix all users being added to group when no members are given (#14645)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-23 13:57:50 +02:00
638180d246 web: bump @codemirror/lang-javascript from 6.2.2 to 6.2.4 in /web (#14657)
Bumps [@codemirror/lang-javascript](https://github.com/codemirror/lang-javascript) from 6.2.2 to 6.2.4.
- [Changelog](https://github.com/codemirror/lang-javascript/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codemirror/lang-javascript/compare/6.2.2...6.2.4)

---
updated-dependencies:
- dependency-name: "@codemirror/lang-javascript"
  dependency-version: 6.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 13:51:48 +02:00
a3be1bbb57 web: bump @types/node from 22.15.19 to 22.15.21 in /web (#14660)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.15.19 to 22.15.21.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 22.15.21
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 13:51:31 +02:00
fbd0ba2865 core: bump astral-sh/uv from 0.7.6 to 0.7.7 (#14651)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.6 to 0.7.7.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.6...0.7.7)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 13:51:15 +02:00
182ad912cb web: bump wireit from 0.14.9 to 0.14.12 in /web (#14656)
Bumps [wireit](https://github.com/google/wireit) from 0.14.9 to 0.14.12.
- [Changelog](https://github.com/google/wireit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/wireit/compare/v0.14.9...v0.14.12)

---
updated-dependencies:
- dependency-name: wireit
  dependency-version: 0.14.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 13:50:19 +02:00
e850b2ba1a web: bump country-flag-icons from 1.5.13 to 1.5.19 in /web (#14659)
Bumps [country-flag-icons](https://gitlab.com/catamphetamine/country-flag-icons) from 1.5.13 to 1.5.19.
- [Changelog](https://gitlab.com/catamphetamine/country-flag-icons/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/country-flag-icons/compare/v1.5.13...v1.5.19)

---
updated-dependencies:
- dependency-name: country-flag-icons
  dependency-version: 1.5.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 13:49:50 +02:00
b4ce7f9ab0 web: bump @trivago/prettier-plugin-sort-imports from 4.3.0 to 5.2.2 in /web (#14661)
web: bump @trivago/prettier-plugin-sort-imports in /web

Bumps [@trivago/prettier-plugin-sort-imports](https://github.com/trivago/prettier-plugin-sort-imports) from 4.3.0 to 5.2.2.
- [Release notes](https://github.com/trivago/prettier-plugin-sort-imports/releases)
- [Changelog](https://github.com/trivago/prettier-plugin-sort-imports/blob/main/CHANGELOG.md)
- [Commits](https://github.com/trivago/prettier-plugin-sort-imports/compare/v4.3.0...v5.2.2)

---
updated-dependencies:
- dependency-name: "@trivago/prettier-plugin-sort-imports"
  dependency-version: 5.2.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 13:49:23 +02:00
5f0bd6f5ea web: bump chart.js from 4.4.4 to 4.4.9 in /web (#14655)
Bumps [chart.js](https://github.com/chartjs/Chart.js) from 4.4.4 to 4.4.9.
- [Release notes](https://github.com/chartjs/Chart.js/releases)
- [Commits](https://github.com/chartjs/Chart.js/compare/v4.4.4...v4.4.9)

---
updated-dependencies:
- dependency-name: chart.js
  dependency-version: 4.4.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 13:49:07 +02:00
f5944ccb95 website: bump the goauthentik group in /website with 3 updates (#14654)
Bumps the goauthentik group in /website with 3 updates: @goauthentik/docusaurus-config, @goauthentik/eslint-config and @goauthentik/prettier-config.


Updates `@goauthentik/docusaurus-config` from 1.0.6 to 1.1.0

Updates `@goauthentik/eslint-config` from 1.0.4 to 1.0.5

Updates `@goauthentik/prettier-config` from 1.0.4 to 1.0.5

---
updated-dependencies:
- dependency-name: "@goauthentik/docusaurus-config"
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: goauthentik
- dependency-name: "@goauthentik/eslint-config"
  dependency-version: 1.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: goauthentik
- dependency-name: "@goauthentik/prettier-config"
  dependency-version: 1.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: goauthentik
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 13:48:45 +02:00
9bd3bad605 web: bump dompurify from 3.2.4 to 3.2.6 in /web (#14658)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.4 to 3.2.6.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.2.4...3.2.6)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-23 13:48:22 +02:00
dff60ee9fb web: fix lint (#14665)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-05-23 13:47:10 +02:00
4e932e47c9 website/docs: improve-rac-documents (#14414)
* Updated sidebar

* Started updating how to rac doc

* Added rac public key doc

* Changed to how to doc

* Change wording

* Removed mentions of SSH because public key auth can be used for RDP too

* Removed more mentions of SSH

* Changed some language and formatting

* Added document explaining the use of other guacamole connection settings.

* Updated SSH doc to include other methods of how to apply connection settings and updated the rac-settings doc to refer to the SSH doc.

* Significant changes - Removed rac-settings page and merged it into the overview/index page. Applied suggestions from Tana and Dominic in how-to-rac and rac-public-ket.

* Lint fix

* Addressing build issues

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Shorter headers and removed text block as Tana suggested.

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* test tweak

* few tweaks

* more polish

* tweak

* fix typo whah

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-05-23 11:02:43 +01:00
e57a98aeb5 web: bump the rollup group across 2 directories with 3 updates (#14622)
* web: bump the rollup group across 2 directories with 3 updates

Bumps the rollup group with 3 updates in the /web directory: [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs), [@rollup/plugin-node-resolve](https://github.com/rollup/plugins/tree/HEAD/packages/node-resolve) and [rollup](https://github.com/rollup/rollup).
Bumps the rollup group with 1 update in the /web/packages/sfe directory: [@rollup/plugin-node-resolve](https://github.com/rollup/plugins/tree/HEAD/packages/node-resolve).


Updates `@rollup/plugin-commonjs` from 28.0.0 to 28.0.3
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v28.0.3/packages/commonjs)

Updates `@rollup/plugin-node-resolve` from 15.3.0 to 16.0.1
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/node-resolve/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/node-resolve-v16.0.1/packages/node-resolve)

Updates `rollup` from 4.24.0 to 4.41.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.24.0...v4.41.0)

Updates `@rollup/plugin-commonjs` from 28.0.0 to 28.0.3
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v28.0.3/packages/commonjs)

Updates `@rollup/plugin-node-resolve` from 15.3.0 to 16.0.1
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/node-resolve/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/node-resolve-v16.0.1/packages/node-resolve)

Updates `rollup` from 4.24.0 to 4.41.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.24.0...v4.41.0)

Updates `@rollup/plugin-node-resolve` from 15.3.1 to 16.0.1
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/node-resolve/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/node-resolve-v16.0.1/packages/node-resolve)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-commonjs"
  dependency-version: 28.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rollup
- dependency-name: "@rollup/plugin-node-resolve"
  dependency-version: 16.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: rollup
- dependency-name: rollup
  dependency-version: 4.41.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: rollup
- dependency-name: "@rollup/plugin-commonjs"
  dependency-version: 28.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rollup
- dependency-name: "@rollup/plugin-node-resolve"
  dependency-version: 16.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: rollup
- dependency-name: rollup
  dependency-version: 4.41.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: rollup
- dependency-name: "@rollup/plugin-node-resolve"
  dependency-version: 16.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: rollup
...

Signed-off-by: dependabot[bot] <support@github.com>

* group more again

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-22 23:45:18 +02:00
807ea2a52a web: bump the sentry group across 1 directory with 2 updates (#14587)
Bumps the sentry group with 2 updates in the /web directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript) and @spotlightjs/spotlight.


Updates `@sentry/browser` from 8.33.1 to 9.21.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/9.21.0/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/8.33.1...9.21.0)

Updates `@spotlightjs/spotlight` from 2.5.0 to 2.13.3

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-version: 9.21.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: sentry
- dependency-name: "@spotlightjs/spotlight"
  dependency-version: 2.13.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-22 20:01:27 +02:00
0775bc0f1e lifecycle/aws: bump aws-cdk from 2.1016.0 to 2.1016.1 in /lifecycle/aws (#14631)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1016.0 to 2.1016.1.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1016.1/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1016.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-22 19:58:08 +02:00
35a4d9cc71 web: bump @patternfly/elements from 4.0.2 to 4.1.0 in /web (#14634)
Bumps [@patternfly/elements](https://github.com/patternfly/patternfly-elements/tree/HEAD/elements) from 4.0.2 to 4.1.0.
- [Release notes](https://github.com/patternfly/patternfly-elements/releases)
- [Changelog](https://github.com/patternfly/patternfly-elements/blob/main/elements/CHANGELOG.md)
- [Commits](https://github.com/patternfly/patternfly-elements/commits/@patternfly/elements@4.1.0/elements)

---
updated-dependencies:
- dependency-name: "@patternfly/elements"
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-22 19:57:49 +02:00
ed9008a7d4 web: bump @lit/task from 1.0.1 to 1.0.2 in /web (#14635)
Bumps [@lit/task](https://github.com/lit/lit/tree/HEAD/packages/task) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/lit/lit/releases)
- [Changelog](https://github.com/lit/lit/blob/main/packages/task/CHANGELOG.md)
- [Commits](https://github.com/lit/lit/commits/@lit/task@1.0.2/packages/task)

---
updated-dependencies:
- dependency-name: "@lit/task"
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-22 19:56:58 +02:00
a377ce6b45 web: bump chromedriver from 131.0.1 to 136.0.3 in /web (#14641)
Bumps [chromedriver](https://github.com/giggio/node-chromedriver) from 131.0.1 to 136.0.3.
- [Commits](https://github.com/giggio/node-chromedriver/compare/131.0.1...136.0.3)

---
updated-dependencies:
- dependency-name: chromedriver
  dependency-version: 136.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-22 19:56:42 +02:00
dac24ba62d web: bump yaml from 2.5.1 to 2.8.0 in /web (#14642)
Bumps [yaml](https://github.com/eemeli/yaml) from 2.5.1 to 2.8.0.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.5.1...v2.8.0)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-22 19:56:08 +02:00
826acbde2a web: bump @types/guacamole-common-js from 1.5.2 to 1.5.3 in /web (#14643)
Bumps [@types/guacamole-common-js](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/guacamole-common-js) from 1.5.2 to 1.5.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/guacamole-common-js)

---
updated-dependencies:
- dependency-name: "@types/guacamole-common-js"
  dependency-version: 1.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-22 19:55:54 +02:00
b7d97da2bc web: bump @goauthentik/prettier-config from 1.0.4 to 1.0.5 in /web/packages/esbuild-plugin-live-reload (#14637)
* web: bump @goauthentik/prettier-config

Bumps @goauthentik/prettier-config from 1.0.4 to 1.0.5.

---
updated-dependencies:
- dependency-name: "@goauthentik/prettier-config"
  dependency-version: 1.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* group more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-22 17:39:54 +02:00
cc6fcd831d web: Fix missing Enterprise sidebar entries. (#14615) 2025-05-22 17:00:28 +02:00
e5e3a5df80 core, web: update translations (#14626)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-22 13:54:53 +02:00
74268500b0 esbuild-plugin-live-reload: Publish. (#14624) 2025-05-21 20:32:36 +00:00
614740a4ff web/NPM Workspaces: Prep ESBuild plugin for publish. (#14552)
* web: Prep ESBuild plugin for publish.

* prettier-config: Update deps.

* eslint-config: Update deps.

* docusaurus-config: Update deps.

* docs: Update deps.

* docs: Enable linter.

* docs: Lint.

* web/sfe: Clean up types. Prep for monorepo.

* esbuild-plugin-live-reload: Update deps.

* web: Tidy ESLint, script commands.

* web: Fix logs.

* web: Lint.

* web: Split compile check from cached version.
2025-05-21 16:09:33 -04:00
f48496b2cf lifecycle: fix arguments not being passed to worker command (#14574) 2025-05-21 19:42:15 +02:00
35da3d65d2 translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#14611)
Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-21 16:16:10 +00:00
fb53fe2b3e providers/proxy: kubernetes outpost: fix reconcile when ingress class name changed (#14612)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-05-21 11:53:39 +00:00
dda2338258 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#14608)
* Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

* Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-21 13:27:24 +02:00
f582e66c67 translate: Updates for file web/xliff/en.xlf in zh_CN (#14607)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-21 13:27:06 +02:00
f595375f2d translate: Updates for file web/xliff/en.xlf in zh-Hans (#14609)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-21 13:26:53 +02:00
fd8317de7f translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#14606)
* Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

* Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-21 13:26:38 +02:00
2f1eab5aed root: move forked dependencies to goauthentik org (#14590)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-20 17:32:54 +02:00
70460bfb30 core: bump library/node from 22 to 24 (#14410)
* core: bump library/node from 22 to 24

Bumps library/node from 22 to 24.

---
updated-dependencies:
- dependency-name: library/node
  dependency-version: '24'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix linux esbuild

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove lockfile-lint package as SFE doesnt have a package lock and we have a script for the main lock

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update dependabot

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump fido

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-20 16:02:51 +02:00
0be9c60a71 core: bump django-guardian from 2.4.0 to v3.0.0 (#14453)
* core: bump django-guardian from 2.4.0 to v3.0.0

* Use GUARDIAN_MONKEY_PATCH_USER instead of deprecated GUARDIAN_MONKEY_PATCH

* ???

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix issue in outpost tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* patch all outpost tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup guardian lock

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-20 14:40:43 +02:00
abaf8d9544 enterprise/stages/mtls: improve certificate validation (#14582)
* improve certificate validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix fingerprint sha1

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* new cert with fixed attributes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add sc amr support

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-20 14:15:32 +02:00
73a3f29001 translate: Updates for file web/xliff/en.xlf in it (#14575)
* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* fix missing ci checkout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix gh pr edit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Removing web/xliff/en.xlf in it

99% of minimum 100% translated source file: 'web/xliff/en.xlf'
on 'it'.

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-20 10:18:19 +00:00
159bf4012e core, web: update translations (#14578)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-20 12:02:06 +02:00
9b3c1b5cff core: bump sentry-sdk from 2.28.0 to 2.29.1 (#14579)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.28.0 to 2.29.1.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.28.0...2.29.1)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-version: 2.29.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 12:02:01 +02:00
19aa268e4e core: bump astral-sh/uv from 0.7.5 to 0.7.6 (#14580)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.5 to 0.7.6.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.5...0.7.6)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 12:01:58 +02:00
1c5e906a3e web/NPM Workspaces: ESbuild version cleanup (#14541)
* web: Check JS files. Add types.

* web: Fix issues surrounding Vite/ESBuild types.

* web: Clean up version constants. Tidy types

* web: Clean up docs, types.

* web: Clean up package paths.

* web: (ESLint) no-lonely-if

* web: Render slot before navbar.

* web: Fix line-height alignment.

* web: Truncate long headers.

* web: Clean up page header declarations. Add story. Update paths.

* web: Ignore out directory.

* web: Lint Lit.

* web: Use private alias.

* web: Fix implicit CJS mode.

* web: Update deps.

* web: await all imports.
2025-05-20 02:11:18 +02:00
c133ba9bd3 enterprise/stages/mtls: update go & web client, fix py client generation (#14576)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-19 23:27:02 +02:00
65517f3b7f enterprise/stages: Add MTLS stage (#14296)
* prepare client auth with inbuilt server

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* introduce better IPC auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* init

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only allow trusted proxies to set MTLS headers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more stage progress

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont fail if ipc_key doesn't exist

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually install app

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update API

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix unquote

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix int serial number not jsonable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* init ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix git pull in makefile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix parse helper

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add test for outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests and improvements

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve labels

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for multiple CAs on brand

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for multiple CAs to MTLS stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont log ipcuser secret views

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix go mod

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-19 22:48:17 +02:00
b361dd3b59 lib/sync/outgoing: reduce number of db queries made (#14177) 2025-05-19 22:41:09 +02:00
40f598f3f1 web: (ESLint) No else return (#14558)
web: (ESLint) no-else-return.
2025-05-19 19:34:51 +02:00
b72d0e84c9 web: (ESLint) Use dot notation. (#14557) 2025-05-19 19:33:52 +02:00
d97297e0ce web: (ESLint) Consistent use of triple-equals. (#14554)
web: Consistent use of triple-equals.
2025-05-19 13:25:11 -04:00
1a80353bc0 web: fix description for signing responses in SAML provider (#14573) 2025-05-19 14:56:19 +00:00
beece507fd website/integrations: update paperless ngx instructions to include additional scopes (#14486) 2025-05-19 14:07:06 +02:00
e2bec88403 translate: Updates for file web/xliff/en.xlf in fr (#14570)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-19 12:04:12 +00:00
26b6c2e130 ci: add dependencies label to generated PRs (#14569)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-19 13:52:28 +02:00
1a38679ecf translate: Updates for file web/xliff/en.xlf in it (#14538)
Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-19 13:47:15 +02:00
b2334c3680 core: bump astral-sh/uv from 0.7.4 to 0.7.5 (#14560)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.4 to 0.7.5.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.4...0.7.5)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-19 13:38:30 +02:00
13251bb8c4 website: bump @types/postman-collection from 3.5.10 to 3.5.11 in /website (#14561)
website: bump @types/postman-collection in /website

Bumps [@types/postman-collection](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/postman-collection) from 3.5.10 to 3.5.11.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/postman-collection)

---
updated-dependencies:
- dependency-name: "@types/postman-collection"
  dependency-version: 3.5.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-19 13:38:16 +02:00
9fe6bac99d lifecycle/aws: bump aws-cdk from 2.1015.0 to 2.1016.0 in /lifecycle/aws (#14563)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1015.0 to 2.1016.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1016.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1016.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-19 13:38:06 +02:00
7c9fe53b47 core: bump axllent/mailpit from v1.24.2 to v1.25.0 in /tests/e2e (#14564)
Bumps axllent/mailpit from v1.24.2 to v1.25.0.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.25.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-19 13:37:57 +02:00
b20c4eab29 translate: Updates for file web/xliff/en.xlf in zh_CN (#14565)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-19 13:37:45 +02:00
8ca09a9ece web: Fix issue where Storybook cannot resolve styles. (#14553)
* web: Fix issue where Storybook cannot resolve styles.

* separate sentry config and middleware to prevent circular import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-19 13:37:30 +02:00
856598fc54 translate: Updates for file web/xliff/en.xlf in zh-Hans (#14566)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-19 13:36:58 +02:00
fdb7b29d9a root: replace raw.githubusercontent.com by checking out repo (#14567)
* root: replace raw.githubusercontent.com by checking out repo

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use make from client-go

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update instead of delete

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix py client install

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: use all absolute paths

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-19 13:18:44 +02:00
3748781368 sources/kerberos: resolve logger warnings (#14540)
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
2025-05-18 01:31:41 +02:00
99b559893b core, web: update translations (#14530)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-05-16 16:03:21 +02:00
8014088c3a core: bump astral-sh/uv from 0.7.3 to 0.7.4 (#14531)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.3 to 0.7.4.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.3...0.7.4)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-16 16:03:08 +02:00
3ee353126f core: bump github.com/getsentry/sentry-go from 0.32.0 to 0.33.0 (#14532)
Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.32.0 to 0.33.0.
- [Release notes](https://github.com/getsentry/sentry-go/releases)
- [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-go/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: github.com/getsentry/sentry-go
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-16 16:02:57 +02:00
db76c5d9e2 core: bump goauthentik.io/api/v3 from 3.2025040.1 to 3.2025041.1 (#14533)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025040.1 to 3.2025041.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025040.1...v3.2025041.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025041.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-16 16:02:50 +02:00
61bff69b7d core: bump django-pglock from 1.7.1 to 1.7.2 (#14534)
Bumps [django-pglock](https://github.com/AmbitionEng/django-pglock) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/AmbitionEng/django-pglock/releases)
- [Changelog](https://github.com/AmbitionEng/django-pglock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/AmbitionEng/django-pglock/compare/1.7.1...1.7.2)

---
updated-dependencies:
- dependency-name: django-pglock
  dependency-version: 1.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-16 16:02:42 +02:00
69651323e3 web: bump API Client version (#14528)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-15 20:19:16 +02:00
75a0ac9588 release: 2025.4.1 (#14527)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	package.json
2025-05-15 20:12:41 +02:00
941a697397 website/docs: release notes for 2025.4.1 (#14526)
* website/docs: release notes for 2025.4.1

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-15 19:26:01 +02:00
4a74db17a1 web: bump undici from 6.21.1 to 6.21.3 in /web (#14524)
Bumps [undici](https://github.com/nodejs/undici) from 6.21.1 to 6.21.3.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.21.1...v6.21.3)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.21.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-15 16:58:28 +02:00
0cf6bff93c tests/e2e: add test for authentication flow in compatibility mode (#14392)
* tests/e2e: add test for authentication flow in compatibility mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web: Add prefix class to CSS for easier debugging of constructed stylesheets.

- Use CSS variables for highlighter.

* web: Fix issue where MDX components apply styles out of order.

* web: Fix hover color.

* web: Fix CSS module types. Clean up globals.

* web: Fix issues surrounding availability of shadow root in compatibility mode.

* web: Fix typo.

* web: Partial fixes for storybook dark theme.

* web: Fix overflow.

* web: Fix issues surrounding competing interfaces attempting to apply styles.

* fix padding in ak-alert in. markdown

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web: Minimize use of sub-module exports.

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Teffen Ellis <teffen@sister.software>
2025-05-15 16:51:11 +02:00
814e438422 stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#14513)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-15 16:25:28 +02:00
2db77a37dd lifecycle/aws: bump aws-cdk from 2.1014.0 to 2.1015.0 in /lifecycle/aws (#14516)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1014.0 to 2.1015.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1015.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1015.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-15 15:09:53 +02:00
e40c5ac617 web/admin: Dual select state management, custom event dispatching. (#14490)
* web/admin: Fix issues surrounding dual select state management.

* web: Fix nested path.

* web: Use PatternFly variable.
2025-05-15 14:47:47 +02:00
7440900dac core: fix unable to create group if no enable_group_superuser permission is given (#14510)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-15 14:41:26 +02:00
ca96b27825 web/admin: Fix sidebar toggle synchronization. (#14487)
* web: Fix issue where resizing from tablet or smaller viewport desyncs the sidebar.

* web: Fix issue where focus style overrides hover state style.
2025-05-14 17:19:22 +02:00
ad4a765a80 website: bump the build group in /website with 6 updates (#14502)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.9` | `1.3.10` |
| [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.9` | `1.3.10` |
| [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.9` | `1.3.10` |
| [lightningcss-darwin-arm64](https://github.com/parcel-bundler/lightningcss) | `1.30.0` | `1.30.1` |
| [lightningcss-linux-arm64-gnu](https://github.com/parcel-bundler/lightningcss) | `1.30.0` | `1.30.1` |
| [lightningcss-linux-x64-gnu](https://github.com/parcel-bundler/lightningcss) | `1.30.0` | `1.30.1` |


Updates `@rspack/binding-darwin-arm64` from 1.3.9 to 1.3.10
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.10/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.3.9 to 1.3.10
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.10/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.3.9 to 1.3.10
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.10/packages/rspack)

Updates `lightningcss-darwin-arm64` from 1.30.0 to 1.30.1
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.30.0...v1.30.1)

Updates `lightningcss-linux-arm64-gnu` from 1.30.0 to 1.30.1
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.30.0...v1.30.1)

Updates `lightningcss-linux-x64-gnu` from 1.30.0 to 1.30.1
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.30.0...v1.30.1)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-version: 1.3.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-version: 1.3.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-version: 1.3.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: lightningcss-darwin-arm64
  dependency-version: 1.30.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: lightningcss-linux-arm64-gnu
  dependency-version: 1.30.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: lightningcss-linux-x64-gnu
  dependency-version: 1.30.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-14 16:11:52 +02:00
4dcd481010 core: remove OldAuthenticatedSession content type (#14507)
* core: remove `OldAuthenticatedSession` content type

This was left out from https://github.com/goauthentik/authentik/pull/9736

* remove stale content types in `repair_permissions`

Co-authored-by: Jens Langhammer <jens@goauthentik.io>

* run `remove_stale_contenttypes` for each tenant

---------

Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-14 15:02:29 +02:00
d0dc14d84d core: bump msgraph-sdk from 1.29.0 to 1.30.0 (#14503)
Bumps [msgraph-sdk](https://github.com/microsoftgraph/msgraph-sdk-python) from 1.29.0 to 1.30.0.
- [Release notes](https://github.com/microsoftgraph/msgraph-sdk-python/releases)
- [Changelog](https://github.com/microsoftgraph/msgraph-sdk-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/microsoftgraph/msgraph-sdk-python/compare/v1.29.0...v1.30.0)

---
updated-dependencies:
- dependency-name: msgraph-sdk
  dependency-version: 1.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-14 12:22:41 +02:00
7bf960352b core: bump twilio from 9.6.0 to 9.6.1 (#14505)
Bumps [twilio](https://github.com/twilio/twilio-python) from 9.6.0 to 9.6.1.
- [Release notes](https://github.com/twilio/twilio-python/releases)
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md)
- [Commits](https://github.com/twilio/twilio-python/compare/9.6.0...9.6.1)

---
updated-dependencies:
- dependency-name: twilio
  dependency-version: 9.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-14 12:22:27 +02:00
c07d01661b core: bump psycopg[c,pool] from 3.2.8 to 3.2.9 (#14504)
Bumps [psycopg[c,pool]](https://github.com/psycopg/psycopg) from 3.2.8 to 3.2.9.
- [Changelog](https://github.com/psycopg/psycopg/blob/3.2.9/docs/news.rst)
- [Commits](https://github.com/psycopg/psycopg/compare/3.2.8...3.2.9)

---
updated-dependencies:
- dependency-name: psycopg[c,pool]
  dependency-version: 3.2.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-14 12:19:42 +02:00
427597ec14 enterprise: fix expired license's users being counted (#14451)
* enterprise: fix expired license's users being counted

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* tests to the rescue

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* hmm

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-13 15:59:17 +02:00
7cc77bd387 website/integrations: fix missing closing brace for semaphore (#14467)
Update index.mdx

Added missing closing bracket

Signed-off-by: ericgu08 <79233593+ericgu08@users.noreply.github.com>
2025-05-13 15:26:10 +02:00
381a1a2c49 tests/e2e: Add E2E tests for Flow SFE (#14484)
* add e2e test for SFE login

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add helper text in SFE on password stage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* build sfe for e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ci e2e cache key not considering sfe

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix sfe missing from docker build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh I forgot npm

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-13 12:03:12 +02:00
08f8222224 website: bump semver from 7.7.1 to 7.7.2 in /website (#14491)
Bumps [semver](https://github.com/npm/node-semver) from 7.7.1 to 7.7.2.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2)

---
updated-dependencies:
- dependency-name: semver
  dependency-version: 7.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-13 12:01:13 +02:00
1211c34a18 core: bump django from 5.1.8 to 5.1.9 (#14483)
* build(deps): bump django from 5.1.8 to 5.1.9

Bumps [django](https://github.com/django/django) from 5.1.8 to 5.1.9.
- [Commits](https://github.com/django/django/compare/5.1.8...5.1.9)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.1.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump lock

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-12 21:23:10 +02:00
22efb57369 core: bump psycopg[c,pool] from 3.2.7 to 3.2.8 (#14481)
Bumps [psycopg[c,pool]](https://github.com/psycopg/psycopg) from 3.2.7 to 3.2.8.
- [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst)
- [Commits](https://github.com/psycopg/psycopg/compare/3.2.7...3.2.8)

---
updated-dependencies:
- dependency-name: psycopg[c,pool]
  dependency-version: 3.2.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-12 20:55:37 +02:00
3eeda53be6 core: bump sentry-sdk from 2.27.0 to 2.28.0 (#14482)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.27.0 to 2.28.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.27.0...2.28.0)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-version: 2.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-12 20:55:34 +02:00
82ace18703 root: pin package version in pyproject for dependabot (#14469)
* root: pin package version in pyproject for dependabot

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use exact as we know that works now

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-12 19:32:48 +02:00
8589079252 core: fix session migration when old session can't be loaded (#14466)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-12 15:51:49 +02:00
ae2af6e58e root: temporarily deactivate database pool option (#14443)
* root: temporarily deactivate database pool option

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* deactivate tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-12 14:48:01 +02:00
86a7f98ff6 website: bump the build group in /website with 3 updates (#14475)
Bumps the build group in /website with 3 updates: [lightningcss-darwin-arm64](https://github.com/parcel-bundler/lightningcss), [lightningcss-linux-arm64-gnu](https://github.com/parcel-bundler/lightningcss) and [lightningcss-linux-x64-gnu](https://github.com/parcel-bundler/lightningcss).


Updates `lightningcss-darwin-arm64` from 1.29.3 to 1.30.0
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.29.3...v1.30.0)

Updates `lightningcss-linux-arm64-gnu` from 1.29.3 to 1.30.0
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.29.3...v1.30.0)

Updates `lightningcss-linux-x64-gnu` from 1.29.3 to 1.30.0
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.29.3...v1.30.0)

---
updated-dependencies:
- dependency-name: lightningcss-darwin-arm64
  dependency-version: 1.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: lightningcss-linux-arm64-gnu
  dependency-version: 1.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: lightningcss-linux-x64-gnu
  dependency-version: 1.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-12 14:39:18 +02:00
3af45371d3 website/docs: stages: fix-typo (#14477)
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
2025-05-12 14:12:33 +02:00
b01ffd934f website/docs: Update Kubernetes Bootstrap Instructions (#14471)
* website/docs: update envFrom block for automated install

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-11 15:13:14 +02:00
f11ba94603 root: improve sentry distributed tracing (#14468)
* core: include all sentry headers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove spotlight patch we dont need anymore

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* always trace in debug

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* init sentry earlier

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add light interface

https://github.com/goauthentik/authentik/pull/14331

removes 2 unneeded API calls

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sentry integrated router

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use new Sentry middleware to propagate headers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing baggage

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup logs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use sanitized URLs for logging/tracing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-11 02:40:31 +02:00
7d2aa43364 Revert "web/admin: fix enterprise menu display" (#14458)
Revert "web/admin: fix enterprise menu display (#14447)"

This reverts commit 0611eea0e7.
2025-05-10 18:26:07 +02:00
f1351a7577 website/docs: update outdated custom CSS docs (#14441)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-10 11:15:47 -05:00
0611eea0e7 web/admin: fix enterprise menu display (#14447)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-10 00:54:33 +02:00
d0b46fcf9c core: bump msgraph-sdk from 1.28.0 to v1.29.0 (#14454) 2025-05-10 00:51:32 +02:00
dcbdc37d31 core: bump opentelemetry-api from 1.32.1 to v1.33.0 (#14455) 2025-05-10 00:51:29 +02:00
d07f396379 core: bump platformdirs from 4.3.7 to v4.3.8 (#14456) 2025-05-10 00:51:27 +02:00
0972103b83 core: bump ruff from 0.11.8 to v0.11.9 (#14457) 2025-05-10 00:51:24 +02:00
b448e76db4 web/flows/sfe: fix global background image not being loaded (#14442)
* web/flows/sfe: add initial loading spinner

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix brand-level default flow background not working with SFE and loading original image with full flow interface

https://github.com/goauthentik/authentik/pull/13079#issuecomment-2853357407
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-09 17:58:43 +02:00
f2937bd6dd outposts: fix tmpdir in containers not being set (#14444)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-09 17:57:25 +02:00
53c2e3e77c lifecycle: fix ak dump_config (#14445)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-09 17:56:01 +02:00
7dd62c1f55 lifecycle/aws: bump aws-cdk from 2.1013.0 to 2.1014.0 in /lifecycle/aws (#14436)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1013.0 to 2.1014.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1014.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1014.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-09 15:50:56 +02:00
33e3510fba website/integrations: update integration template (#14432)
* Updated indentation and service name formatting.

* Angle brackets for mentions of service name

* Update website/integrations/template/service.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Fixes issues with <service name> being read as a tag.

* Update website/integrations/template/service.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-09 09:51:11 +01:00
0e5fac2642 website/integrations: fix sonarqube badge (#14434)
Moves the badge to frontmatter.
2025-05-08 20:22:29 +02:00
c53b1fe78a website/integrations: coder: fix period (#14423) 2025-05-08 09:10:39 -05:00
838a7457b2 website: bump the build group in /website with 3 updates (#14427)
Bumps the build group in /website with 3 updates: [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack), [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) and [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack).


Updates `@rspack/binding-darwin-arm64` from 1.3.8 to 1.3.9
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.9/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.3.8 to 1.3.9
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.9/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.3.8 to 1.3.9
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.9/packages/rspack)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-version: 1.3.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-version: 1.3.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-version: 1.3.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-08 15:03:06 +02:00
a3c07bc9ff core: bump astral-sh/uv from 0.7.2 to 0.7.3 (#14426)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.2 to 0.7.3.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.2...0.7.3)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-08 15:02:00 +02:00
121f2c609d website/integrations: update paperless ngx instructions to include correct scopes (#14424)
* Update Paperless NGX instructions to include correct scopes

`openid` scope is required for Paperless NGX

Signed-off-by: Jim Shank <jimshank@gmail.com>

* Update website/integrations/services/paperless-ngx/index.mdx

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Jim Shank <jimshank@gmail.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-05-08 08:55:30 +00:00
365affc28e website/docs: configuration sessions are now stored by default in the database (#14425)
docs: configuration: sessions are now stored by default in the database

Signed-off-by: Dominic R <dominic@sdko.org>
2025-05-08 09:26:27 +01:00
f367822779 root: readme: use right contribution guide link (#14250)
wip

Signed-off-by: Dominic R <dominic@sdko.org>
2025-05-07 21:20:32 +00:00
848198125d website/integrations: add coder (#14385)
* init

Signed-off-by: Dominic R <dominic@sdko.org>

* init

Signed-off-by: Dominic R <dominic@sdko.org>

* wip

* what is happening to my lint today?

* Apply suggestions from code review

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-05-07 20:04:34 +01:00
497ac5e3d0 website/integrations: improve grafana docs (#14408)
* Update index.mdx

Better reflected the stuff at https://github.com/goauthentik/authentik/issues/8673

Signed-off-by: andymarden <63465082+andymarden@users.noreply.github.com>

* Update website/integrations/services/grafana/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/grafana/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: andymarden <63465082+andymarden@users.noreply.github.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-05-07 12:33:42 -05:00
1773d4d681 core: bump geoip2 from 5.0.1 to v5.1.0 (#14417) 2025-05-07 19:25:14 +02:00
4edbb51939 core: bump boto3 from 1.38.7 to v1.38.10 (#14416) 2025-05-07 19:24:58 +02:00
c7e97ab48e core: bump maxminddb from 2.6.3 to v2.7.0 (#14420) 2025-05-07 19:24:44 +02:00
31f7faae1c core: bump azure-identity from 1.21.0 to v1.22.0 (#14415) 2025-05-07 19:24:31 +02:00
f5dae2ae92 core: bump google-auth from 2.39.0 to v2.40.1 (#14418) 2025-05-07 19:24:17 +02:00
2c043dba0b core: bump jsii from 1.111.0 to v1.112.0 (#14419) 2025-05-07 19:24:03 +02:00
bda10e5db1 core: bump pytest-timeout from 2.3.1 to v2.4.0 (#14421) 2025-05-07 19:23:49 +02:00
be9ae7d4f7 web: cleanup/loading attribute always true (#14288)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web: remove Lit syntax from always true attributes

## What

Replaces instances of `?loading=${true}` and `?loading="${true}"` with `loading`

## Why

The Lit syntax is completely unnecessary when the attribute's state is constant, and it's a few
(just a few) extra CPU cycles for Lit to process that.

More to the point, it annoys me.

## How

```
$ perl -pi.bak -e 's/\?loading=\$\{true\}/loading/' $(rg -l '\?loading=\$\{true\}')
$ find . -name '*.bak' -exec rm {} \;
$ perl -pi.bak -e 's/\?loading="\$\{true\}"/loading/' $(rg -l '\?loading="\$\{true\}"')
$ find . -name '*.bak' -exec rm {} \;
```

* Prettier had opinions

* Trigger Build
2025-05-06 08:49:48 -07:00
b4a6189bfa core: bump selenium from 4.31.0 to v4.32.0 (#14394)
* core: bump selenium from 4.31.0 to v4.32.0

* deal with selenium breaking stuff on minor versions

https://github.com/SeleniumHQ/selenium/pull/15641
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-06 16:53:20 +02:00
bfdb827ff9 website/docs: Update Docusaurus config. Prep for version picker. (#14401)
* website/docs: Clean up config. Add types.

* website/docs: Format MDX.

* website: Fix build warnings. Lint badges frontmatter.
2025-05-06 10:04:39 -04:00
488a58e1c5 core: bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 (#14405)
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-06 15:06:15 +02:00
3f83e69453 core: bump golang.org/x/sync from 0.13.0 to 0.14.0 (#14406)
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/sync/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-version: 0.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-06 15:02:53 +02:00
e92fa5df0b core: bump selenium/standalone-chrome from 135.0 to 136.0 in /tests/e2e (#14407)
Bumps selenium/standalone-chrome from 135.0 to 136.0.

---
updated-dependencies:
- dependency-name: selenium/standalone-chrome
  dependency-version: '136.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-06 15:02:45 +02:00
f8c22170df core, web: update translations (#14402)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-05-06 05:20:31 +02:00
e3d08a8434 core: bump boto3 from 1.38.7 to v1.38.8 (#14393) 2025-05-05 23:50:09 +02:00
97d3e9afdc core: bump setuptools from 80.1.0 to v80.3.1 (#14395) 2025-05-05 23:50:00 +02:00
1eb08def73 core: bump twilio from 9.5.2 to v9.6.0 (#14396) 2025-05-05 23:49:52 +02:00
6e3b379e4a website/docs: add one more reference and link about can view Admin interface (#14399)
* add yet another mention of the can view admin interface

* tweaks

---------

Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-05-05 13:42:41 -05:00
264f59775c website/docs: Update deps. (#14397)
* website/docs: Update deps.

* website/docs: Port partial monorepo fixes. Fix build warnings.

* website/docs: Update Prettier.

* website/docs: Format. Update deps.

* website/docs: Remove empty entry.
2025-05-05 16:59:49 +00:00
d048f1ecbd website/docs: Add pkg-config to the brew dependencies (#14398)
Add pkg-config to the brew dependencies
2025-05-05 16:51:42 +00:00
eb31f31584 web, website: update browserslist (#14386)
web,website: update browserslist

Updates browser list in web and website using `npx
update-browserslist-db@latest`

Our list was more than 7 months outdated.

Why to update:
> This update will bring data about new browsers to polyfill tools like Autoprefixer or Babel and reduce already unnecessary polyfills.
>
> You need to do it regularly for three reasons:
>
> 1. To use the latest browser’s versions and statistics in queries like last 2 versions or >1%. For example, if you created your project 2 years ago and did not update your dependencies, last 1 version will return 2-year-old browsers.
> 2. Actual browser data will lead to using less polyfills. It will reduce size of JS and CSS files and improve website performance.
> 3. caniuse-lite deduplication: to synchronize versions in different tools.
2025-05-05 15:01:59 +02:00
fe5c842e92 core, web: update translations (#14383)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-05-05 14:11:16 +02:00
b82d3100c9 website/integrations: add atlassian (#14209)
* Begin

* Added instructions

* Writtent all required steps

* Atlassian cloud vs atlassian

* Added important information section

* Improved wording, removed temporary placeholders, added more detail to the admin account required in Atlassian, fixed typos

* Update website/integrations/services/atlassian/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/atlassian/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/atlassian/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/atlassian/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/atlassian/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/atlassian/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/atlassian/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/atlassian/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Differentiated between external and internal user accounts, fixed typos and improved wording.

* Converted important information section to important block and updated language.

* Typos

* Update website/integrations/services/atlassian/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/atlassian/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/atlassian/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/atlassian/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/atlassian/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Edited as per suggestions from Tana

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-05 13:09:32 +01:00
49bb668036 core: bump github.com/pires/go-proxyproto from 0.8.0 to 0.8.1 (#14388)
Bumps [github.com/pires/go-proxyproto](https://github.com/pires/go-proxyproto) from 0.8.0 to 0.8.1.
- [Release notes](https://github.com/pires/go-proxyproto/releases)
- [Commits](https://github.com/pires/go-proxyproto/compare/v0.8.0...v0.8.1)

---
updated-dependencies:
- dependency-name: github.com/pires/go-proxyproto
  dependency-version: 0.8.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-05 12:55:29 +02:00
52c70c7700 ci: bump golangci/golangci-lint-action from 7 to 8 (#14389)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 7 to 8.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v7...v8)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-05 12:55:17 +02:00
b99fd36f86 core: bump axllent/mailpit from v1.24.1 to v1.24.2 in /tests/e2e (#14390)
Bumps axllent/mailpit from v1.24.1 to v1.24.2.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.24.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-05 12:55:06 +02:00
8a5381eca3 translate: Updates for file web/xliff/en.xlf in it (#14372)
* Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

* Removing web/xliff/en.xlf in it

99% of minimum 100% translated source file: 'web/xliff/en.xlf'
on 'it'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-05 01:40:03 +02:00
2c77830179 translate: Updates for file web/xliff/en.xlf in zh_CN (#14374)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-05 01:39:42 +02:00
ffcd7def60 translate: Updates for file web/xliff/en.xlf in zh-Hans (#14375)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-05 01:39:28 +02:00
ed121bc2a3 translate: Updates for file locale/en/LC_MESSAGES/django.po in pt (#14379)
Translate locale/en/LC_MESSAGES/django.po in pt

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'pt'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-05 01:38:16 +02:00
d5ab9d9167 website/integrations: Fix outpost link for Home Assistant configuration (#14382)
Fix outpost link for Home Assistant configuration

Signed-off-by: Jim Shank <jimshank@gmail.com>
2025-05-05 00:02:43 +02:00
a983321ad6 website/docs: fix leftover placeholder in release notes (#14377)
Update v2025.4.md

changed download URL to match version 2025.4. Otherwise it will give a 404

Signed-off-by: finkerle <145992792+finkerle@users.noreply.github.com>
2025-05-04 16:45:55 +02:00
9c3420ede4 website/integrations: minio: fix typo (#14376)
Signed-off-by: Dominic R <dominic@sdko.org>
2025-05-03 23:38:10 +02:00
91b40350aa core: bump goauthentik/fips-python from 3.12.10-slim-bookworm-fips to 3.13.3-slim-bookworm-fips (#12763)
* core: bump goauthentik/fips-python from 3.12.7-slim-bookworm-fips to 3.13.1-slim-bookworm-fips

Dependabot couldn't find the original pull request head commit, 57d3f7b1d72de7f2448d0ce661c74de53412bdd5.

* upgrade the rest

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update dev env

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* silence docker build action about env name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump to 3.13.3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-03 22:04:49 +02:00
1912991682 core: bump axllent/mailpit from v1.6.5 to v1.24.1 in /tests/e2e (#14341)
Bumps axllent/mailpit from v1.6.5 to v1.24.1.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.24.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-03 21:34:51 +02:00
71b9117f53 core: bump selenium/standalone-chrome from 122.0 to 135.0 in /tests/e2e (#14342)
Bumps selenium/standalone-chrome from 122.0 to 135.0.

---
updated-dependencies:
- dependency-name: selenium/standalone-chrome
  dependency-version: '135.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-03 21:34:43 +02:00
b5f947f460 core: bump lxml from 5.3.2 to v5.4.0 (#14355)
* core: bump lxml from 5.3.2 to v5.4.0

* fix lxml xmlsec issues

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-05-03 17:37:39 +02:00
3a2f7e9549 core: bump azure-core from 1.33.0 to v1.34.0 (#14345) 2025-05-03 17:20:13 +02:00
1582ce0920 core: bump boto3 from 1.37.35 to v1.38.7 (#14346) 2025-05-03 17:19:47 +02:00
6d3eea5266 core: bump celery from 5.5.1 to v5.5.2 (#14347) 2025-05-03 17:19:35 +02:00
e987208bd1 core: bump certifi from 2025.1.31 to v2025.4.26 (#14348) 2025-05-03 17:19:23 +02:00
0efab8eef7 core: bump charset-normalizer from 3.4.1 to v3.4.2 (#14349) 2025-05-03 17:18:36 +02:00
9402dac8ae core: bump cryptography from 44.0.2 to v44.0.3 (#14350) 2025-05-03 17:18:23 +02:00
f57a290eee core: bump google-api-python-client from 2.167.0 to v2.169.0 (#14351) 2025-05-03 17:18:11 +02:00
5dab0d2b7a core: bump h11 from 0.14.0 to v0.16.0 (#14352) 2025-05-03 17:17:08 +02:00
2da6036248 core: bump humanize from 4.12.2 to v4.12.3 (#14353) 2025-05-03 17:16:37 +02:00
cdba94cea4 core: bump jsonschema-specifications from 2024.10.1 to v2025.4.1 (#14354) 2025-05-03 17:16:30 +02:00
c59eca664a core: bump msal from 1.32.0 to v1.32.3 (#14356) 2025-05-03 17:16:21 +02:00
d5b205f9c0 core: bump mypy-extensions from 1.0.0 to v1.1.0 (#14357) 2025-05-03 17:16:11 +02:00
8ad9ad833e core: bump orjson from 3.10.16 to v3.10.18 (#14358) 2025-05-03 17:16:03 +02:00
599ce15f68 core: bump psycopg from 3.2.6 to v3.2.7 (#14359) 2025-05-03 17:15:54 +02:00
91310eff52 core: bump pydantic from 2.11.3 to v2.11.4 (#14360) 2025-05-03 16:56:57 +02:00
b522d6732a core: bump redis from 5.2.1 to v6.0.0 (#14361) 2025-05-03 16:56:47 +02:00
17d96f204e core: bump ruff from 0.11.5 to v0.11.8 (#14362) 2025-05-03 16:56:15 +02:00
65e4667bc3 core: bump sentry-sdk from 2.26.1 to v2.27.0 (#14363) 2025-05-03 16:55:48 +02:00
f67f9e5ed0 core: bump setproctitle from 1.3.5 to v1.3.6 (#14364) 2025-05-03 16:54:47 +02:00
62dd6a4393 core: bump setuptools from 78.1.0 to v80.1.0 (#14365) 2025-05-03 16:54:38 +02:00
a46eae8276 core: bump structlog from 25.2.0 to v25.3.0 (#14366) 2025-05-03 16:54:27 +02:00
c4acc9fc24 core: bump unidecode from 1.3.8 to v1.4.0 (#14367) 2025-05-03 16:54:18 +02:00
e748a03082 core, web: update translations (#14368)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-05-03 16:54:10 +02:00
e473f28e21 web: NPM workspaces (#14274)
docusaurus-config: v1.0.6
2025-05-02 21:52:54 -04:00
f70635c295 web: Clean up browser-only module imports that crash WebDriverIO. (#14330)
* web: Clean up browser-only module imports that crash WebDriverIO.

* web: Clarify slug format output.
2025-05-02 20:04:05 -04:00
70d60c7ab2 web: Use monorepo package utilities to build packages (#14159)
* web: Format live reload package.

* web: Format package.json.

* web: Revise globals.

* web: Build entrypoints with a single ESBuild context. Clean up entrypoints.

* web: WIP Prepare monorepo package for use.

* web: Update build paths. Fix types.

* web: WIP Add monorepo dependency.

* web: Use monorepo utilities when building.

* web: Fix issue where linters collide. Update ignore file.

- Remove unused sort override for polyfills.

* core: Prepare repo for NPM workspaces.
2025-05-02 19:48:19 -04:00
61a26c02b7 Revert-revert: Safari fixes (#14331)
* Reapply "web: Safari fixes merge branch (#14181)"

This reverts commit a41d45834c.

* web: Fix brand preference order. Adjust header height.
2025-05-02 21:26:40 +02:00
a06645d558 website/docs: remove support badge (#14343)
removed support badge1

Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-05-02 18:15:20 +00:00
7730ecbd37 ci: use dependabot for compose correctly? (#14340)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-02 19:21:55 +02:00
80e1be8db7 website/docs: use Universal Device Trust for GDTC instead of Okta (#14335)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-02 19:11:14 +02:00
c528c74e48 ci: use dependabot for docker-compose files (#14336)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-02 19:05:36 +02:00
6d7bf36afe website/docs: fix dry-run release highlight (#14337)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-02 19:05:25 +02:00
44fb59eb18 rbac: fix RoleObjectPermissionTable not showing add_user_to_group (#14312)
fix RoleObjectPermissionTable not showing `add_user_to_group`
2025-05-02 17:42:19 +02:00
8f8d924935 core, web: update translations (#14326)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-05-02 17:41:47 +02:00
602adaa5c5 core: bump github.com/sethvargo/go-envconfig from 1.2.0 to 1.3.0 (#14327)
Bumps [github.com/sethvargo/go-envconfig](https://github.com/sethvargo/go-envconfig) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/sethvargo/go-envconfig/releases)
- [Commits](https://github.com/sethvargo/go-envconfig/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/sethvargo/go-envconfig
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-02 17:30:24 +02:00
5c9e97e11c web: bump vite from 5.4.16 to 5.4.19 in /web (#14324)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.16 to 5.4.19.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.19/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.19/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 5.4.19
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-01 22:34:28 +02:00
2e7c620c9c core: bump setuptools from 78.1.0 to v79.0.0 (#14173) 2025-05-01 22:29:49 +02:00
30a2770781 core: bump ruff from 0.11.5 to v0.11.6 (#14171) 2025-05-01 22:29:36 +02:00
ef49fa0e79 core: bump s3transfer from 0.11.4 to v0.11.5 (#14172) 2025-05-01 22:29:03 +02:00
ac524ef425 core: bump packaging from 24.2 to v25.0 (#14169) 2025-05-01 22:28:44 +02:00
6f3c1c4537 core: bump aiohttp from 3.11.16 to v3.11.18 (#14166) 2025-05-01 22:28:35 +02:00
87886ca1b6 core: bump boto3 from 1.37.35 to v1.37.38 (#14167) 2025-05-01 22:28:11 +02:00
7ff96e30f9 core: bump frozenlist from 1.5.0 to v1.6.0 (#14168) 2025-05-01 22:28:02 +02:00
b26271557a core: bump pdoc from 15.0.1 to v15.0.3 (#14170) 2025-05-01 22:27:51 +02:00
15c99ff129 core: bump trio from 0.29.0 to v0.30.0 (#14174) 2025-05-01 22:27:32 +02:00
2a38e08e31 translate: Updates for file locale/en/LC_MESSAGES/django.po in it (#14271)
Translate locale/en/LC_MESSAGES/django.po in it

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'it'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-05-01 22:25:59 +02:00
3696706466 website: bump the build group across 1 directory with 9 updates (#14293)
Bumps the build group with 9 updates in the /website directory:

| Package | From | To |
| --- | --- | --- |
| [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.6` | `1.3.8` |
| [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.6` | `1.3.8` |
| [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.6` | `1.3.8` |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.22` | `1.11.24` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.22` | `1.11.24` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.22` | `1.11.24` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.22` | `1.11.24` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.22` | `1.11.24` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.22` | `1.11.24` |



Updates `@rspack/binding-darwin-arm64` from 1.3.6 to 1.3.8
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.8/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.3.6 to 1.3.8
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.8/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.3.6 to 1.3.8
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.8/packages/rspack)

Updates `@swc/core-darwin-arm64` from 1.11.22 to 1.11.24
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.22...v1.11.24)

Updates `@swc/core-linux-arm64-gnu` from 1.11.22 to 1.11.24
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.22...v1.11.24)

Updates `@swc/core-linux-x64-gnu` from 1.11.22 to 1.11.24
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.22...v1.11.24)

Updates `@swc/html-darwin-arm64` from 1.11.22 to 1.11.24
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.22...v1.11.24)

Updates `@swc/html-linux-arm64-gnu` from 1.11.22 to 1.11.24
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.22...v1.11.24)

Updates `@swc/html-linux-x64-gnu` from 1.11.22 to 1.11.24
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.22...v1.11.24)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-version: 1.3.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-version: 1.3.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-version: 1.3.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.11.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.11.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.11.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.11.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.11.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.11.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-01 22:20:34 +02:00
d0c9635033 core, web: update translations (#14309)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-05-01 22:20:27 +02:00
7731014e1c stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#14311)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-05-01 22:20:08 +02:00
d478582a5c core: bump astral-sh/uv from 0.7.0 to 0.7.2 (#14315)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.7.0 to 0.7.2.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.7.0...0.7.2)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-01 22:19:55 +02:00
6255f380aa core: bump goauthentik.io/api/v3 from 3.2025024.9 to 3.2025040.1 (#14316)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025024.9 to 3.2025040.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025024.9...v3.2025040.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025040.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-01 22:19:48 +02:00
1f02e67c5c core: bump github.com/redis/go-redis/v9 from 9.7.3 to 9.8.0 (#14317)
Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.7.3 to 9.8.0.
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/go-redis/compare/v9.7.3...v9.8.0)

---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-01 22:19:41 +02:00
d0bfb894b4 lifecycle/aws: bump aws-cdk from 2.1012.0 to 2.1013.0 in /lifecycle/aws (#14318)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1012.0 to 2.1013.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1013.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1013.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-01 22:19:31 +02:00
c5dfdc6deb website/integrations: youtrack document (#14264)
* add to sidebar

Signed-off-by: Dominic R <dominic@sdko.org>

* start ak config

Signed-off-by: Dominic R <dominic@sdko.org>

* init

* lint

* spelling 

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/youtrack/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/youtrack/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/youtrack/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-01 11:13:21 -05:00
d04a66ad9a website/integrations: improve Gitea doc (#14194)
* Updating to new formatting rules, added note based on GH issue, wording improvements.

* Updated formatting, added testing configuration step, numbered steps, imrpoved wording

* Added numbered steps to the Gitea instructions and changed the navigation steps.

* Changed indenting on codeblocks

* Alterations based on feedback

* Altered icon urls and italicization

* changed line 52 to use png instead of svg

* Update website/integrations/services/gitea/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/gitea/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/gitea/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* changed <application lsug> to <slug>

* Update website/integrations/services/gitea/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/gitea/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Minor changes to wording/formatting and added a resources section

* Update website/integrations/services/gitea/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/gitea/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/gitea/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/gitea/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Added missing punctuation

* a few tweaks, and bumb to rebuild

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-05-01 09:54:52 -05:00
a5edaabec0 website/docs: "Device code flow" documentation improvements (#14257)
* Improved RFC reference

Replaced "abilities" with "capabilities" to better reflect RFC wording, added extended summary from RFC to ensure complete and clear understanding.

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Improved documentation

Added link for brand keyword, removed repetition

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Improved UX

Marked keywords with Capital letters and proper formatting to clarify those are references to actual values/labels

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* SEO Optimization

Added alternative name to "also known" section to improve searchability

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Added step-by-step tutorial for setup

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* "Relative vs. absolute paths" rule

Removed full link in favor of relative path

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Fixed formatting according to style guide

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Fixed relative path

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Update website/docs/add-secure-apps/providers/oauth2/device_code.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Update website/docs/add-secure-apps/providers/oauth2/device_code.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Update website/docs/add-secure-apps/providers/oauth2/device_code.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Update website/docs/add-secure-apps/providers/oauth2/device_code.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Update website/docs/add-secure-apps/providers/oauth2/device_code.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Update website/docs/add-secure-apps/providers/oauth2/device_code.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Update device_code.md

removed newline as per "prettier --write"

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Update website/docs/add-secure-apps/providers/oauth2/device_code.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>

* Update website/docs/add-secure-apps/providers/oauth2/device_code.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update device_code.md

brute forced it here...

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Dametto Luca <45915503+LucaTheHacker@users.noreply.github.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-05-01 08:43:59 -05:00
daa367bc62 website/docs: adds webfinger doc under oauth provider (#14247)
* Added document and modified sidebar

* Update website/docs/add-secure-apps/providers/oauth2/webfinger_support.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-05-01 08:30:05 -05:00
78345853c2 website/docs: clean up oauth redirect paragraph (#14291)
* website/docs: clean up oauth redirect paragraph

Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>

* Dominic's edit, and yet another typo

---------

Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-04-30 16:11:16 -05:00
f0fa8a3226 brands: fix CSS Migration not updating brands (#14306)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-04-30 22:39:23 +02:00
3335fdc6ad website/docs: clarify 2025.4 breaking Reputation changes (#14284)
* website/docs: clarify `2025.4` breaking Reputation changes

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* change to bump build checks

* another tweak to bounce after rebase

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-04-30 15:39:16 -05:00
29c2c0f7dc website/docs: clarify some points (i.e. around capitalization after colons) (#14290)
* a few new items

* more on capitalization

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* tweak to bump build

* typo thx fletcher

* remove mention of BR

* final edits in

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-04-30 14:28:08 -05:00
ada4254f52 web: bump API Client version (#14301)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-30 13:43:37 +00:00
39035de552 website/docs: initial permissions: fix usage of term admin (#14300)
* website/docs: initial permissions: fix usage of term admin

Should be lowercase and use full word as it refers to an administrator. See pending PR for style guide 

Signed-off-by: Dominic R <dominic@sdko.org>

* fix2

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-04-30 13:19:43 +00:00
e76d388ce4 release: 2025.4.0 (#14299)
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-30 13:15:38 +00:00
a52f887692 core, web: update translations (#14273)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-30 13:00:04 +00:00
d8b12a9a07 core: bump astral-sh/uv from 0.6.17 to 0.7.0 (#14294)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-30 12:59:49 +00:00
ec01f16e99 ci: cleanup post uv migration (#13538) 2025-04-30 12:43:14 +00:00
9e3aaefc20 website/docs: add gateway API to release notes and documentation (#14278) 2025-04-30 14:36:42 +02:00
4454592442 website/docs: Release notes 2025.4.0 (#14281)
* remove rc notice and enterprise tag for the span

* Edit sidebar and security.md

* Add api changes and minor fixes

* Fix linting

* fix netlify linter

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* remove changelog entries that shouldn't be there

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* fix linting

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-29 20:48:49 +02:00
593c953ecc website/docs: sessions in database (#13507)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-29 20:33:48 +02:00
bcefe7123c website/docs: add LDAP 'Lookup using user attribute' docs (#13966)
* website/docs: add LDAP 'Lookup using user attribute' docs

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Updated the doc to new template, removed incorrect screenshot, clarified instructions

* Change in group field explanation as per Marc's comment

* Added examples for filters and changed some language.

* Removed additional info link

* fixup

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Minor formatting changes

* Update website/docs/users-sources/sources/protocols/ldap/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/users-sources/sources/directory-sync/active-directory/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/users-sources/sources/directory-sync/active-directory/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Added more information to service account creation and LDAPS testing

* Added examples for fields based on issue #3801

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-04-29 20:32:59 +02:00
812cf6c4f2 website/docs: add postgres pool configuration (#14060)
* website/docs: add postgres pool configuration

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update website/docs/install-config/configuration/configuration.mdx

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-29 20:32:37 +02:00
73b6ef6a73 website/docs: docs about initial perms (#14263)
* basic procedural steps

* more questions, more typos

* more typos

* tweaks

* more content, new links

* fixed link

* tweak

* fix things

* more fixes

* yet more fixes

* Apply suggestions from code review

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/users-sources/access-control/initial_permissions.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* dewi's edits

* dominic's edits

* gergo edits and more dominic edits

* one more

* yet one more fix

* final gergo observation

* tweak

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-04-29 20:31:01 +02:00
b58ebcddbf website/docs: Revert "website/docs: revert token_expiry format in example blueprint… (#14280)
Revert "website/docs: revert token_expiry format in example blueprint (#13582)"

This reverts commit 9538cf4690.
2025-04-29 20:30:13 +02:00
8b6ac3c806 website/docs: Password Uniqueness Policy (#13686)
* First draft docs for policies/unique_password

* simplify documentation

* fix styling

* Add clarification about when this policy takes effect

* change wording in how it works

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* Take the user by the hand and tell them where to go

* Improve wording in Configuration options

* add suggestion from PR

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* Update website/docs/customize/policies/unique_password.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* fix linting and wording

* Add instructions for binding

* Remove conf options section, add to sidebar

* Update website/docs/customize/policies/unique_password.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-29 20:29:41 +02:00
c6aa792076 docs/website: Update 2025.4 notes (#14272)
Fix styling
2025-04-29 10:06:22 +01:00
ee4792734e website/docs: update 2025.4 release notes (#14251)
* Update release notes for 2025.4

* fix typo

* Add/improve highlights, features and descriptions

* Fix linting and remove API changes

* remove minor changes

* fix linting

* Add helm chart stuff and integrations guide

* fix linting

* Restore SECURITY.md and sidebar.js

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* password history - add compliance note

Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* please the linter

* use current version

* add .md

* fix badges

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Fletcher Heisler <fheisler@users.noreply.github.com>
2025-04-28 19:37:11 +00:00
445f11ca6b rbac: add name to Permissions search (#14269) 2025-04-28 14:39:42 +00:00
8e4810fb20 website/docs: add device code flow instructions (#14267)
Adds instructions on how to create a device code flow
2025-04-28 14:28:35 +02:00
96a122c5d1 core: bump astral-sh/uv from 0.6.16 to 0.6.17 (#14266)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-28 13:43:35 +02:00
3c6b8b10e5 web: fix bug that was causing charts to be too tall (#14253)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web: fix bug that was causing charts to be too tall

This removes the "aspect-ratio" declaration from the Charts CSS rules.  That declaration
was interacting badly with the charts' own internal tools for manually setting the size
of the canvas, causing the chart to be too tall or take up too much space when one had
a particularly wide monitor.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes
2025-04-25 13:00:02 -07:00
15999caa5d website/integrations: homarr remove redirect uri comment (#14252)
Signed-off-by: Dominic R <dominic@sdko.org>
2025-04-25 13:31:23 -05:00
57d8375de1 website/integrations: adds missing trailing slash in homarr doc (#14249)
Added trailing slash to link
2025-04-25 12:38:52 -05:00
07ec787076 lifecycle: fix test-all in docker (#14244) 2025-04-25 13:49:58 +02:00
bc96bef097 core, web: update translations (#14243)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-25 13:39:33 +02:00
28869858b5 web/admin: prevent default logo flashing in admin interface (#13960)
* web: elements: SidebarBrand: prevent logo flashing in admin interface

When using a custom SVG file (or mabye other types, TBH I didn't check, I should) for a branded logo, the logo would flash the stock authentik logo for a moment before the custom logo appears on the Admin interface.

This was happening because the brand configuration was being loaded asynchronously through the context provider, causing a brief moment where the default logo was shown.

Closes https://github.com/goauthentik/authentik/issues/3228
Closes https://github.com/goauthentik/authentik/issues/13739

* use globalAK

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-04-25 11:25:40 +02:00
cbc5a1c39d website/docs: Update release notes for 2025.4 (#14158)
* Update release notes for 2025.4

* fix typo

* Add/improve highlights, features and descriptions

* Fix linting and remove API changes

* remove minor changes

* fix linting

* Add helm chart stuff and integrations guide

* fix linting

* Restore SECURITY.md and sidebar.js

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* password history - add compliance note

Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>

* Update website/docs/releases/2025/v2025.4.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* please the linter

* use current version

* add .md

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Fletcher Heisler <fheisler@users.noreply.github.com>
2025-04-25 06:50:32 +02:00
5f6b69c998 core, web: update translations (#14241)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: melizeche <484773+melizeche@users.noreply.github.com>
2025-04-24 20:49:40 +00:00
cf065db3d5 Updates for file web/xliff/en.xlf in zh_TW [Manual Sync] (#14225)
* Translate web/xliff/en.xlf in zh_TW [Manual Sync]

71% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'zh_TW'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

* ci trigger

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-24 20:32:42 +00:00
86c65325ce translate: Updates for file web/xliff/en.xlf in nl [Manual Sync] (#14217)
Translate web/xliff/en.xlf in nl [Manual Sync]

66% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'nl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 22:01:07 +02:00
2b8e10e979 translate: Updates for file web/xliff/en.xlf in fi [Manual Sync] (#14219)
Translate web/xliff/en.xlf in fi [Manual Sync]

93% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'fi'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 22:00:45 +02:00
9298807275 translate: Updates for file web/xliff/en.xlf in de [Manual Sync] (#14220)
Translate web/xliff/en.xlf in de [Manual Sync]

71% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'de'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 22:00:28 +02:00
ed56d6ac50 translate: Updates for file web/xliff/en.xlf in fr [Manual Sync] (#14221)
Translate web/xliff/en.xlf in fr [Manual Sync]

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:59:43 +02:00
8c07b385ad translate: Updates for file web/xliff/en.xlf in pl [Manual Sync] (#14222)
Translate web/xliff/en.xlf in pl [Manual Sync]

84% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'pl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:59:29 +02:00
880db7a86c translate: Updates for file locale/en/LC_MESSAGES/django.po in es [Manual Sync] (#14223)
Translate django.po in es [Manual Sync]

93% of minimum 60% translated source file: 'django.po'
on 'es'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:59:21 +02:00
99c1250ba5 translate: Updates for file web/xliff/en.xlf in zh-Hans [Manual Sync] (#14224)
Translate en.xlf in zh-Hans [Manual Sync]

100% translated source file: 'en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:59:14 +02:00
5ce126ac83 translate: Updates for file locale/en/LC_MESSAGES/django.po in de [Manual Sync] (#14226)
Translate django.po in de [Manual Sync]

94% of minimum 60% translated source file: 'django.po'
on 'de'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:58:57 +02:00
dfa21d0725 translate: Updates for file locale/en/LC_MESSAGES/django.po in fi [Manual Sync] (#14227)
Translate django.po in fi [Manual Sync]

92% of minimum 60% translated source file: 'django.po'
on 'fi'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:58:50 +02:00
e7e4af3894 translate: Updates for file web/xliff/en.xlf in tr [Manual Sync] (#14228)
Translate web/xliff/en.xlf in tr [Manual Sync]

90% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'tr'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:58:38 +02:00
931d6ec579 translate: Updates for file locale/en/LC_MESSAGES/django.po in pl [Manual Sync] (#14229)
Translate django.po in pl [Manual Sync]

81% of minimum 60% translated source file: 'django.po'
on 'pl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:58:17 +02:00
ff45acb25c translate: Updates for file locale/en/LC_MESSAGES/django.po in ko [Manual Sync] (#14230)
Translate django.po in ko [Manual Sync]

67% of minimum 60% translated source file: 'django.po'
on 'ko'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:58:10 +02:00
c96557ff2d translate: Updates for file locale/en/LC_MESSAGES/django.po in it [Manual Sync] (#14231)
Translate django.po in it [Manual Sync]

97% of minimum 60% translated source file: 'django.po'
on 'it'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:57:59 +02:00
734feac4ae translate: Updates for file locale/en/LC_MESSAGES/django.po in ru [Manual Sync] (#14232)
Translate django.po in ru [Manual Sync]

89% of minimum 60% translated source file: 'django.po'
on 'ru'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:57:38 +02:00
b17a9ed145 translate: Updates for file web/xliff/en.xlf in it [Manual Sync] (#14216)
Translate web/xliff/en.xlf in it [Manual Sync]

98% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'it'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:57:19 +02:00
2bef7695db translate: Updates for file locale/en/LC_MESSAGES/django.po in pt_BR [Manual Sync] (#14233)
Translate django.po in pt_BR [Manual Sync]

73% of minimum 60% translated source file: 'django.po'
on 'pt_BR'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 21:45:16 +02:00
df472dd842 Revert "website/docs: Prepare for monorepo. (#14119)" (#14239)
This reverts commit 5bdef1c4f6.
2025-04-24 21:44:13 +02:00
98d201d34c web: bump API Client version (#14236)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-24 19:01:26 +00:00
47e89602ab stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#14237)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-24 19:00:09 +00:00
ceb0851452 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_TW [Manual Sync] (#14235)
Translate django.po in zh_TW [Manual Sync]

78% of minimum 60% translated source file: 'django.po'
on 'zh_TW'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 18:56:13 +00:00
cac2593658 translate: Updates for file locale/en/LC_MESSAGES/django.po in tr [Manual Sync] (#14234)
Translate django.po in tr [Manual Sync]

90% of minimum 60% translated source file: 'django.po'
on 'tr'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-24 18:53:54 +00:00
1c9705bfaa web: lock lit/ssr (#14214) 2025-04-24 18:38:32 +00:00
9e2566cec4 ci: fix npm packages publication not running (#14215) 2025-04-24 18:36:55 +00:00
5bdef1c4f6 website/docs: Prepare for monorepo. (#14119)
* docusaurus-theme: Fix header alignment, overscroll, vertical padding.

* docusaurus-theme: Lint.

* website/docs: Prepare for monorepo packages.

* website/docs: Clean up dependencies. Tidy table.

* website/docs: Fix issue where Prettier affects example content.

* website/docs: Temp fix for stale packages.
2025-04-24 18:22:56 +00:00
ae41ccd862 Revert package-lock.json changes from "web: add remember me feature to IdentificationStage (#10397)" (#14212)
Revert package-lock.json changes from "web: add remember me feature to IdentificationStage (#10397)"

This reverts parts of commit 5e6874cc1f.
2025-04-24 18:20:35 +00:00
337956672f Revert "web: Safari fixes merge branch (#14181)" (#14211) 2025-04-24 14:00:29 -04:00
cf160f800d web: Safari fixes merge branch (#14181)
* web/admin: Fix layout centering. Adjust theming.

* web: Fix issue where references to Lit SSR break page styles.

* web: Fix issues surrounding color scheme/theme mixup in UI.
2025-04-24 10:16:04 -04:00
e9822cd937 website: bump the build group in /website with 9 updates (#14204)
Bumps the build group in /website with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.5` | `1.3.6` |
| [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.5` | `1.3.6` |
| [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.5` | `1.3.6` |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.21` | `1.11.22` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.21` | `1.11.22` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.21` | `1.11.22` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.21` | `1.11.22` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.21` | `1.11.22` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.21` | `1.11.22` |


Updates `@rspack/binding-darwin-arm64` from 1.3.5 to 1.3.6
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.6/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.3.5 to 1.3.6
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.6/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.3.5 to 1.3.6
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.6/packages/rspack)

Updates `@swc/core-darwin-arm64` from 1.11.21 to 1.11.22
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.21...v1.11.22)

Updates `@swc/core-linux-arm64-gnu` from 1.11.21 to 1.11.22
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.21...v1.11.22)

Updates `@swc/core-linux-x64-gnu` from 1.11.21 to 1.11.22
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.21...v1.11.22)

Updates `@swc/html-darwin-arm64` from 1.11.21 to 1.11.22
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.21...v1.11.22)

Updates `@swc/html-linux-arm64-gnu` from 1.11.21 to 1.11.22
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.21...v1.11.22)

Updates `@swc/html-linux-x64-gnu` from 1.11.21 to 1.11.22
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.21...v1.11.22)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-version: 1.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-version: 1.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-version: 1.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-darwin-arm64"
  dependency-version: 1.11.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-version: 1.11.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-version: 1.11.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-version: 1.11.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-version: 1.11.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-version: 1.11.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-24 13:52:37 +02:00
5244f64be4 website: bump typescript from 5.8.2 to 5.8.3 in /website (#13786)
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.8.2 to 5.8.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](https://github.com/microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 5.8.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-24 13:34:43 +02:00
0df4824fd4 lifecycle/migrate: fix migration failing if killed during first startup (#14207)
Co-authored-by: Taylor Jones <bigfootjonesy@gmail.com>
2025-04-24 11:20:37 +00:00
ea22abc75d core, web: update translations (#14203)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-24 13:03:04 +02:00
b09bab7543 lifecycle/aws: bump aws-cdk from 2.1010.0 to 2.1012.0 in /lifecycle/aws (#14205)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-24 12:59:45 +02:00
5aedc8a5f2 website/integrations: improves netbird documentation (#14191)
* Matches up the doc with the official NetBird documentation. Also fixes order of the sidebar.

* Removed kbd and used angle brackets

* Changed wording of final section to mention filename and script that needs to be run

* Update website/integrations/services/netbird/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/netbird/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* added title to codeblock

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-04-24 08:26:40 +00:00
2f3ae0f607 website/docs: updated user count info (#14186)
* updated user count info

* Update website/docs/enterprise/manage-enterprise.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-04-23 18:16:09 -05:00
e3674426b7 website/docs: rearranged brands docs (#14116)
* first pass

* fixed links.

* tweaks

* remove extensions in redirects

* added edits from review

* missed an edit

---------

Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-04-23 16:39:06 -05:00
df915d3a5e website: integrations: apache guacamole: remove redirect URI comments (#14113)
* website: integrations: apache guacamole: remove redirect URI comments

Self-evident. + Just follow the docs tbh

* Update website/integrations/services/apache-guacamole/index.mdx

Co-authored-by: Jens L. <jens@beryju.org>
Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Jens L. <jens@beryju.org>
2025-04-23 14:15:35 -05:00
4949c31860 packages/docusaurus-theme: Fix header alignment, overscroll, vertical padding. (#14120)
* docusaurus-theme: Fix header alignment, overscroll, vertical padding.

* docusaurus-theme: Lint.

* website/docs: Update package-lock.
2025-04-23 13:19:38 -04:00
4580dec06b outposts: add support for gateway API (#13272) 2025-04-23 16:22:10 +00:00
56de969640 translate: Updates for file web/xliff/en.xlf in fr (#14200)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-23 15:37:48 +00:00
413902508d translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#14199)
* Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

* Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-23 15:36:58 +00:00
64af0ccba6 website/docs: adds code examples for getting user objects from a group object (#14101)
* Added example of how to get user objects fro a group object

* Updated wording

* Updated wording, added titles to examples, capitalised group, added explanation of examples

* Update website/docs/users-sources/groups/group_ref.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/users-sources/groups/group_ref.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/users-sources/groups/group_ref.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/users-sources/groups/group_ref.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/users-sources/groups/group_ref.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/users-sources/groups/group_ref.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/users-sources/groups/group_ref.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Changes based on Tana's feedback

* Word

* Capitalization

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-23 16:36:19 +01:00
673db53777 translate: Updates for file web/xliff/en.xlf in zh-Hans (#14198)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-23 15:32:35 +00:00
8df7716d90 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#14195)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-23 15:29:05 +00:00
19bb2de13f translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#14197)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-23 17:20:01 +02:00
a218fd7628 translate: Updates for file web/xliff/en.xlf in zh_CN (#14196)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-23 17:19:32 +02:00
78cfb50a90 website/integrations: mealie add integration (#14188)
* Mealie Integration Documentation

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Update configuration text.

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Update to configuration text.

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Update to configuration text.

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Update sidebarsIntegrations.js, add mealie.

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Update for missed service name replacement.

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Updated Mealie description.

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Update to format, in authentik configuration statement.

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Update to format in redirect URI section.

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Change case of Authentik to authentik.

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Mealie updates to correct styles and improve content.

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Removed tip text now part of a new section.

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Update website/integrations/services/mealie/index.md

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update group example format.

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Update to navigation description.

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

* Removed quotes in env.,

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>

---------

Signed-off-by: TrisBits <44067868+TrisBits@users.noreply.github.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-04-23 13:59:53 +01:00
2033d52dc2 core, web: update translations (#14187)
Co-authored-by: melizeche <484773+melizeche@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-23 10:57:09 +00:00
be00f47ddc core: bump goauthentik.io/api/v3 from 3.2025024.8 to 3.2025024.9 (#14189)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-23 12:44:09 +02:00
2cc5f4b273 website/docs: update user object doc (#14132)
* Updated formatting, changed examples, added headers, updated django doc link to stable

* Prettier fix

* Update website/docs/users-sources/user/user_ref.mdx

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/users-sources/user/user_ref.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-23 08:26:10 +01:00
4e8f3407a4 website/docs: dev-docs: style guide: no longer using italic for vars (#14185)
We no longer use italic for variables

Signed-off-by: Dominic R <dominic@sdko.org>
2025-04-22 17:30:46 -05:00
7f861cc2a1 website/docs: dev docs: style guide: update style conventions for urls (#14184)
* website/docs: dev docs: style guide: update style conventions for urls

Updates URL styling conventions to use angle bracket surrounded values instead of <em>s and <kbd>s

Part of https://www.notion.so/authentiksecurity/Check-ins-17caee05b24e80a0aec6c7d508406435?pvs=4#1ddaee05b24e80138155e120174c3502

Signed-off-by: Dominic R <dominic@sdko.org>

* yep

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-04-22 17:30:02 -05:00
7bf58d0ba2 website/integrations: paperless: use <slug>. instead of hardcoded slug value (#14183)
Closes https://github.com/goauthentik/authentik/issues/13778

Signed-off-by: Dominic R <dominic@sdko.org>
2025-04-22 16:55:53 -05:00
fffcb00f39 website/docs: updates style guide code block section (#14088)
* Removed multiline code block section. Added docusaurus style codeblock section. Fixed some capitalisation.

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Added highlighting info and fixed formatting.

* Typo and prettier.

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-04-22 12:10:06 -05:00
77ee868573 website: components: delete multilinecodeblock src (#14094)
* Delete website/src/components/MultilineCodeblock/index.tsx

Signed-off-by: Dominic R <dominic@sdko.org>

* Delete website/src/components/MultilineCodeblock/styles.css

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-04-22 17:41:41 +01:00
6aaec08496 Revert "policies: buffered policy access view for concurrent authorization attempts when unauthenticated (#13629)" (#14180) 2025-04-22 15:45:45 +00:00
cc15584650 core: bump uvicorn from 0.34.1 to v0.34.2 (#14175) 2025-04-22 17:14:01 +02:00
e55e446b89 website/integrations: add xcreds (#14163)
* Created guide and modified sidebar

* make

* Typo

* Clarified wording

* Added words

* Fixed login to vs log into

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/xcreds/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-22 14:34:56 +00:00
76088e48b5 core, web: update translations (#14179)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-22 13:56:32 +00:00
4165a0a6b2 web: update default flow background (#14115)
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-22 15:02:10 +02:00
647fefe5ce web: bump API Client version (#14176)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-22 15:01:42 +02:00
723dccdae3 enterprise/policies: Add Password Uniqueness History Policy (#13453)
Co-authored-by: David Gunter <david@davidgunter.ca>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-22 14:39:07 +02:00
c82f747e5e web/xliff: fix duplicated translations (#14164) 2025-04-22 12:13:34 +00:00
43406e2464 website/docs: fix postgres pool recommended settings (#14149) 2025-04-22 12:01:36 +00:00
a0ff0bef85 core: bump astral-sh/uv from 0.6.14 to 0.6.16 (#14161)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-22 13:57:29 +02:00
bedf548a5f web: fix scrollbar styling (#12600)
* Fix `.pf-c-card__body` scrollbars

* Fallback scrollbar styling for browsers that don't support `::-webkit-scrollbar`

---------

Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
2025-04-22 04:47:02 +02:00
976e81c1dd website: integrations: gravity: fix issuer URL (#14155)
Signed-off-by: Dominic R <dominic@sdko.org>
2025-04-21 20:53:25 +02:00
ad733033d7 web: Packagify live reload plugin. (#14134)
* web: Packagify live reload plugin.

* web: Use shared formatter.

* web: Format.

* web: Use project mode typecheck.

* web: Fix type errors.
2025-04-21 19:07:45 +02:00
ba686f6a93 web: bump API Client version (#14062)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-18 17:17:30 +02:00
dc50be1e13 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#14146)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-18 17:17:03 +02:00
205686d252 translate: Updates for file web/xliff/en.xlf in zh_CN (#14145)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-18 17:16:48 +02:00
6d589013e6 core: bump goauthentik.io/api/v3 from 3.2025024.7 to 3.2025024.8 (#14143)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-18 17:16:34 +02:00
2d6433ca9a translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#14144)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-18 17:16:23 +02:00
b5f07acb26 translate: Updates for file web/xliff/en.xlf in zh-Hans (#14139)
* Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

* Removing web/xliff/en.xlf in zh-Hans

99% of minimum 100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

* Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-18 17:16:10 +02:00
ea8702077c core, web: update translations (#14142)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-18 11:18:32 +02:00
6593357115 core: bump yarl from 1.19.0 to v1.20.0 (#14128) 2025-04-17 13:44:53 -04:00
6daed865c1 core: bump kombu from 5.5.2 to v5.5.3 (#14127) 2025-04-17 13:44:35 -04:00
c48a21707a core: bump boto3 from 1.37.34 to v1.37.35 (#14126) 2025-04-17 13:44:06 -04:00
e857770c0a core: bump automat from 24.8.1 to v25.4.16 (#14125) 2025-04-17 13:43:47 -04:00
add74c8799 website: bump http-proxy-middleware from 2.0.7 to 2.0.9 in /website (#14111)
Bumps [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) from 2.0.7 to 2.0.9.
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md)
- [Commits](https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.9)

---
updated-dependencies:
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 19:19:25 +02:00
12d854035d website: bump estree-util-value-to-estree from 3.1.1 to 3.3.3 in /website (#13808)
website: bump estree-util-value-to-estree in /website

Bumps [estree-util-value-to-estree](https://github.com/remcohaszing/estree-util-value-to-estree) from 3.1.1 to 3.3.3.
- [Release notes](https://github.com/remcohaszing/estree-util-value-to-estree/releases)
- [Commits](https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.1.1...v3.3.3)

---
updated-dependencies:
- dependency-name: estree-util-value-to-estree
  dependency-version: 3.3.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 19:02:02 +02:00
57dd4ae91d website: bump wireit from 0.14.11 to 0.14.12 in /website (#14003)
Bumps [wireit](https://github.com/google/wireit) from 0.14.11 to 0.14.12.
- [Changelog](https://github.com/google/wireit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/wireit/compare/v0.14.11...v0.14.12)

---
updated-dependencies:
- dependency-name: wireit
  dependency-version: 0.14.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 19:01:46 +02:00
37fbc98177 website: bump the build group in /website with 9 updates (#13748)
Bumps the build group in /website with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.0` | `1.3.1` |
| [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.0` | `1.3.1` |
| [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.3.0` | `1.3.1` |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.13` | `1.11.16` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.13` | `1.11.16` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.13` | `1.11.16` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.13` | `1.11.16` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.13` | `1.11.16` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.13` | `1.11.16` |


Updates `@rspack/binding-darwin-arm64` from 1.3.0 to 1.3.1
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.1/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.3.0 to 1.3.1
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.1/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.3.0 to 1.3.1
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.1/packages/rspack)

Updates `@swc/core-darwin-arm64` from 1.11.13 to 1.11.16
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.13...v1.11.16)

Updates `@swc/core-linux-arm64-gnu` from 1.11.13 to 1.11.16
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.13...v1.11.16)

Updates `@swc/core-linux-x64-gnu` from 1.11.13 to 1.11.16
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.13...v1.11.16)

Updates `@swc/html-darwin-arm64` from 1.11.13 to 1.11.16
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.13...v1.11.16)

Updates `@swc/html-linux-arm64-gnu` from 1.11.13 to 1.11.16
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.13...v1.11.16)

Updates `@swc/html-linux-x64-gnu` from 1.11.13 to 1.11.16
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.13...v1.11.16)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 19:00:44 +02:00
14f216eb40 core: bump github.com/go-ldap/ldap/v3 from 3.4.10 to 3.4.11 (#14068)
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.10 to 3.4.11.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.4.10...v3.4.11)

---
updated-dependencies:
- dependency-name: github.com/go-ldap/ldap/v3
  dependency-version: 3.4.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 19:00:21 +02:00
1209dd022e translate: Updates for file web/xliff/en.xlf in fr (#14124)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-17 10:58:55 +00:00
c96f13ac66 translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#14123)
* Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

* Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-17 10:57:24 +00:00
5e6874cc1f web: add remember me feature to IdentificationStage (#10397)
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-17 10:37:49 +00:00
fb5053ec83 core: bump goauthentik.io/api/v3 from 3.2025024.6 to 3.2025024.7 (#14121)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 12:27:24 +02:00
6f7dc2c543 lifecycle/aws: bump aws-cdk from 2.1007.0 to 2.1010.0 in /lifecycle/aws (#14122)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-17 12:27:17 +02:00
542b69b224 core, web: update translations (#14117)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-17 12:24:29 +02:00
c15c0cbe86 website: integrations: apache guacamole: Fix deprecated start-of-doc … (#14114)
website: integrations: apache guacamole: Fix deprecated start-of-doc values
2025-04-16 15:45:44 -05:00
c6fe0c1d85 website integrations: actual budget: remove old header and support_level (#14112) 2025-04-16 15:45:20 -05:00
07f0666a6f website/integrations: general cleanup and updates (#12716)
* squash commits for future merge conflict resolution, if any

* adventurelog cleanup + lint

* lint (again)

* Update website/integrations/services/adventurelog/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/actual-budget/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/apache-guacamole/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/gatus/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/bookstack/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/freshrss/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/budibase/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/cloudflare-access/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/dokuwiki/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/frappe/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/espocrm/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/fortimanager/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/fortigate-admin/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/firezone/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* fix

Signed-off-by: Dominic R <dominic@sdko.org>

* wip: migr actual budget integration to new codeblock

* Replaced multilinecodeblocks with docusaurus style codeblocks

* Fixed linting and removed kbd and em tags from codeblock

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-04-16 15:16:01 -05:00
51609d696d policies/geoip: fix result when only dynamic results are used (#14107) 2025-04-16 15:50:26 +00:00
c0d08df161 core: bump opentelemetry-api from 1.32.0 to v1.32.1 (#14102) 2025-04-16 15:50:10 +00:00
643a97f0a5 core: bump rsa from 4.9 to v4.9.1 (#14103) 2025-04-16 09:51:53 -04:00
155a31fd70 sources/oauth: introduce authorization code auth method (#14034)
Co-authored-by: Rsgm <rsgm123@gmail.com>
2025-04-16 13:00:08 +00:00
c6f9d5df7b core, web: update translations (#14096)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-16 13:16:06 +02:00
ea85331a7e web/api: Fix Hoisted exports across entrypoints. Update Axios. (#14089)
* web/api: Fix issue where hoisted exports across entrypoints do not
order.

* web/api: Override OpenAPI transitive dep.
2025-04-15 20:09:41 +02:00
4f4c5253dd translate: Updates for file web/xliff/en.xlf in fr (#14091)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-15 17:11:40 +00:00
83b2fc36df translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#14090)
Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-15 17:08:09 +00:00
d99d2b8bdc translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#14087)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-15 18:40:19 +02:00
9b96d04b3a translate: Updates for file web/xliff/en.xlf in zh-Hans (#14086)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-15 18:40:02 +02:00
ca5b99eb16 translate: Updates for file web/xliff/en.xlf in zh_CN (#14084)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-15 18:39:49 +02:00
4c1676e97c translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#14083)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-15 18:39:36 +02:00
81855cf2fe core: bump google-auth from 2.38.0 to v2.39.0 (#14076) 2025-04-15 08:32:54 -04:00
bd904027be core: bump sentry-sdk from 2.25.1 to v2.26.1 (#14079) 2025-04-15 08:32:14 -04:00
0ffc97db15 core: bump prompt-toolkit from 3.0.50 to v3.0.51 (#14078) 2025-04-15 08:31:41 -04:00
2c515b1e17 core: bump boto3 from 1.37.33 to v1.37.34 (#14074) 2025-04-15 08:31:12 -04:00
f8900fbaf3 core: bump msgraph-sdk from 1.27.0 to v1.28.0 (#14077) 2025-04-15 08:30:44 -04:00
0f4a98d9c6 website/docs: fix minor typo in working_with_policies.md (#14071)
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-15 11:40:23 +00:00
8853f25b45 core, web: update translations (#14064)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-15 13:26:02 +02:00
1c40f7b95a stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#14065)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-15 13:25:13 +02:00
9b5d6ec1af core: bump goauthentik.io/api/v3 from 3.2025024.4 to 3.2025024.6 (#14069)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-15 13:24:28 +02:00
36d29a9ae1 Small fix for Actual-Budget wiki guide (#14066)
Remove ending slash from redirect uri

Signed-off-by: James Armstrong <32995055+jmarmstrong1207@users.noreply.github.com>
2025-04-15 09:43:59 +01:00
0606b1aba4 root: support db pool (#13534) 2025-04-14 16:05:31 +00:00
03d5dad867 rbac: add InitialPermissions (#13795)
* add `InitialPermissions` model to RBAC

This is a powerful construct between Permission and Role to set initial
permissions for newly created objects.

* use safer `request.user`

* fixup! use safer `request.user`

* force all self-defined serializers to descend from our custom one

See https://github.com/goauthentik/authentik/pull/10139

* reorganize initial permission assignment

* fixup! reorganize initial permission assignment
2025-04-14 17:55:49 +02:00
38a9e46af3 web: bump API Client version (#14058)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-14 17:24:47 +02:00
5eb848e376 core: Bump django from 5.0.14 to 5.1.8 (#14059)
Bump django from 5.0.14 to 5.1.8
2025-04-14 14:54:58 +00:00
61a293daad core: bump django-rest-framework from 3.14.0 to 3.16.0 (#14057)
upgrade `django-rest-framework` to `3.16.0`

The reverted commit is purely an optimization which unfortunately breaks authentik, specifically Blueprints. It adds `getattr(serializer.instance, field)` to a validator. If `field` is a `RelatedObject`, that invocation queries the database.

When authentik creates objects using Blueprints, it doesn't place related objects into the database before the validator tries to get them from there, so with the reverted commit, it produces `RelatedObjectDoesNotExist`.

Perhaps a long-term solution is to revise how Blueprints work, or perhaps it is to change upstream. But in the meantime, Django 5.0 support ended and upgrading to Django 5.1 requires an upgrade of `django-rest-framework` to `3.16.0`, hence this workaround.

See
- https://github.com/encode/django-rest-framework/pull/9154
- https://github.com/encode/django-rest-framework/issues/9358
- https://github.com/encode/django-rest-framework/pull/9482
- https://github.com/encode/django-rest-framework/pull/9483
2025-04-14 16:24:11 +02:00
edf3300944 policies/reputation: limit reputation score (#14008)
* add limits to reputation score

* limit reputation score limits

Upper to non-negative, Lower to non-positive

* simplify tests

* "fix" bandit false-positives

* move magic numbers to constants

Is it too much to ask for a world in which I can just import these
straight from Python?
2025-04-14 14:18:59 +00:00
5d9c40eac8 ci: fix api-py-publish by disabling poetry cache (#14010) 2025-04-14 16:18:31 +02:00
6ebfbcb66e core: bump goauthentik/fips-python from 3.12.9-slim-bookworm-fips to 3.12.10-slim-bookworm-fips (#14044) 2025-04-14 08:15:20 -06:00
bf0235c113 ci: add NPM packages publish (#13974)
Co-authored-by: Teffen Ellis <teffen@nirri.us>
2025-04-14 08:14:17 -06:00
895cd23b57 root: add packages/ to codeowners (#13975) 2025-04-14 08:05:09 -06:00
c908d9e95e providers/oauth2, rac: make sure tokens are revoked after session deletion (#14011) 2025-04-14 15:48:39 +02:00
a07fd8d54b core: bump multidict from 6.4.2 to v6.4.3 (#14051) 2025-04-14 13:26:50 +00:00
39a46a6dc4 core: bump uvicorn from 0.34.0 to v0.34.1 (#14056) 2025-04-14 13:26:10 +00:00
ad71960d77 core: bump typing-extensions from 4.13.1 to v4.13.2 (#14055) 2025-04-14 13:04:16 +00:00
2a384511f5 core: bump ruff from 0.11.4 to v0.11.5 (#14053) 2025-04-14 13:03:52 +00:00
4dcc104947 core: bump boto3 from 1.37.31 to v1.37.33 (#14045) 2025-04-14 09:02:05 -04:00
71fe526e47 core: bump opentelemetry-api from 1.31.1 to v1.32.0 (#14052) 2025-04-14 09:01:39 -04:00
03e3f516ac core: bump httpcore from 1.0.7 to v1.0.8 (#14050) 2025-04-14 13:00:58 +00:00
3b59333246 core: bump google-api-python-client from 2.166.0 to v2.167.0 (#14048) 2025-04-14 13:00:20 +00:00
4e800c14cb core: bump googleapis-common-protos from 1.69.2 to v1.70.0 (#14049) 2025-04-14 12:59:54 +00:00
789b29a3e7 core: bump debugpy from 1.8.13 to v1.8.14 (#14047) 2025-04-14 12:59:21 +00:00
857b6e63a0 root: prevent docker-compose up when secret key is missing (#14043) 2025-04-14 12:56:41 +00:00
edc937dd78 core: bump goauthentik.io/api/v3 from 3.2025024.2 to 3.2025024.4 (#14042)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-14 14:49:32 +02:00
d98b6f29d4 core: bump github.com/sethvargo/go-envconfig from 1.1.1 to 1.2.0 (#14041)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-14 14:49:17 +02:00
53ba2a0ca8 core, web: update translations (#14037)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-14 14:40:38 +02:00
ae364292e6 website: Port WWW theme to docs site. Prep for package. (#13962)
Update sidebar.css

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

website/docs: Update paths.

website/docs: Use package theme.
2025-04-12 01:31:57 +02:00
f15bc2df97 translate: Updates for file locale/en/LC_MESSAGES/django.po in nl [Manual Sync] (#14026)
Translate django.po in nl [Manual Sync]

80% of minimum 75% translated source file: 'django.po'
on 'nl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 15:55:33 +00:00
b27d49e55f translate: Updates for file web/xliff/en.xlf in fi [Manual Sync] (#14012)
Translate web/xliff/en.xlf in fi [Manual Sync]

95% of minimum 75% translated source file: 'web/xliff/en.xlf'
on 'fi'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:38:37 +02:00
e0d2beb225 translate: Updates for file locale/en/LC_MESSAGES/django.po in de [Manual Sync] (#14020)
Translate django.po in de [Manual Sync]

96% of minimum 75% translated source file: 'django.po'
on 'de'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:38:11 +02:00
2313b4755b translate: Updates for file locale/en/LC_MESSAGES/django.po in pt_BR [Manual Sync] (#14027)
Translate django.po in pt_BR [Manual Sync]

75% of minimum 75% translated source file: 'django.po'
on 'pt_BR'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:37:55 +02:00
1cffadecb0 translate: Updates for file locale/en/LC_MESSAGES/django.po in it [Manual Sync] (#14024)
Translate django.po in it [Manual Sync]

99% of minimum 75% translated source file: 'django.po'
on 'it'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:37:40 +02:00
5e163d6da1 translate: Updates for file locale/en/LC_MESSAGES/django.po in pl [Manual Sync] (#14025)
Translate django.po in pl [Manual Sync]

82% of minimum 75% translated source file: 'django.po'
on 'pl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:37:23 +02:00
0626e18674 translate: Updates for file locale/en/LC_MESSAGES/django.po in fi [Manual Sync] (#14023)
Translate django.po in fi [Manual Sync]

94% of minimum 75% translated source file: 'django.po'
on 'fi'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:37:04 +02:00
e986a62a12 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_TW [Manual Sync] (#14031)
Translate django.po in zh_TW [Manual Sync]

79% of minimum 75% translated source file: 'django.po'
on 'zh_TW'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:36:48 +02:00
e25afcb84a translate: Updates for file web/xliff/en.xlf in pl [Manual Sync] (#14015)
Translate web/xliff/en.xlf in pl [Manual Sync]

85% of minimum 75% translated source file: 'web/xliff/en.xlf'
on 'pl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:36:33 +02:00
bb95613104 translate: Updates for file web/xliff/en.xlf in zh_CN [Manual Sync] (#14017)
Translate web/xliff/en.xlf in zh_CN [Manual Sync]

99% of minimum 75% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:36:17 +02:00
89dfac2f57 translate: Updates for file web/xliff/en.xlf in it [Manual Sync] (#14016)
Translate web/xliff/en.xlf in it [Manual Sync]

99% of minimum 75% translated source file: 'web/xliff/en.xlf'
on 'it'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:36:14 +02:00
31462b55e6 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN [Manual Sync] (#14028)
Translate django.po in zh_CN [Manual Sync]

99% of minimum 75% translated source file: 'django.po'
on 'zh_CN'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:36:08 +02:00
60337c1cf0 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans [Manual Sync] (#14029)
Translate django.po in zh-Hans [Manual Sync]

99% of minimum 75% translated source file: 'django.po'
on 'zh-Hans'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 17:36:03 +02:00
343d3bb1fb translate: Updates for file locale/en/LC_MESSAGES/django.po in ru [Manual Sync] (#14032)
Translate django.po in ru [Manual Sync]

91% of minimum 75% translated source file: 'django.po'
on 'ru'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 15:09:01 +00:00
11fe86c4f6 translate: Updates for file locale/en/LC_MESSAGES/django.po in fr [Manual Sync] (#14022)
Translate django.po in fr [Manual Sync]

99% of minimum 75% translated source file: 'django.po'
on 'fr'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 15:07:16 +00:00
963ce085e4 translate: Updates for file locale/en/LC_MESSAGES/django.po in es [Manual Sync] (#14019)
Translate django.po in es [Manual Sync]

95% of minimum 75% translated source file: 'django.po'
on 'es'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 15:06:47 +00:00
3642b89ab0 translate: Updates for file web/xliff/en.xlf in zh-Hans [Manual Sync] (#14021)
Translate en.xlf in zh-Hans [Manual Sync]

99% of minimum 75% translated source file: 'en.xlf'
on 'zh-Hans'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 15:06:07 +00:00
8cfb371ed3 translate: Updates for file web/xliff/en.xlf in ru [Manual Sync] (#14013)
Translate web/xliff/en.xlf in ru [Manual Sync]

90% of minimum 75% translated source file: 'web/xliff/en.xlf'
on 'ru'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 15:05:28 +00:00
6e74edb9f2 web: bump API Client version (#13972)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-11 14:32:58 +02:00
397905f8f0 translate: Updates for file web/xliff/en.xlf in fr [Manual Sync] (#13979)
* Translate web/xliff/en.xlf in fr [Manual Sync]

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

* Removing web/xliff/en.xlf in fr

99% of minimum 100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 14:22:54 +02:00
7fd35b1dfc sources/ldap: add source connections (#13796) 2025-04-11 12:07:18 +00:00
9ba03f5439 core: bump urllib3 from 2.3.0 to 2.4.0 (#14006)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-11 12:00:56 +00:00
1139d6d27c translate: Updates for file web/xliff/en.xlf in zh-Hans [Manual Sync] (#13985)
* Translate en.xlf in zh-Hans [Manual Sync]

100% translated source file: 'en.xlf'
on 'zh-Hans'.

* Removing web/xliff/en.xlf in zh-Hans

99% of minimum 100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 11:58:56 +00:00
077fd966c2 translate: Updates for file locale/en/LC_MESSAGES/django.po in ru [Manual Sync] (#13992)
Translate django.po in ru [Manual Sync]

91% of minimum 60% translated source file: 'django.po'
on 'ru'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:46:11 +02:00
bd41822a57 translate: Updates for file locale/en/LC_MESSAGES/django.po in de [Manual Sync] (#13986)
Translate django.po in de [Manual Sync]

96% of minimum 60% translated source file: 'django.po'
on 'de'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:45:49 +02:00
dfd3d76434 translate: Updates for file locale/en/LC_MESSAGES/django.po in nl [Manual Sync] (#13991)
Translate django.po in nl [Manual Sync]

81% of minimum 60% translated source file: 'django.po'
on 'nl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:45:24 +02:00
397e98906d translate: Updates for file locale/en/LC_MESSAGES/django.po in es [Manual Sync] (#13987)
Translate django.po in es [Manual Sync]

95% of minimum 60% translated source file: 'django.po'
on 'es'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:45:12 +02:00
65d8da8c64 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_TW [Manual Sync] (#13994)
Translate django.po in zh_TW [Manual Sync]

79% of minimum 60% translated source file: 'django.po'
on 'zh_TW'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:44:55 +02:00
5b435297c5 translate: Updates for file locale/en/LC_MESSAGES/django.po in fi [Manual Sync] (#13988)
Translate django.po in fi [Manual Sync]

94% of minimum 60% translated source file: 'django.po'
on 'fi'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:44:39 +02:00
f792fd42f6 translate: Updates for file web/xliff/en.xlf in fi [Manual Sync] (#13978)
Translate web/xliff/en.xlf in fi [Manual Sync]

95% of minimum 60% translated source file: 'web/xliff/en.xlf'
on 'fi'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:44:32 +02:00
70c0fdd5fa translate: Updates for file locale/en/LC_MESSAGES/django.po in pl [Manual Sync] (#13989)
Translate django.po in pl [Manual Sync]

82% of minimum 60% translated source file: 'django.po'
on 'pl'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:44:24 +02:00
9b636eba01 translate: Updates for file locale/en/LC_MESSAGES/django.po in pt_BR [Manual Sync] (#13990)
Translate django.po in pt_BR [Manual Sync]

75% of minimum 60% translated source file: 'django.po'
on 'pt_BR'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:44:19 +02:00
a982224502 translate: Updates for file locale/en/LC_MESSAGES/django.po in tr [Manual Sync] (#13995)
Translate django.po in tr [Manual Sync]

91% of minimum 60% translated source file: 'django.po'
on 'tr'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:44:13 +02:00
6a16cccb40 translate: Updates for file locale/en/LC_MESSAGES/django.po in ko [Manual Sync] (#13993)
Translate django.po in ko [Manual Sync]

68% of minimum 60% translated source file: 'django.po'
on 'ko'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-11 13:43:49 +02:00
6dac91e2b4 core: bump github.com/getsentry/sentry-go from 0.31.1 to 0.32.0 (#14004)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-11 13:43:29 +02:00
3e2d0532d1 core: bump goauthentik.io/api/v3 from 3.2025024.1 to 3.2025024.2 (#14005)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-11 13:42:03 +02:00
4e1300650b core, web: update translations (#13999)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-11 13:40:50 +02:00
06b3ed0c9c core: fix migrations (#14009) 2025-04-11 13:36:53 +02:00
395ad722b7 core: migrate all sessions to the database (#9736)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-11 09:10:55 +02:00
9917d81246 website/integrations: add openproject (#13838)
* Added scope mapping section

* Updated formatting

* Bolded UI elements

* Update website/integrations/services/openproject/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/openproject/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/openproject/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/openproject/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Indented code block

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-10 15:52:00 -05:00
2a87687d34 website/integrations: add wazuh (#13776)
* Document explaining integration between authentik and knocknoc

* Clarified Knocknoc config

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Fixed typos

* Document mostly complete. Work to be done on Wazuh config section

* Completed the Wazuh config section

* Changed URL in Wazuh config

* typo

* Removed knocknoc doc

* Update website/integrations/services/wazuh/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/wazuh/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/wazuh/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/wazuh/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/wazuh/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Multiline codeblocks and moved SAML metadata note to beginning of section.

* Update sidebarsIntegrations.js to remove knoknok

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/wazuh/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/wazuh/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Changed group creation section to cut down on repetition of the word "click"

* Update website/integrations/services/wazuh/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Fixed mistake in the config.yml section and applied various suggestions from Dominic

* Fixed multilinecodeblocks and commands formatting

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Changed multiline codeblocks due to formatting issues.

* Clarified what run_as parameter does

* Update website/integrations/services/wazuh/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/wazuh/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/wazuh/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/wazuh/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/wazuh/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/wazuh/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Fixed codeblock indenting and prettier issue

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-10 15:43:02 -05:00
a726c2260a translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans [Manual Sync] (#13996)
Translate django.po in zh-Hans [Manual Sync]

99% of minimum 60% translated source file: 'django.po'
on 'zh-Hans'.

Sync of partially translated files: 
untranslated content is included with an empty translation 
or source language content depending on file format

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-10 15:38:46 +00:00
44e0bfd4ef website: dev docs: fix upper-case authentik (#13961)
Signed-off-by: Dominic R <dominic@sdko.org>
2025-04-10 16:06:17 +01:00
8d0b362c9c web: elements: Table: Fix table selection clearing behavior (#13959)
web: elements: Table: Fix table selection clearing and modal closing behavior

Closes https://github.com/goauthentik/authentik/issues/13831
2025-04-10 17:03:02 +02:00
e5e53f034e core: bump multidict from 6.2.0 to v6.4.2 (#13971) 2025-04-10 10:24:19 -04:00
71b87127d1 core: bump msgraph-sdk from 1.26.0 to v1.27.0 (#13970) 2025-04-10 10:23:42 -04:00
d5d67fe22d core: bump boto3 from 1.37.30 to v1.37.31 (#13968) 2025-04-10 10:23:18 -04:00
5d2685341d sources/ldap: lookup group memberships from user attribute (#12661)
* sources/ldap: add support for group lookups from user

* sources/ldap: implement working membership lookups

* sources/ldap: add schema changes

* sources/ldap: add group membership toggle ui element

* sources/ldap: lint changed files

* website/docs: add note about lookups to AD docs

* Update website/docs/users-sources/sources/directory-sync/active-directory/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Amélie Krejčí <amelie@krejci.vip>

* website/docs: simplify wording of attribute documentation

Follows suggestions from @jorhett

* sources/ldap: add missing spaces in docstrings

Follows suggestions from @jorhett

* Add a test for memberof attribute

* sources/ldap: implement test

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-migrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revert website changes in favor of #13966

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* update frontend help text

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Amélie Krejčí <amelie@krejci.vip>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Shawn Weeks <sweeks@weeksconsulting.us>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Jo Rhett <geek@jorhett.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-10 14:37:38 +02:00
f1ac4ff9c9 translate: Updates for file web/xliff/en.xlf in it (#13956)
Translate web/xliff/en.xlf in it

100% translated source file: 'web/xliff/en.xlf'
on 'it'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-10 13:40:33 +02:00
79f4c66286 translate: Updates for file locale/en/LC_MESSAGES/django.po in it (#13957)
Translate locale/en/LC_MESSAGES/django.po in it

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'it'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-10 13:40:12 +02:00
1f82094c0b core: bump astral-sh/uv from 0.6.13 to 0.6.14 (#13964)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-10 13:36:27 +02:00
35440acba3 core: bump django from 5.0.13 to 5.0.14 (#13954)
bump django to 5.0.14
2025-04-10 12:55:27 +02:00
eca9901704 website/docs: Remove enterprise badge from Fleet integration (#13963)
website/docs: Remove enterprise badge.
2025-04-10 08:29:39 +01:00
6ddd5a3d5f website/integrations: add Homarr (#13818)
* Adding Homarr integration details

* Fixing typo in homarr doc

* Lint fix

* Update website/integrations/services/homarr/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Nate Fonseka <882236+nfons@users.noreply.github.com>

* Update website/integrations/services/homarr/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Nate Fonseka <882236+nfons@users.noreply.github.com>

* Update website/integrations/services/homarr/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Nate Fonseka <882236+nfons@users.noreply.github.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: nfonseka <nfonseka@rxsense.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-10 08:15:15 +01:00
5664e62eca website/integration: update harbor integration document (#13816)
* Updates harbor integration doc to new template and fixes reported issue

* typo

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
2025-04-09 18:23:52 -05:00
1403f17d62 Fix redirect URL in wordpress integration guide (#13955)
Update wordpress integration guide to fix redirect URL

Signed-off-by: virtualboys <emanmomot@gmail.com>
2025-04-09 17:10:33 -05:00
1ac8989e81 lifecycle/aws: bump aws-cdk-lib (#13953) 2025-04-09 18:24:45 +00:00
b0a1db77e3 core: bump protobuf from 5.29.4 to v6.30.2 (#13950) 2025-04-09 18:01:53 +00:00
46da4cb59e core: bump pyasn1-modules from 0.4.1 to v0.4.2 (#13951) 2025-04-09 18:01:16 +00:00
154df5cdf7 core: bump microsoft-kiota-authentication-azure from 1.9.2 to v1.9.3 (#13948) 2025-04-09 18:00:55 +00:00
5b889456f6 core: bump microsoft-kiota-http from 1.9.2 to v1.9.3 (#13949) 2025-04-09 18:00:20 +00:00
3eaed82c48 core: bump trio-websocket from 0.11.1 to v0.12.2 (#13934) 2025-04-09 17:49:55 +00:00
feaf9d8bc9 core: bump msgraph-core from 1.3.1 to v1.3.3 (#13900) 2025-04-09 17:48:08 +00:00
2899668ae2 core: bump jsii from 1.109.0 to v1.111.0 (#13886) 2025-04-09 17:46:29 +00:00
4c25e1bb24 core: bump setuptools from 72.1.0 to v78.1.0 (#13928) 2025-04-09 19:29:15 +02:00
464ff3f5b1 core: bump kombu from 5.3.7 to v5.5.2 (#13888) 2025-04-09 19:27:57 +02:00
22eb5f56f1 core: bump msgpack from 1.0.8 to v1.1.0 (#13899) 2025-04-09 19:27:27 +02:00
7e48e87f49 core: bump msgraph-sdk from 1.24.0 to v1.26.0 (#13901) 2025-04-09 19:26:52 +02:00
8ce12f7850 core: bump proto-plus from 1.24.0 to v1.26.1 (#13910) 2025-04-09 19:26:37 +02:00
2514baabeb core: bump protobuf from 5.27.2 to v5.29.4 (#13911) 2025-04-09 19:26:16 +02:00
945930a507 core: bump pydantic from 2.10.6 to v2.11.3 (#13914) 2025-04-09 19:25:51 +02:00
537a80ad97 core: bump rich from 13.7.1 to v14.0.0 (#13922) 2025-04-09 19:25:26 +02:00
5c993e23fe core: bump twisted from 24.7.0 to v24.11.0 (#13936) 2025-04-09 19:25:02 +02:00
eb2db18494 core: bump watchfiles from 0.22.0 to v1.0.5 (#13941) 2025-04-09 19:24:40 +02:00
12a46a8426 core: bump typing-extensions from 4.12.2 to v4.13.1 (#13937) 2025-04-09 19:24:25 +02:00
4a1213310a core: bump multidict from 6.0.5 to v6.2.0 (#13902) 2025-04-09 19:24:11 +02:00
84c2097148 core: bump sentry-sdk from 2.22.0 to v2.25.1 (#13927) 2025-04-09 19:23:56 +02:00
c05dedc573 core: bump rpds-py from 0.19.1 to v0.24.0 (#13923) 2025-04-09 19:23:38 +02:00
18c197e75b core: bump propcache from 0.2.0 to v0.3.1 (#13909) 2025-04-09 19:23:29 +02:00
0c26a0bce2 core: bump pbr from 6.0.0 to v6.1.1 (#13905) 2025-04-09 19:23:17 +02:00
5fd6a4cead core: bump golang.org/x/sync from 0.12.0 to 0.13.0 (#13787)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-09 17:22:55 +00:00
51fb1bd8e7 core: bump ua-parser-builtins from 0.18.0 to v0.18.0.post1 (#13939) 2025-04-09 19:21:54 +02:00
4a30f87a42 core: bump msal from 1.30.0 to v1.32.0 (#13897) 2025-04-09 19:21:42 +02:00
8e6b6ede30 core: bump msal-extensions from 1.2.0 to v1.3.1 (#13898) 2025-04-09 19:21:33 +02:00
af30c2a68e core: bump prometheus-client from 0.20.0 to v0.21.1 (#13907) 2025-04-09 19:21:23 +02:00
9b65627a3e core: bump jsonschema-specifications from 2023.12.1 to v2024.10.1 (#13887) 2025-04-09 19:21:13 +02:00
4bad91c901 core: bump markupsafe from 2.1.5 to v3.0.2 (#13890) 2025-04-09 19:21:01 +02:00
f3c479d077 core: bump stevedore from 5.2.0 to v5.4.1 (#13932) 2025-04-09 19:20:47 +02:00
b024df9903 core: bump zope-interface from 6.4.post2 to v7.2 (#13946) 2025-04-09 19:20:30 +02:00
f6a6458088 core: bump websockets from 12.0 to v15.0.1 (#13942) 2025-04-09 19:18:14 +02:00
f0dc0e8900 core: bump platformdirs from 4.2.2 to v4.3.7 (#13906) 2025-04-09 19:17:21 +02:00
79e89b0376 core: bump selenium from 4.29.0 to v4.31.0 (#13926) 2025-04-09 19:17:11 +02:00
4cc7d91379 core: bump six from 1.16.0 to v1.17.0 (#13929) 2025-04-09 19:17:00 +02:00
245909e31a core: bump hpack from 4.0.0 to v4.1.0 (#13878) 2025-04-09 19:16:51 +02:00
997a1ddb3d core: bump iniconfig from 2.0.0 to v2.1.0 (#13885) 2025-04-09 19:16:34 +02:00
42335a60bf core: bump hyperframe from 6.0.1 to v6.1.0 (#13882) 2025-04-09 19:16:20 +02:00
fc539332e1 core: bump uvloop from 0.19.0 to v0.21.0 (#13940) 2025-04-09 19:16:05 +02:00
d9efb02078 core: bump httpx from 0.27.0 to v0.28.1 (#13880) 2025-04-09 19:15:53 +02:00
6212250e19 core: bump importlib-resources from 6.4.0 to v6.5.2 (#13884) 2025-04-09 19:15:40 +02:00
c18beefc8f core: bump zipp from 3.20.2 to v3.21.0 (#13945) 2025-04-09 19:15:30 +02:00
f23da6e402 core: bump trio from 0.26.0 to v0.29.0 (#13933) 2025-04-09 19:14:56 +02:00
e934b246c8 core: bump deprecated from 1.2.14 to v1.2.18 (#13866) 2025-04-09 19:14:29 +02:00
ead684a410 core: bump wrapt from 1.16.0 to v1.17.2 (#13943) 2025-04-09 19:14:04 +02:00
d782aadab7 core: bump h2 from 4.1.0 to v4.2.0 (#13877) 2025-04-09 19:13:50 +02:00
4ac6f83aea core: bump yarl from 1.17.2 to v1.19.0 (#13944) 2025-04-09 19:13:38 +02:00
6281d36a69 core: bump django-storages from 1.14.5 to v1.14.6 (#13869) 2025-04-09 17:10:57 +00:00
8129ad4ec0 core: bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 (#13772)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-09 19:01:47 +02:00
24eea415b2 core: bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#13788)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-09 19:00:38 +02:00
a615ce8e95 web: bump API Client version (#13798)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-09 18:59:59 +02:00
5b275cf7fb core: bump goauthentik.io/api/v3 from 3.2025023.4 to 3.2025024.1 (#13833)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-09 18:59:39 +02:00
d6e91c119f core, web: update translations (#13832)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-09 18:59:17 +02:00
7841e47e74 core: bump celery from 5.4.0 to v5.5.1 (#13858) 2025-04-09 18:58:06 +02:00
ad2a4bea3e core: bump ruff from 0.9.10 to v0.11.4 (#13924) 2025-04-09 16:53:44 +00:00
a554c085c1 core: bump tzdata from 2024.1 to v2025.2 (#13938) 2025-04-09 16:20:39 +00:00
ff0d978754 core: bump std-uritemplate from 2.0.2 to v2.0.3 (#13931) 2025-04-09 16:19:54 +00:00
de48e62819 core: bump twilio from 9.5.0 to v9.5.2 (#13935) 2025-04-09 16:19:18 +00:00
e50e995d2f core: bump sqlparse from 0.5.1 to v0.5.3 (#13930) 2025-04-09 16:18:57 +00:00
3bf4156cb3 core: bump referencing from 0.35.1 to v0.36.2 (#13921) 2025-04-09 16:17:31 +00:00
89990facf5 core: bump pytest-django from 4.10.0 to v4.11.1 (#13917) 2025-04-09 16:17:26 +00:00
48545950ed core: bump redis from 5.0.7 to v5.2.1 (#13920) 2025-04-09 16:17:12 +00:00
0544aa5fae core: bump pyparsing from 3.1.2 to v3.2.3 (#13916) 2025-04-09 16:16:48 +00:00
5d69455b87 core: bump pytz from 2024.1 to v2025.2 (#13919) 2025-04-09 16:16:24 +00:00
3d291cf4da core: bump python-dotenv from 1.0.1 to v1.1.0 (#13918) 2025-04-09 16:15:36 +00:00
44d7c42dc7 core: bump pyasn1 from 0.6.0 to v0.6.1 (#13912) 2025-04-09 16:15:22 +00:00
4ea4e925e3 core: bump pygments from 2.18.0 to v2.19.1 (#13915) 2025-04-09 16:14:57 +00:00
169172c85f core: bump prompt-toolkit from 3.0.47 to v3.0.50 (#13908) 2025-04-09 16:14:52 +00:00
adea637fa4 core: bump pyasn1-modules from 0.4.0 to v0.4.1 (#13913) 2025-04-09 16:14:38 +00:00
0231277d9c core: bump opentelemetry-api from 1.31.0 to v1.31.1 (#13903) 2025-04-09 16:13:12 +00:00
45643ed1f6 core: bump microsoft-kiota-serialization-form from 1.9.2 to v1.9.3 (#13893) 2025-04-09 16:12:37 +00:00
3823d56dbd core: bump orjson from 3.10.6 to v3.10.16 (#13904) 2025-04-09 16:12:22 +00:00
43cfd59ac0 core: bump microsoft-kiota-serialization-text from 1.9.2 to v1.9.3 (#13896) 2025-04-09 16:11:24 +00:00
c8555bbf59 core: bump microsoft-kiota-serialization-json from 1.9.2 to v1.9.3 (#13894) 2025-04-09 16:11:07 +00:00
a4251a3410 core: bump microsoft-kiota-serialization-multipart from 1.9.2 to v1.9.3 (#13895) 2025-04-09 16:10:33 +00:00
50985f9b0b core: bump lxml from 5.3.1 to v5.3.2 (#13889) 2025-04-09 16:08:51 +00:00
9ec24528d4 core: bump maxminddb from 2.6.2 to v2.6.3 (#13891) 2025-04-09 16:08:41 +00:00
5eac38c0cc core: bump humanize from 4.10.0 to v4.12.2 (#13881) 2025-04-09 16:08:36 +00:00
010df0c31c core: bump httpcore from 1.0.5 to v1.0.7 (#13879) 2025-04-09 16:08:18 +00:00
7ba858eff3 core: bump django-pgactivity from 1.4.1 to v1.7.1 (#13868) 2025-04-09 16:08:00 +00:00
817d2d5ff8 core: bump googleapis-common-protos from 1.63.2 to v1.69.2 (#13876) 2025-04-09 16:07:37 +00:00
70e34e03b4 core: bump dnspython from 2.6.1 to v2.7.0 (#13870) 2025-04-09 16:07:18 +00:00
d61f9f6d57 core: bump google-api-core from 2.19.1 to v2.24.2 (#13873) 2025-04-09 16:07:03 +00:00
bdf81706b8 core: bump duo-client from 5.4.0 to v5.5.0 (#13871) 2025-04-09 16:06:47 +00:00
7b56602fc9 core: bump idna from 3.7 to v3.10 (#13883) 2025-04-09 16:06:32 +00:00
7c6e25a996 core: bump google-api-python-client from 2.164.0 to v2.166.0 (#13874) 2025-04-09 16:06:15 +00:00
0eeaeaf1ff core: bump google-auth from 2.32.0 to v2.38.0 (#13875) 2025-04-09 16:06:03 +00:00
9ce4337b11 core: bump coverage from 7.6.12 to v7.8.0 (#13864) 2025-04-09 16:05:37 +00:00
c6a3c7371c core: bump frozenlist from 1.4.1 to v1.5.0 (#13872) 2025-04-09 16:05:21 +00:00
42a7cf10f2 core: bump decorator from 5.1.1 to v5.2.1 (#13865) 2025-04-09 16:04:55 +00:00
bb4f7b1193 core: bump click from 8.1.7 to v8.1.8 (#13863) 2025-04-09 16:04:14 +00:00
3eecfb835b core: bump charset-normalizer from 3.3.2 to v3.4.1 (#13862) 2025-04-09 16:02:41 +00:00
92ab856bd3 core: bump channels from 4.2.0 to v4.2.2 (#13861) 2025-04-09 16:01:28 +00:00
178549a756 core: bump cffi from 1.16.0 to v1.17.1 (#13860) 2025-04-09 15:59:19 +00:00
67d178aa11 core: bump certifi from 2024.7.4 to v2025.1.31 (#13859) 2025-04-09 15:56:20 +00:00
ef53abace9 core: bump cattrs from 24.1.2 to v24.1.3 (#13857) 2025-04-09 15:46:55 +00:00
5effb3a0f6 core: bump cachetools from 5.4.0 to v5.5.2 (#13856) 2025-04-09 15:43:53 +00:00
3a37916a8f core: bump boto3 from 1.34.150 to v1.37.30 (#13854) 2025-04-09 15:36:10 +00:00
428d5ac9cf core: bump attrs from 23.2.0 to 25.3.0 (#13846) 2025-04-09 17:33:00 +02:00
7b4037fdda core: bump anyio from 4.4.0 to 4.9.0 (#13845) 2025-04-09 17:32:28 +02:00
2c7bbcc27b core: bump billiard from 4.2.0 to v4.2.1 (#13853) 2025-04-09 15:19:45 +00:00
19fb24de99 core: bump azure-core from 1.30.2 to 1.33.0 (#13850) 2025-04-09 15:18:54 +00:00
2709702896 core: bump bcrypt from 4.2.0 to v4.3.0 (#13852) 2025-04-09 15:18:39 +00:00
7d0d5a7dc2 core: bump azure-identity from 1.17.1 to 1.21.0 (#13851) 2025-04-09 15:17:46 +00:00
6a04a2ca69 core: bump automat from 22.10.0 to 24.8.1 (#13848) 2025-04-09 15:15:01 +00:00
ea561c9da6 core: bump amqp from 5.2.0 to 5.3.1 (#13844) 2025-04-09 15:08:00 +00:00
9b9c55f17c core: bump aiosignal from 1.3.1 to 1.3.2 (#13843) 2025-04-09 15:07:22 +00:00
bd5e78bd44 core: bump aiohttp-retry from 2.8.3 to 2.9.1 (#13842) 2025-04-09 15:07:10 +00:00
ab98028022 core: bump aiohttp from 3.10.11 to 3.11.16 (#13841) 2025-04-09 15:03:36 +00:00
813ff64ba1 core: bump autobahn from 23.6.2 to 24.4.2 (#13847) 2025-04-09 15:02:57 +00:00
c99e742214 core: bump aiohappyeyeballs from 2.3.5 to 2.6.1 (#13840) 2025-04-09 17:00:49 +02:00
dac6ad3cd6 core: bump github.com/prometheus/client_golang from 1.21.1 to 1.22.0 (#13834)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-09 15:48:58 +02:00
e4d2a53ccc release: 2025.2.4 (#13830)
* release: 2025.2.4

* bump version in uv.lock
2025-04-08 19:16:00 +00:00
3b6775fd9c website/integrations: rename Hoarder to Karakeep (#13789)
* Hoarder renamed to karakeep

The Hoarder app has been renamed to Karakeep recently. https://www.reddit.com/r/selfhosted/comments/1js667o/hoarder_is_rebranding_to_karakeep/

Signed-off-by: petrsimunek <49954958+petrsimunek@users.noreply.github.com>

* folder hoarder renamed to karakeep

* sidebar changed from hoarder to karakeep

---------

Signed-off-by: petrsimunek <49954958+petrsimunek@users.noreply.github.com>
2025-04-08 13:09:11 -05:00
5882e0b2cb website/docs: Add release notes for 2025.2.4 (#13829) 2025-04-08 18:08:03 +00:00
65f0b471d8 website/docs: Add release notes for 2024.12.5 (#13828)
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-08 17:56:15 +00:00
7d054db1a5 Revert "core: fix non-exploitable open redirect (#13696)" (#13824) 2025-04-08 17:10:12 +00:00
cb75ba2e5e translate: Updates for file web/xliff/en.xlf in fr (#13822)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-08 16:56:13 +00:00
36cecc1391 translate: Updates for file web/xliff/en.xlf in zh_CN (#13820)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-08 18:42:16 +02:00
81b91d8777 translate: Updates for file web/xliff/en.xlf in zh-Hans (#13821)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-08 18:41:58 +02:00
41dc23b3c2 core: users API: add date_joined (#13817) 2025-04-08 13:26:11 +00:00
370eff1494 website/integrations: fix ArgoCD redirect paths (#13804) 2025-04-08 15:24:46 +02:00
0ff8def03b core, web: update translations (#13806)
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-08 15:23:29 +02:00
b01cafd9fe core: bump goauthentik.io/api/v3 from 3.2025023.2 to 3.2025023.4 (#13811)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-08 15:19:30 +02:00
90aa8abb80 core: bump astral-sh/uv from 0.6.12 to 0.6.13 (#13812)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-08 15:19:04 +02:00
fd21aae4f9 website/docs: Correcting IDP URLs on Mailcow integration page (#13803)
Updating URLs to correct IDP URLs

Signed-off-by: Adam Berry <adam.berry@racklab.io>
2025-04-08 08:35:55 +01:00
360223a2ff web: Flesh out configs. (#13801) 2025-04-08 01:21:05 +02:00
0e83de2697 web: Tidy temporal utilities. (#13755) 2025-04-07 18:37:03 +00:00
a23bac9d9b website/integrations: nextcloud: add warning about admin lockout (#13782)
* docs: add a danger warning in nextcloud integration

If a user follwoing the guide for OpenID integration. They can lock out their Admin users, if used the customer profile scope and select the **use unique user ID** option. 
So a danger box was added to let people know that can happen and why

Signed-off-by: Unfaehig <38919962+Unfaehig@users.noreply.github.com>

* docs: website/integrations/services/nextcloud/index.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Unfaehig <38919962+Unfaehig@users.noreply.github.com>

* chore: nextcloud integration fix formating

---------

Signed-off-by: Unfaehig <38919962+Unfaehig@users.noreply.github.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-04-07 13:13:41 -05:00
220378b3f2 web: Fix TypeScript compilation issues for mixins, events. (#13766) 2025-04-07 19:53:51 +02:00
363d655378 web: Normalize client-side error handling (#13595)
web: Clean up error handling. Prep for permission checks.

- Add clearer reporting for API and network errors.
- Tidy error checking.
- Partial type safety for events.
2025-04-07 19:50:41 +02:00
e93b2a1a75 website/integrations: Open Web UI: add OPENID_REDIRECT_URI environment variable (#13785)
added OPENID_REDIRECT_URI open webui environment variable

Signed-off-by: Yuval Ziv <44985263+yuval-ziv@users.noreply.github.com>
2025-04-07 12:02:21 -05:00
76665cf65e website/integrations: add knocknoc (#13764)
* Document explaining integration between authentik and knocknoc

* Clarified Knocknoc config

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Fixed typos

* fixed note markdown

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/knocknoc/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Fixed line breaks, clarified provider section, added protocol settings header and other formatting improvements

* Update website/integrations/services/knocknoc/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-07 12:00:43 -05:00
3ad7f4dc24 sources: move identifier to parent model (#13797)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-07 18:01:41 +02:00
c5045e8792 stages/email: fix for newlines in emails (#13799)
stages/email: fix for newlines in emails (#13712)

* Test fix for newlines in emails

* fix linting

* remove base64 names from email address

* Make better checks on message.to

* Remove unnecessary logger
2025-04-07 17:34:26 +02:00
a8c9b3a8ba sources/kerberos, saml: allow creation of connections from the API (#13794)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-07 14:35:52 +00:00
148506639a website/docs: add skip object instructions (#13749)
* Beginning of work

* Added instructions for skipobject to each source

* removed saml

* removed oauth

* Updates

* Added provider SkipObject instructions

* combined examples into one

* modified kerberos python snippet as per suggestion from Marc

* Update website/docs/add-secure-apps/providers/property-mappings/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/users-sources/sources/protocols/kerberos/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Clarified how to use the exception

* Update website/docs/add-secure-apps/providers/property-mappings/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/property-mappings/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* fixed missing ) after gws

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* fixed missing . from /scim

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* fixing broken links

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Fixed links

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-04 11:05:03 -05:00
53814d9919 website/integrations: jenkins: fix oidc redirect uri (#13771)
Signed-off-by: Dominic R <dominic@sdko.org>
2025-04-04 08:03:14 +01:00
08b04c32f5 website/docs: add log levels section to logs documentation (#13687)
* Added debugging section and removed timestamps option

* Added details on trace and debug modes

* changed file to .mdx format

* Updated to include all log levels and a warning about trace

* Modified trace section

* Applied suggestions from dominic

* Prettier update

* Fixed tabs and lowercased the headers

* More tab fixes - prettier causing issues

* Prettier fix

* removed headers from inside tab sections

* added tabs import

* Changed line positioning for tabs import

* Update website/docs/troubleshooting/logs.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Applied suggestions from Dominic and Tana

* .

* Added tabs to last 2 sections as per suggestion from Tana

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-04-03 12:20:42 -05:00
1c1d97339d website/docs: Updated redirect URI setup for Synology DSM (#13761)
Updated redirect URI setup

Based on the feedback from Synology's developers, and testing: the redirect URI should not contain #/signup as it breaks authentication if multiple redirect URIs have to be set.

Based on DSM 7.2's code itself, Host and HTTPS headers are used internally to match the corresponding entry in the list.

Hope that can help, this is from days of testing + discussing with the support and dev teams.

Signed-off-by: Florent <Wr0ngName@users.noreply.github.com>
2025-04-03 09:17:19 -05:00
cafa9c1737 core: bump python-kadmin-rs from 0.5.3 to 0.6.0 (#13758)
* core: bump python-kadmin-rs from 0.5.3 to 0.6.0

Bumps [python-kadmin-rs](https://github.com/authentik-community/kadmin-rs) from 0.5.3 to 0.6.0.
- [Release notes](https://github.com/authentik-community/kadmin-rs/releases)
- [Commits](https://github.com/authentik-community/kadmin-rs/compare/kadmin/version/0.5.3...kadmin/version/0.6.0)

---
updated-dependencies:
- dependency-name: python-kadmin-rs
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-04-03 13:06:03 +00:00
5f64347ba1 website/integrations: add sidero omni (#13675)
* Mostly documented

* Typo

* Added testing step and formatted URLs

* Removed unnecessary URL

* Updated to newer templater

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/omni/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Edited code marks

* Bolded some UI elements

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-03 08:04:37 -05:00
45ef54480a website/integrations: add certificate instructions to apache guacamole (#13684)
* added self signed certs section

* Added mention of OS specific section

* Updated to include synology instructions

* Fixed typos

* Applied suggestions from Dominic and clarified the target of the commands

* Added headers

* Updated keytool documentation link to JDK21 (latest)

* Squashed commit of the following:

commit f0e58a6f49
Author: Dominic R <dominic@sdko.org>
Date:   Tue Apr 1 17:37:11 2025 -0400

    website/docs: sys-mgmt: service accounts (#13722)

    * website/docs: ops: service accounts

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Update website/docs/sys-mgmt/service-accounts.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Dominic R <dominic@sdko.org>

    * Dewi's suggestions

    ---------

    Signed-off-by: Dominic R <dominic@sdko.org>
    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>

commit a3d642c08e
Author: Ben <bmfk_m@yahoo.de>
Date:   Tue Apr 1 22:09:31 2025 +0200

    website/integrations: add mailcow (#13727)

    * Add mailcow to Applications

    * Update wording and layout

    * Update website/integrations/services/mailcow/index.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Ben <bmfk_m@yahoo.de>

    * Update website/integrations/services/mailcow/index.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Ben <bmfk_m@yahoo.de>

    * Update website/integrations/services/mailcow/index.md

    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Signed-off-by: Ben <bmfk_m@yahoo.de>

    * lint

    ---------

    Signed-off-by: Ben <bmfk_m@yahoo.de>
    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>

commit 5d42cb9185
Author: Tana M Berry <tanamarieberry@yahoo.com>
Date:   Tue Apr 1 15:00:18 2025 -0500

    website: edit menu items (#13747)

    for review

    Co-authored-by: Tana M Berry <tana@goauthentik.com>

commit 1fd0cc5bb5
Author: Dominic R <dominic@sdko.org>
Date:   Tue Apr 1 14:31:07 2025 -0400

    website/integrations: slack,pocketbase,tandoor: convert to new authentik configuration format (#13742)

    * website/integrations-all: update authentik configuration template

    * website/integrations: slack,pocketbase,tandoor: convert to new authentik configuration format

    * Revert "website/integrations-all: update authentik configuration template"

    Not for this PR. Don't want to cause merge conflicts later on.

    This reverts commit 8378502090.

commit deef365ff5
Author: Dominic R <dominic@sdko.org>
Date:   Tue Apr 1 12:51:31 2025 -0400

    website/integrations-all: update authentik configuration template (#13740)

commit d1ae6287f2
Author: Jens L. <jens@goauthentik.io>
Date:   Tue Apr 1 18:35:35 2025 +0200

    web/admin: fix custom scope mappings being selected by default in proxy provider (#13735)

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 2e152cd264
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Tue Apr 1 18:29:16 2025 +0200

    web: bump vite from 5.4.15 to 5.4.16 in /web (#13743)

    Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.15 to 5.4.16.
    - [Release notes](https://github.com/vitejs/vite/releases)
    - [Changelog](https://github.com/vitejs/vite/blob/v5.4.16/packages/vite/CHANGELOG.md)
    - [Commits](https://github.com/vitejs/vite/commits/v5.4.16/packages/vite)

    ---
    updated-dependencies:
    - dependency-name: vite
      dependency-version: 5.4.16
      dependency-type: indirect
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit f5941e403b
Author: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Date:   Tue Apr 1 18:18:59 2025 +0200

    translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13736)

    Translate locale/en/LC_MESSAGES/django.po in zh_CN

    100% translated source file: 'locale/en/LC_MESSAGES/django.po'
    on 'zh_CN'.

    Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

commit ff3cf8c10e
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Tue Apr 1 18:18:42 2025 +0200

    core: bump goauthentik.io/api/v3 from 3.2025023.1 to 3.2025023.2 (#13746)

    Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025023.1 to 3.2025023.2.
    - [Release notes](https://github.com/goauthentik/client-go/releases)
    - [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
    - [Commits](https://github.com/goauthentik/client-go/compare/v3.2025023.1...v3.2025023.2)

    ---
    updated-dependencies:
    - dependency-name: goauthentik.io/api/v3
      dependency-version: 3.2025023.2
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit bfa6328172
Author: Dominic R <dominic@sdko.org>
Date:   Tue Apr 1 09:46:29 2025 -0400

    web/common: utils: fix infinite value handling in getRelativeTime function (#13564)

    Squash sdko/closes-13562

commit 4c9691c932
Author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Date:   Tue Apr 1 12:58:43 2025 +0200

    stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#13744)

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

commit a0f1566b4c
Author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Date:   Tue Apr 1 02:15:47 2025 +0200

    web: bump API Client version (#13741)

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

commit 46261a4f42
Author: Jens L. <jens@goauthentik.io>
Date:   Tue Apr 1 01:41:18 2025 +0200

    */saml: allow for domainless SAML URLs (#13737)

commit 8b42ff1e97
Author: Dominic R <dominic@sdko.org>
Date:   Mon Mar 31 12:36:14 2025 -0400

    core: fix error when viewing used_by for built-in source (#13588)

    Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
    Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

commit ca4cb0d251
Author: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Date:   Mon Mar 31 15:54:37 2025 +0000

    translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#13738)

    * Translate locale/en/LC_MESSAGES/django.po in fr

    100% translated source file: 'locale/en/LC_MESSAGES/django.po'
    on 'fr'.

    * Translate locale/en/LC_MESSAGES/django.po in fr

    100% translated source file: 'locale/en/LC_MESSAGES/django.po'
    on 'fr'.

    ---------

    Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

commit a5a0fa79dd
Author: Tana M Berry <tanamarieberry@yahoo.com>
Date:   Mon Mar 31 07:57:03 2025 -0500

    website/docs: style guide (#13704)

    * new word choices, tweaks

    * shockingly, a typo

    * tweaks

    * Update website/docs/developer-docs/docs/style-guide.mdx

    Co-authored-by: Dominic R <dominic@sdko.org>
    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    ---------

    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
    Co-authored-by: Tana M Berry <tana@goauthentik.com>
    Co-authored-by: Dominic R <dominic@sdko.org>
    Co-authored-by: Jens Langhammer <jens@goauthentik.io>

commit c06a871f61
Author: Marcel Kempf <marcel.kempf@tum.de>
Date:   Mon Mar 31 12:58:03 2025 +0200

    core: fix double slash in cache key (#13721)

commit 4a3df67134
Author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Date:   Mon Mar 31 12:57:16 2025 +0200

    core, web: update translations (#13728)

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>

commit 422ccf61fa
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Mar 31 12:27:56 2025 +0200

    core: bump goauthentik.io/api/v3 from 3.2025022.6 to 3.2025023.1 (#13729)

    Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025022.6 to 3.2025023.1.
    - [Release notes](https://github.com/goauthentik/client-go/releases)
    - [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
    - [Commits](https://github.com/goauthentik/client-go/compare/v3.2025022.6...v3.2025023.1)

    ---
    updated-dependencies:
    - dependency-name: goauthentik.io/api/v3
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit d989f23907
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Mar 31 12:27:44 2025 +0200

    website: bump the build group in /website with 3 updates (#13730)

    Bumps the build group in /website with 3 updates: [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack), [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) and [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack).

    Updates `@rspack/binding-darwin-arm64` from 1.2.8 to 1.3.0
    - [Release notes](https://github.com/web-infra-dev/rspack/releases)
    - [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.0/packages/rspack)

    Updates `@rspack/binding-linux-arm64-gnu` from 1.2.8 to 1.3.0
    - [Release notes](https://github.com/web-infra-dev/rspack/releases)
    - [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.0/packages/rspack)

    Updates `@rspack/binding-linux-x64-gnu` from 1.2.8 to 1.3.0
    - [Release notes](https://github.com/web-infra-dev/rspack/releases)
    - [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.0/packages/rspack)

    ---
    updated-dependencies:
    - dependency-name: "@rspack/binding-darwin-arm64"
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: build
    - dependency-name: "@rspack/binding-linux-arm64-gnu"
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: build
    - dependency-name: "@rspack/binding-linux-x64-gnu"
      dependency-type: direct:production
      update-type: version-update:semver-minor
      dependency-group: build
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 059180edef
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Mar 31 12:27:18 2025 +0200

    core: bump astral-sh/uv from 0.6.10 to 0.6.11 (#13733)

    Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.6.10 to 0.6.11.
    - [Release notes](https://github.com/astral-sh/uv/releases)
    - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/astral-sh/uv/compare/0.6.10...0.6.11)

    ---
    updated-dependencies:
    - dependency-name: astral-sh/uv
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 22f30634a8
Author: garar <krystiankichewko@gmail.com>
Date:   Sun Mar 30 20:28:11 2025 +0200

    website/docs: Fix Caddy forward auth example (#13726)

commit 35ff418c42
Author: Jens L. <jens@goauthentik.io>
Date:   Sun Mar 30 19:56:03 2025 +0200

    policies: buffered policy access view for concurrent authorization attempts when unauthenticated (#13629)

    * policies: buffered policy access view for concurrent authorization attempts when unauthenticated

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * better cleanup

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * more polish

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * more cleanup

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * add tests

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * fix multiple redirects, add e2e test

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * unrelated: add sp initiated post test

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * add SAML parallel test

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * format

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * optimise detection of when authentication is in progress

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * better backoff timing

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    ---------

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 7826e7a605
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Sun Mar 30 03:26:30 2025 +0200

    core: bump oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm (#13027)

    * core: bump oss/go/microsoft/golang

    Bumps oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm.

    ---
    updated-dependencies:
    - dependency-name: oss/go/microsoft/golang
      dependency-type: direct:production
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

    * upstream docker image, use native fips

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * bump go version

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    ---------

    Signed-off-by: dependabot[bot] <support@github.com>
    Signed-off-by: Jens Langhammer <jens@goauthentik.io>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Jens Langhammer <jens@goauthentik.io>

commit 64f1b8207d
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Sat Mar 29 00:51:08 2025 +0100

    web: bump tar-fs from 2.1.1 to 2.1.2 in /web (#13713)

    Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2.
    - [Commits](https://github.com/mafintosh/tar-fs/compare/v2.1.1...v2.1.2)

    ---
    updated-dependencies:
    - dependency-name: tar-fs
      dependency-type: indirect
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit b2c13f0614
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 22:14:15 2025 +0100

    core: fix flaky tests introduced with is_superuser API fix (#13709)

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 6965628020
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 22:13:34 2025 +0100

    root: bump python patch version to 3.12.9 (#13710)

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 608f63e9a2
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 17:42:45 2025 +0100

    website/docs: add reference to setting in CVE (#13707)

    * website/docs: add reference to setting in CVE

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * reword

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    ---------

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 22fa3a7fba
Author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Date:   Fri Mar 28 17:42:24 2025 +0100

    web: bump API Client version (#13708)

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
    Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

commit bcfd6fefa7
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 17:08:57 2025 +0100

    release: 2025.2.3 (#13705)

    * release: 2025.2.3

    * fix uv lock not being bumped

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    ---------

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit eae18d0016
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 14:55:56 2025 +0100

    website/docs: fix 2025 CVE category title (#13703)

    * website/docs: fix 2025 CVE category title

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * add sideeffect of changing session backend

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    ---------

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 4a12a57c5f
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 14:49:35 2025 +0100

    website/docs: update release notes for 2024.12 and 2025.2 (#13702)

    * website/docs: update release notes for 2025.2 and 2024.12

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * update

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * update v2

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * format

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    ---------

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 71294b7deb
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 14:20:09 2025 +0100

    security: fix CVE-2025-29928 (#13695)

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 5af907db0c
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 14:16:13 2025 +0100

    stages/identification: refresh captcha on failure (#13697)

    * refactor cleanup behavior after stage form submit

    * refresh captcha on failing Identification stage

    * Revert "stages/identification: check captcha after checking authentication (#13533)"

    This reverts commit b7beac6795.

    Including a Captcha stage in an Identification stage is partially to
    prevent password spraying attacks. The reverted commit negated this
    feature to fix a UX bug. After 6fde42a9170, the functionality can now be
    reinstated.

    ---------

    Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>

commit 63a118a2ba
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 14:15:39 2025 +0100

    core: fix non-exploitable open redirect (#13696)

    discovered by @dominic-r

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit d9a3c34a44
Author: Jens L. <jens@goauthentik.io>
Date:   Fri Mar 28 14:00:13 2025 +0100

    core: fix core/user is_superuser filter (#13693)

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 23bdad7574
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri Mar 28 13:21:30 2025 +0100

    website: bump @types/semver from 7.5.8 to 7.7.0 in /website (#13682)

    Bumps [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver) from 7.5.8 to 7.7.0.
    - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
    - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

    ---
    updated-dependencies:
    - dependency-name: "@types/semver"
      dependency-type: direct:development
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit 8ee90826fc
Author: Jens L. <jens@goauthentik.io>
Date:   Thu Mar 27 19:07:36 2025 +0100

    enterprise/stages/source: set is_redirected in flow source stage redirects to (#13604)

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 8c7d4d2f5e
Author: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Date:   Thu Mar 27 17:49:16 2025 +0100

    website/docs: Clarify frontend development. Document local overrides. (#13586)

    * website/docs: Clarify setup flow. Document local overrides.

    * Update website/docs/developer-docs/setup/frontend-dev-environment.md

    Co-authored-by: Dominic R <dominic@sdko.org>
    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    * Update website/docs/developer-docs/setup/frontend-dev-environment.md

    Co-authored-by: Dominic R <dominic@sdko.org>
    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    * Update website/docs/developer-docs/setup/frontend-dev-environment.md

    Co-authored-by: Dominic R <dominic@sdko.org>
    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    * Update website/docs/developer-docs/setup/frontend-dev-environment.md

    Co-authored-by: Dominic R <dominic@sdko.org>
    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    * Update website/docs/developer-docs/setup/frontend-dev-environment.md

    Co-authored-by: Dominic R <dominic@sdko.org>
    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    * Update website/docs/developer-docs/setup/frontend-dev-environment.md

    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    * Update website/docs/developer-docs/setup/full-dev-environment.mdx

    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    * Update website/docs/install-config/install/docker-compose.mdx

    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    * Update website/docs/developer-docs/setup/frontend-dev-environment.md

    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

    * Update website/docs/developer-docs/setup/full-dev-environment.mdx

    Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

    * Update authentik/lib/default.yml

    Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

    * fix linting to please the ci check

    ---------

    Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
    Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
    Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
    Co-authored-by: Dominic R <dominic@sdko.org>
    Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>

commit d72def0368
Author: Jens L. <jens@goauthentik.io>
Date:   Wed Mar 26 23:06:12 2025 +0000

    web/admin: add sync status refresh button (#13678)

    * web/admin: add refresh button to sync status card

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * auto-expand if there's just one task

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    ---------

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 5bcf501842
Author: Jens L. <jens@goauthentik.io>
Date:   Wed Mar 26 23:05:43 2025 +0000

    outposts/ldap: fix paginator going into infinite loop (#13677)

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

commit 13fc216c68
Author: Dominic R <dominic@sdko.org>
Date:   Wed Mar 26 17:38:57 2025 -0400

    website/integrations-all: convert authentik configuration to wizard (#13144)

    * init

    * 6 more

    * tana...

    * quick reformat

    * welp only time for one change

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * Revert "wip"

    This reverts commit e71f0d22e3f093350e8d12eaad5e5c0f9d38253c.

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * wip

    * a

commit 27aed4b315
Author: Dominic R <dominic@sdko.org>
Date:   Wed Mar 26 13:16:46 2025 -0400

    web: ensure wizard modal closes on first cancel click (#13636)

    The application wizard modal previously required two clicks of the cancel
    button to close when opened from the User Interface.
    This was caused by improper event handling where events
    would propagate up the DOM tree potentially triggering multiple handlers.

commit 84b5992e55
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Mar 26 18:03:20 2025 +0100

    ci: bump golangci/golangci-lint-action from 6 to 7 (#13661)

    * ci: bump golangci/golangci-lint-action from 6 to 7

    Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7.
    - [Release notes](https://github.com/golangci/golangci-lint-action/releases)
    - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7)

    ---
    updated-dependencies:
    - dependency-name: golangci/golangci-lint-action
      dependency-type: direct:production
      update-type: version-update:semver-major
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

    * fix lint

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * fix v2

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    * fix v3

    Signed-off-by: Jens Langhammer <jens@goauthentik.io>

    ---------

    Signed-off-by: dependabot[bot] <support@github.com>
    Signed-off-by: Jens Langhammer <jens@goauthentik.io>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Jens Langhammer <jens@goauthentik.io>

commit 7eb985f636
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Wed Mar 26 17:05:42 2025 +0100

    website: bump the build group in /website with 3 updates (#13660)

    Bumps the build group in /website with 3 updates: [@swc/core-darwin-arm64](https://github.com/swc-project/swc), [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) and [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc).

    Updates `@swc/core-darwin-arm64` from 1.11.12 to 1.11.13
    - [Release notes](https://github.com/swc-project/swc/releases)
    - [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/swc-project/swc/compare/v1.11.12...v1.11.13)

    Updates `@swc/core-linux-arm64-gnu` from 1.11.12 to 1.11.13
    - [Release notes](https://github.com/swc-project/swc/releases)
    - [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/swc-project/swc/compare/v1.11.12...v1.11.13)

    Updates `@swc/core-linux-x64-gnu` from 1.11.12 to 1.11.13
    - [Release notes](https://github.com/swc-project/swc/releases)
    - [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
    - [Commits](https://github.com/swc-project/swc/compare/v1.11.12...v1.11.13)

    ---
    updated-dependencies:
    - dependency-name: "@swc/core-darwin-arm64"
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: build
    - dependency-name: "@swc/core-linux-arm64-gnu"
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: build
    - dependency-name: "@swc/core-linux-x64-gnu"
      dependency-type: direct:production
      update-type: version-update:semver-patch
      dependency-group: build
    ...

    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* deployment -> host
2025-04-03 08:03:17 -05:00
a3dc8af4c6 core, web: update translations (#13753)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-04-03 14:27:34 +02:00
36933a0aca lifecycle/aws: bump aws-cdk from 2.1006.0 to 2.1007.0 in /lifecycle/aws (#13757)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1006.0 to 2.1007.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1007.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-version: 2.1007.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-03 14:15:50 +02:00
8f689890df core: bump astral-sh/uv from 0.6.11 to 0.6.12 (#13756)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.6.11 to 0.6.12.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.6.11...0.6.12)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.6.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-03 14:13:43 +02:00
ec49b2e0e0 website/integrations: calibre-web: document (#12477)
* website/integrations: calibre-web: add to sidebar

Adds the calibre-web integration to the sidebar.

Signed-off-by: 4d62 <github-user@sdko.org>

* website/integrations: calibre-web: init

Initializes the documentation with the placeholder. I have a feeling this is going to be funnnnnnnnnnnnnnnnn

Signed-off-by: 4d62 <github-user@sdko.org>

* website/integrations: calibre-web: service configuration

Adds configuration documentation for calibre-web

PS: Never setup a LDAP outpost before and I don't have calibre web so uhhh yea im gonna take care of this after the holidays (probably)

Signed-off-by: 4d62 <github-user@sdko.org>

* Update index.md

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Changed proider pair instructions to new version

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/integrations/services/calibre-web/index.md

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: 4d62 <github-user@sdko.org>
Signed-off-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-04-02 12:57:53 -05:00
22ebe05706 website: bump image-size from 1.1.1 to 1.2.1 in /website (#13750)
Bumps [image-size](https://github.com/image-size/image-size) from 1.1.1 to 1.2.1.
- [Release notes](https://github.com/image-size/image-size/releases)
- [Commits](https://github.com/image-size/image-size/compare/v1.1.1...v1.2.1)

---
updated-dependencies:
- dependency-name: image-size
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-02 18:41:59 +02:00
f0e58a6f49 website/docs: sys-mgmt: service accounts (#13722)
* website/docs: ops: service accounts

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/service-accounts.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Dewi's suggestions

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-01 16:37:11 -05:00
Ben
a3d642c08e website/integrations: add mailcow (#13727)
* Add mailcow to Applications

* Update wording and layout

* Update website/integrations/services/mailcow/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Ben <bmfk_m@yahoo.de>

* Update website/integrations/services/mailcow/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Ben <bmfk_m@yahoo.de>

* Update website/integrations/services/mailcow/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Ben <bmfk_m@yahoo.de>

* lint

---------

Signed-off-by: Ben <bmfk_m@yahoo.de>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-04-01 15:09:31 -05:00
5d42cb9185 website: edit menu items (#13747)
for review

Co-authored-by: Tana M Berry <tana@goauthentik.com>
2025-04-01 15:00:18 -05:00
1fd0cc5bb5 website/integrations: slack,pocketbase,tandoor: convert to new authentik configuration format (#13742)
* website/integrations-all: update authentik configuration template

* website/integrations: slack,pocketbase,tandoor: convert to new authentik configuration format

* Revert "website/integrations-all: update authentik configuration template"

Not for this PR. Don't want to cause merge conflicts later on.

This reverts commit 8378502090.
2025-04-01 13:31:07 -05:00
deef365ff5 website/integrations-all: update authentik configuration template (#13740) 2025-04-01 11:51:31 -05:00
d1ae6287f2 web/admin: fix custom scope mappings being selected by default in proxy provider (#13735)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-04-01 18:35:35 +02:00
2e152cd264 web: bump vite from 5.4.15 to 5.4.16 in /web (#13743)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.15 to 5.4.16.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.16/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.16/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 5.4.16
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-01 18:29:16 +02:00
f5941e403b translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13736)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-04-01 18:18:59 +02:00
ff3cf8c10e core: bump goauthentik.io/api/v3 from 3.2025023.1 to 3.2025023.2 (#13746)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025023.1 to 3.2025023.2.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025023.1...v3.2025023.2)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-version: 3.2025023.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-01 18:18:42 +02:00
bfa6328172 web/common: utils: fix infinite value handling in getRelativeTime function (#13564)
Squash sdko/closes-13562
2025-04-01 06:46:29 -07:00
4c9691c932 stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#13744)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-01 12:58:43 +02:00
a0f1566b4c web: bump API Client version (#13741)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-04-01 02:15:47 +02:00
46261a4f42 */saml: allow for domainless SAML URLs (#13737) 2025-04-01 01:41:18 +02:00
8b42ff1e97 core: fix error when viewing used_by for built-in source (#13588)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-31 16:36:14 +00:00
ca4cb0d251 translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#13738)
* Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

* Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-31 15:54:37 +00:00
a5a0fa79dd website/docs: style guide (#13704)
* new word choices, tweaks

* shockingly, a typo

* tweaks

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-31 07:57:03 -05:00
c06a871f61 core: fix double slash in cache key (#13721) 2025-03-31 12:58:03 +02:00
4a3df67134 core, web: update translations (#13728)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-31 12:57:16 +02:00
422ccf61fa core: bump goauthentik.io/api/v3 from 3.2025022.6 to 3.2025023.1 (#13729)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025022.6 to 3.2025023.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025022.6...v3.2025023.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-31 12:27:56 +02:00
d989f23907 website: bump the build group in /website with 3 updates (#13730)
Bumps the build group in /website with 3 updates: [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack), [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) and [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack).


Updates `@rspack/binding-darwin-arm64` from 1.2.8 to 1.3.0
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.0/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.2.8 to 1.3.0
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.0/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.2.8 to 1.3.0
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.3.0/packages/rspack)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-31 12:27:44 +02:00
059180edef core: bump astral-sh/uv from 0.6.10 to 0.6.11 (#13733)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.6.10 to 0.6.11.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.6.10...0.6.11)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-31 12:27:18 +02:00
22f30634a8 website/docs: Fix Caddy forward auth example (#13726) 2025-03-30 20:28:11 +02:00
35ff418c42 policies: buffered policy access view for concurrent authorization attempts when unauthenticated (#13629)
* policies: buffered policy access view for concurrent authorization attempts when unauthenticated

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more polish

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix multiple redirects, add e2e test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: add sp initiated post test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add SAML parallel test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* optimise detection of when authentication is in progress

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* better backoff timing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-30 19:56:03 +02:00
7826e7a605 core: bump oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm (#13027)
* core: bump oss/go/microsoft/golang

Bumps oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm.

---
updated-dependencies:
- dependency-name: oss/go/microsoft/golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* upstream docker image, use native fips

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump go version

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-30 03:26:30 +02:00
64f1b8207d web: bump tar-fs from 2.1.1 to 2.1.2 in /web (#13713)
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 2.1.1 to 2.1.2.
- [Commits](https://github.com/mafintosh/tar-fs/compare/v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-29 00:51:08 +01:00
b2c13f0614 core: fix flaky tests introduced with is_superuser API fix (#13709)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 22:14:15 +01:00
6965628020 root: bump python patch version to 3.12.9 (#13710)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 22:13:34 +01:00
608f63e9a2 website/docs: add reference to setting in CVE (#13707)
* website/docs: add reference to setting in CVE

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* reword

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 17:42:45 +01:00
22fa3a7fba web: bump API Client version (#13708)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-28 17:42:24 +01:00
bcfd6fefa7 release: 2025.2.3 (#13705)
* release: 2025.2.3

* fix uv lock not being bumped

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 17:08:57 +01:00
eae18d0016 website/docs: fix 2025 CVE category title (#13703)
* website/docs: fix 2025 CVE category title

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add sideeffect of changing session backend

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 14:55:56 +01:00
4a12a57c5f website/docs: update release notes for 2024.12 and 2025.2 (#13702)
* website/docs: update release notes for 2025.2 and 2024.12

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update v2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 14:49:35 +01:00
71294b7deb security: fix CVE-2025-29928 (#13695)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 14:20:09 +01:00
5af907db0c stages/identification: refresh captcha on failure (#13697)
* refactor cleanup behavior after stage form submit

* refresh captcha on failing Identification stage

* Revert "stages/identification: check captcha after checking authentication (#13533)"

This reverts commit b7beac6795.

Including a Captcha stage in an Identification stage is partially to
prevent password spraying attacks. The reverted commit negated this
feature to fix a UX bug. After 6fde42a9170, the functionality can now be
reinstated.

---------

Co-authored-by: Simonyi Gergő <gergo@goauthentik.io>
2025-03-28 14:16:13 +01:00
63a118a2ba core: fix non-exploitable open redirect (#13696)
discovered by @dominic-r

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 14:15:39 +01:00
d9a3c34a44 core: fix core/user is_superuser filter (#13693)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-28 14:00:13 +01:00
23bdad7574 website: bump @types/semver from 7.5.8 to 7.7.0 in /website (#13682)
Bumps [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver) from 7.5.8 to 7.7.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

---
updated-dependencies:
- dependency-name: "@types/semver"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-28 13:21:30 +01:00
8ee90826fc enterprise/stages/source: set is_redirected in flow source stage redirects to (#13604)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-27 19:07:36 +01:00
8c7d4d2f5e website/docs: Clarify frontend development. Document local overrides. (#13586)
* website/docs: Clarify setup flow. Document local overrides.

* Update website/docs/developer-docs/setup/frontend-dev-environment.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/setup/frontend-dev-environment.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/setup/frontend-dev-environment.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/setup/frontend-dev-environment.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/setup/frontend-dev-environment.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/setup/frontend-dev-environment.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/setup/full-dev-environment.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/install-config/install/docker-compose.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/setup/frontend-dev-environment.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/setup/full-dev-environment.mdx

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* Update authentik/lib/default.yml

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* fix linting to please the ci check

---------

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
2025-03-27 11:49:16 -05:00
d72def0368 web/admin: add sync status refresh button (#13678)
* web/admin: add refresh button to sync status card

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* auto-expand if there's just one task

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-27 00:06:12 +01:00
5bcf501842 outposts/ldap: fix paginator going into infinite loop (#13677)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-27 00:05:43 +01:00
13fc216c68 website/integrations-all: convert authentik configuration to wizard (#13144)
* init

* 6 more

* tana...

* quick reformat

* welp only time for one change

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* Revert "wip"

This reverts commit e71f0d22e3f093350e8d12eaad5e5c0f9d38253c.

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* wip

* a
2025-03-26 16:38:57 -05:00
27aed4b315 web: ensure wizard modal closes on first cancel click (#13636)
The application wizard modal previously required two clicks of the cancel
button to close when opened from the User Interface.
This was caused by improper event handling where events
would propagate up the DOM tree potentially triggering multiple handlers.
2025-03-26 18:16:46 +01:00
84b5992e55 ci: bump golangci/golangci-lint-action from 6 to 7 (#13661)
* ci: bump golangci/golangci-lint-action from 6 to 7

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix v2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix v3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-26 18:03:20 +01:00
7eb985f636 website: bump the build group in /website with 3 updates (#13660)
Bumps the build group in /website with 3 updates: [@swc/core-darwin-arm64](https://github.com/swc-project/swc), [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) and [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc).


Updates `@swc/core-darwin-arm64` from 1.11.12 to 1.11.13
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.12...v1.11.13)

Updates `@swc/core-linux-arm64-gnu` from 1.11.12 to 1.11.13
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.12...v1.11.13)

Updates `@swc/core-linux-x64-gnu` from 1.11.12 to 1.11.13
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.12...v1.11.13)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-26 17:05:42 +01:00
d3172ae904 web: bump vite from 5.4.14 to 5.4.15 in /web (#13672)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.14 to 5.4.15.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.15/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.15/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-26 14:22:25 +01:00
88662b54c1 core: bump astral-sh/uv from 0.6.9 to 0.6.10 (#13669)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.6.9 to 0.6.10.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.6.9...0.6.10)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-26 12:01:43 +01:00
b38bc8c1c4 lifecycle/aws: bump aws-cdk from 2.1005.0 to 2.1006.0 in /lifecycle/aws (#13670)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1005.0 to 2.1006.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1006.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-26 12:00:06 +01:00
a9b648842a website/docs: Flesh out integrations copy changes. (#13619)
* website/docs: Flesh out integrations copy changes.

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* Lint.

* Revert removed section. Fix links.

* reorder integrations page sections

Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>

* add back page title

Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>

* move cards to very end of topic

* fix broken anchor link

---------

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Fletcher Heisler <fheisler@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Fletcher Heisler <fheisler@users.noreply.github.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
2025-03-25 12:40:21 -05:00
5fda531e2b website/docs: add section on how to capture logs (#13662)
* Added logs file with basic instructions for capturing logs

* Included kubernetes instructions

* Fixed typos

* Fixed commands

* typo

* Updated kubernetes section

* updated as per suggestions from Dominic

* further changes to simplify the document

* Added section about Ctrl + C to stop logs

---------

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-03-25 12:28:57 -05:00
921a3e6eb8 website/docs: Add Fleet integration. (#13618)
* website/docs: Add Fleet integration.

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* Update website/integrations/services/fleet/index.md

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* Update index.md

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* website/docs: Reorder.

---------

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-03-25 11:54:16 -05:00
fd898bea66 stages/email: Clean newline characters in TemplateEmailMessage (#13666)
* Clean new line characters in TemplateEmailMessage

* Use blankspace replace in names

* Use blankspace replace in names
2025-03-25 12:39:29 -04:00
cbf9ee55ae root: new issue template for Docs (#13659)
* new issue template for Docs

* added note about a PR

* Update .github/ISSUE_TEMPLATE/docs_issue.md

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update .github/ISSUE_TEMPLATE/docs_issue.md

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-25 11:38:17 -05:00
590ee7d9d4 core, web: update translations (#13658)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-25 12:47:51 +01:00
b8cd1d1ae2 website/docs: fix referral of Paperless-ng (#13657)
Original description referred to Paperless-ngx as being a fork of Paperless-ngx instead of Paperless-ng (without x).

Signed-off-by: joeftiger <j.oeftiger@protonmail.com>
2025-03-24 18:44:08 -05:00
9f9524fbcb ci: stop publishing latest tag (#13245)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-24 20:23:55 +00:00
1df87cdf77 root: fix dependency install due to description-file (#13655)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-24 20:18:18 +00:00
6383550914 admin: fix system API when using bearer token (#13651)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-24 14:42:20 +00:00
10771b4779 website: bump the build group in /website with 6 updates (#13645)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.11` | `1.11.12` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.11` | `1.11.12` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.11` | `1.11.12` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.11` | `1.11.13` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.11` | `1.11.13` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.11` | `1.11.13` |


Updates `@swc/core-darwin-arm64` from 1.11.11 to 1.11.12
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.11...v1.11.12)

Updates `@swc/core-linux-arm64-gnu` from 1.11.11 to 1.11.12
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.11...v1.11.12)

Updates `@swc/core-linux-x64-gnu` from 1.11.11 to 1.11.12
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.11...v1.11.12)

Updates `@swc/html-darwin-arm64` from 1.11.11 to 1.11.13
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.11...v1.11.13)

Updates `@swc/html-linux-arm64-gnu` from 1.11.11 to 1.11.13
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.11...v1.11.13)

Updates `@swc/html-linux-x64-gnu` from 1.11.11 to 1.11.13
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.11...v1.11.13)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 14:41:38 +00:00
fcaf1193ed core: bump goauthentik.io/api/v3 from 3.2025022.5 to 3.2025022.6 (#13646)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025022.5 to 3.2025022.6.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025022.5...v3.2025022.6)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 14:41:27 +00:00
b9f6093e6f translate: Updates for file web/xliff/en.xlf in fr (#13653)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-24 13:52:37 +00:00
47f6d59758 translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#13652)
Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-24 13:52:12 +00:00
59d20e3bc0 website/integrations: add tandoor (#13560)
* website/integrations: add tandoor

* Update website/integrations/services/tandoor/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <chwshka@outlook.com>

* Update website/integrations/services/tandoor/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <chwshka@outlook.com>

* Update website/integrations/services/tandoor/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <chwshka@outlook.com>

* Update website/integrations/services/tandoor/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <chwshka@outlook.com>

* Updated to match recommendations

* Update website/integrations/services/tandoor/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <chwshka@outlook.com>

* Further updates to match suggestions

* Updated to use <kbd> and <em> tags

* fixed codeblock

* Added explanatory text and removed extra EM tags

* fixed prettier issue

* moved ` to line 52

---------

Signed-off-by: Dewi Roberts <chwshka@outlook.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-03-24 07:55:34 -05:00
ae347cd1c5 core, web: update translations (#13642)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-24 11:08:44 +01:00
7653a35caa providers/scim: fix group membership check failing (#13644)
closes #12917

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-24 02:51:04 +00:00
dc9b12fd37 ci: add semgrep (#13643)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-24 00:40:41 +00:00
b7dac0674a flows: fix API not returning configured background (#13641)
* flows: fix API not returning configured background

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-24 00:10:45 +00:00
5a17dea765 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13631)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-23 20:08:15 +00:00
044547c316 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#13633)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-23 20:07:53 +00:00
6a84e7e6b0 translate: Updates for file web/xliff/en.xlf in zh_CN (#13632)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-23 20:07:51 +00:00
6d4bb77960 translate: Updates for file web/xliff/en.xlf in zh-Hans (#13634)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-23 20:07:37 +00:00
1b588b98bc brands: fix migration 0008 by removing incorrect context manager usage (#13635)
core: brands: fix migration 0008
2025-03-23 19:42:33 +00:00
3eccef88aa web: Fix prop. (#13630) 2025-03-22 17:18:07 +01:00
8f50dfa0c5 core, web: update translations (#13628)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-22 13:28:36 +00:00
8417d8508f web/admin: reworked sync status card (#13625)
* reworked sync status

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update imports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add story and fix import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-21 22:48:28 +00:00
b2c2fc001b core: bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#13626)
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-21 22:48:16 +00:00
f60312cbbc translate: Updates for file web/xliff/en.xlf in zh-Hans (#13622)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-21 20:16:25 +00:00
7614b17a05 web: bump API Client version (#13623)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-21 20:16:17 +00:00
8947376edb translate: Updates for file web/xliff/en.xlf in zh_CN (#13621)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-21 20:16:12 +00:00
ce23209ae8 events: add configurable headers to webhooks (#13602)
* events: add configurable headers to webhooks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make it a full thing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-21 19:37:15 +00:00
0b806b7130 web: Client-side MDX rendering (#13610)
* web: Allow build errors to propagate.

* web: Refactor MDX for client-side rendering.

* Remove override

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

* revert css for links and tables

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web: Move Markdown specific styles.

---------

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-21 19:32:52 +00:00
9538cf4690 website/docs: revert token_expiry format in example blueprint (#13582)
* revert token_expiry format in example blueprint

Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>

* Revert blueprint change, use hard link to the previous version in the docs

---------

Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
2025-03-21 19:13:35 +01:00
63da458fb3 website: update header to match goauthentik.io (#13616)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-21 17:33:44 +00:00
873dab29a9 translate: Updates for file web/xliff/en.xlf in fr (#13615)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-21 16:28:58 +00:00
1e96c80593 core, web: update translations (#13608)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-21 17:14:08 +01:00
ee4a922234 core: bump astral-sh/uv from 0.6.8 to 0.6.9 (#13612)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.6.8 to 0.6.9.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.6.8...0.6.9)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-21 17:11:54 +01:00
37a2eff716 website: components: add multilinecodeblock component (#13179)
* wip

* wip

* wip

Signed-off-by: Dominic R <dominic@sdko.org>

wip

Signed-off-by: Dominic R <dominic@sdko.org>

wip

* wip

* wip

* move css to same folder

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-21 10:08:24 -05:00
50e2f1c474 website/docs: add clarification about formatting URLs to Style Guide (#13601)
* a few additions

* codespell fixes??

* clarify URL formatting

* tweak

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* conflict of course

* bump build

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Dominic R <dominic@sdko.org>
2025-03-20 20:10:34 -05:00
ab7338b50e core: bump github.com/redis/go-redis/v9 from 9.7.1 to 9.7.3 (#13603)
Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.7.1 to 9.7.3.
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/go-redis/compare/v9.7.1...v9.7.3)

---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/v9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-20 19:41:12 +00:00
bcdc6fcd36 lib: set a default HTTP timeout on outgoing requests (#13599)
* lib: set a default HTTP timeout on outgoing requests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-20 16:44:12 +00:00
98c3e0d68b website/integrations: add miniflux (#13559)
* website/integrations: add miniflux

* fixes authentik capitalisation

* Updated to match suggestions

* Update website/integrations/services/miniflux/index.md

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <chwshka@outlook.com>

* Updated to include <kbd> and <em> tags

* fixed codeblock

* Added explanatory text and removed extra EM tags

* fixed prettier issue

* Update website/integrations/services/miniflux/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <chwshka@outlook.com>

* Update website/integrations/services/miniflux/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/miniflux/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Dewi Roberts <chwshka@outlook.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-03-20 08:52:49 -05:00
a2b82b6448 web: bump API Client version (#13585)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-20 13:08:26 +00:00
0456ace646 core: bump goauthentik.io/api/v3 from 3.2025022.3 to 3.2025022.5 (#13594)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025022.3 to 3.2025022.5.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025022.3...v3.2025022.5)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-20 13:08:13 +00:00
d3a11ce810 website/docs: style guide & integration template: revamp (#12929)
* website/docs: style guide: revamp

* fix anchor

* Update style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/developer-docs/docs/style-guide.mdx

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* Tana's suggested format 

Signed-off-by: Dominic R <dominic@sdko.org>

* lint

* wip

Signed-off-by: Dominic R <dominic@sdko.org>

* wip

Signed-off-by: Dominic R <dominic@sdko.org>

* wip

lint

* Update website/docs/developer-docs/docs/style-guide.mdx

Signed-off-by: Dominic R <dominic@sdko.org>

* tana

* fix

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-03-20 07:47:00 -05:00
bfd1445c69 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#13592)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-20 07:58:17 +00:00
c2b3e9b05c translate: Updates for file web/xliff/en.xlf in fr (#13597)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-20 07:57:31 +00:00
2c7d841e4a translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#13596)
Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-20 07:55:47 +00:00
c5d13c4a15 translate: Updates for file web/xliff/en.xlf in zh-Hans (#13593)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-20 08:40:22 +01:00
079ef6e114 translate: Updates for file web/xliff/en.xlf in zh_CN (#13591)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-20 08:40:02 +01:00
98bfca0b4d translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13590)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-20 08:40:00 +01:00
a247bd5b9f core, web: update translations (#13584)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-20 01:07:24 +00:00
27856ec301 brands: add option to set global default flow background (#13079)
* brands: add option to set global default flow background

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-20 01:07:05 +00:00
e4a8c05d25 web/admin: fix diff showing previous false as "-" (#13580)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-19 23:06:37 +00:00
cb2e0c6d54 web: bump API Client version (#13581)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-19 23:04:21 +00:00
f37e1ca642 brands: migrate custom CSS to brands (#13172)
* brands: migrate custom CSS to brands

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing default

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simpler migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add css to brand form

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-19 22:52:38 +00:00
70b1f05a84 website/integrations: jellyfin: update OIDC plugin installation (#13544)
Updated OIDC plugin installation

Signed-off-by: Махно Артём Сергеевич <Netoen@users.noreply.github.com>
2025-03-19 20:49:26 +01:00
192ed8f494 root: fix uv lock file on macOS (#13578)
* root: fix uv lock on macOS

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add make run

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-19 20:38:27 +01:00
b69d77d270 core: bump goauthentik.io/api/v3 from 3.2025022.2 to 3.2025022.3 (#13576)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025022.2 to 3.2025022.3.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025022.2...v3.2025022.3)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-19 19:23:42 +00:00
35b6801ba0 core: bump astral-sh/uv from 0.6.6 to 0.6.8 (#13577)
Bumps [astral-sh/uv](https://github.com/astral-sh/uv) from 0.6.6 to 0.6.8.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/uv/compare/0.6.6...0.6.8)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-19 19:23:19 +00:00
f9e6f57aad lifecycle/aws: bump aws-cdk from 2.1004.0 to 2.1005.0 in /lifecycle/aws (#13574)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1004.0 to 2.1005.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1005.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-19 16:46:35 +00:00
868261c883 root: replace poetry with uv (#13388) 2025-03-19 16:29:18 +00:00
b6442c233d web: Fix inline documentation rendering (#13379)
web: Fix issues surrounding markdown rendering.

- Fix issue where Mermaid diagrams do not render.
- Fix link colors in dark mode.
- Fix anchored links triggering router.
- Fix issue where links occasionally link to missing page.
2025-03-19 17:09:47 +01:00
74292e6c23 web: bump API Client version (#13572)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-19 15:02:17 +00:00
3e2cf4fd30 core: bump msgraph-sdk from 1.24.0 to 1.25.0 (#13570)
Bumps [msgraph-sdk](https://github.com/microsoftgraph/msgraph-sdk-python) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/microsoftgraph/msgraph-sdk-python/releases)
- [Changelog](https://github.com/microsoftgraph/msgraph-sdk-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/microsoftgraph/msgraph-sdk-python/compare/v1.24.0...v1.25.0)

---
updated-dependencies:
- dependency-name: msgraph-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-19 15:02:06 +00:00
05cbb4ce0c core: bump goauthentik.io/api/v3 from 3.2025022.1 to 3.2025022.2 (#13569)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025022.1 to 3.2025022.2.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025022.1...v3.2025022.2)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-19 15:01:54 +00:00
c93d85731c providers/saml: configurable AuthnContextClassRef (#13566)
* providers/saml: make AuthnContextClassRef configurable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers/saml: fix incorrect AuthInstant

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-19 14:42:55 +00:00
d163afe87c website/integrations: Beszel (#12905)
* initial release

* Ready for PR

* never changed this?

Used these commands after fresh git pull:

make lint-fix && npx prettier --write ./website/integrations/services/beszel/index.mdx && make website


Signed-off-by: NiceDevil <17103076+nicedevil007@users.noreply.github.com>

* reference to PocketBase

As @4d62 suggestet, here is the much simpler version as it uses 1:1 settings from PocketBase

* index.mdx aktualisieren

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: NiceDevil <17103076+nicedevil007@users.noreply.github.com>

* index.mdx aktualisieren

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: NiceDevil <17103076+nicedevil007@users.noreply.github.com>

* index.mdx aktualisieren

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: NiceDevil <17103076+nicedevil007@users.noreply.github.com>

* add full instructions

* add Beszel config

* Update website/integrations/services/beszel/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/integrations/services/beszel/index.mdx

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* correct redirect URI

Signed-off-by: NiceDevil <17103076+nicedevil007@users.noreply.github.com>

---------

Signed-off-by: NiceDevil <17103076+nicedevil007@users.noreply.github.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: nicedevil007 <nicedevil007@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
2025-03-18 17:34:28 -05:00
eac2c9a12b website/docs: Apple Business Manager Integration. (#13319)
website/docs: Flesh out Apple Business Manager integration.

- Fix missing required attribute.
- Adjust visible headers in table of contents.
- Fix Docusaurus warning for nested paragraphs.
2025-03-18 19:56:34 +00:00
c10e4a9063 website: package.json: copy over schema for npm run watch (#13543)
* root: Makefile: copy over schema for website-watch

`make website-watch` will fail with the following error if the schema.yml file is not present in the website's static directory. This was tested on a branch up to date with main with the schema file I copied over removed.
```
➜  authentik git:(sdko/integrations-all/migr-to-wizard) ✗ w
cd website && npm run watch

> @goauthentik/website-docs@0.0.0 watch
> docusaurus gen-api-docs all && docusaurus start

(node:102678) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Loading of api failed for "/home/d/Code/authentik/website/static/schema.yml"

[ERROR] [Error: ENOENT: no such file or directory, lstat '/home/d/Code/authentik/website/static/schema.yml'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'lstat',
  path: '/home/d/Code/authentik/website/static/schema.yml'
}
[INFO] Docusaurus version: 3.7.0
Node version: v23.6.1
make: *** [Makefile:233: website-watch] Error 1
```

We should copy over the schema each time in case it changes. Adding it to this Makefile instruction as [official docs](https://docs.goauthentik.io/docs/developer-docs/setup/website-dev-environment) tell users to run `make website-install` which simply `npm ci`s, then this...

Signed-off-by: Dominic R <dominic@sdko.org>

* tabs?

Signed-off-by: Dominic R <dominic@sdko.org>

* Update Makefile

Signed-off-by: Dominic R <dominic@sdko.org>

* Update package.json

Signed-off-by: Dominic R <dominic@sdko.org>

* Update package.json

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-03-18 16:02:52 +00:00
4e4adcc672 web: bump API Client version (#13565)
* web: bump API Client version

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* fix migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-18 14:48:55 +00:00
bb20576d84 providers/scim: save attributes returned from remote system like google workspace and entra ID (#13459)
providers/scim: save attributes returned from remote system like google workspace and entra

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-18 13:35:56 +00:00
5f315bddbd scripts: postgres: print statements (#13537)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-18 13:34:39 +00:00
9e0404646b core: bump goauthentik.io/api/v3 from 3.2025021.4 to 3.2025022.1 (#13556)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025021.4 to 3.2025022.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025021.4...v3.2025022.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-18 13:34:20 +00:00
45883ff86b core: bump sentry-sdk from 2.22.0 to 2.23.1 (#13557)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.22.0 to 2.23.1.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.22.0...2.23.1)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-18 13:34:13 +00:00
915f5689c6 website: bump the build group in /website with 6 updates (#13558)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.9` | `1.11.11` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.9` | `1.11.11` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.9` | `1.11.11` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.9` | `1.11.11` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.9` | `1.11.11` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.9` | `1.11.11` |


Updates `@swc/core-darwin-arm64` from 1.11.9 to 1.11.11
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.9...v1.11.11)

Updates `@swc/core-linux-arm64-gnu` from 1.11.9 to 1.11.11
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.9...v1.11.11)

Updates `@swc/core-linux-x64-gnu` from 1.11.9 to 1.11.11
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.9...v1.11.11)

Updates `@swc/html-darwin-arm64` from 1.11.9 to 1.11.11
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.9...v1.11.11)

Updates `@swc/html-linux-arm64-gnu` from 1.11.9 to 1.11.11
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.9...v1.11.11)

Updates `@swc/html-linux-x64-gnu` from 1.11.9 to 1.11.11
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.9...v1.11.11)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-18 13:33:39 +00:00
ce1ea926f8 web: bump API Client version (#13555)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-17 21:27:43 +00:00
2e3624ea82 release: 2025.2.2 (#13554) 2025-03-17 22:10:22 +01:00
4e52fb7e52 stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#13541)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-17 20:06:27 +00:00
7e36fb2153 website: Bump the build group in /website with 3 updates (#13549)
Bumps the build group in /website with 3 updates: [lightningcss-darwin-arm64](https://github.com/parcel-bundler/lightningcss), [lightningcss-linux-arm64-gnu](https://github.com/parcel-bundler/lightningcss) and [lightningcss-linux-x64-gnu](https://github.com/parcel-bundler/lightningcss).


Updates `lightningcss-darwin-arm64` from 1.29.2 to 1.29.3
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.29.2...v1.29.3)

Updates `lightningcss-linux-arm64-gnu` from 1.29.2 to 1.29.3
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.29.2...v1.29.3)

Updates `lightningcss-linux-x64-gnu` from 1.29.2 to 1.29.3
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.29.2...v1.29.3)

---
updated-dependencies:
- dependency-name: lightningcss-darwin-arm64
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: lightningcss-linux-arm64-gnu
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: lightningcss-linux-x64-gnu
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 20:05:43 +00:00
2b00754324 website/docs: prepare for 2025.2.2 (#13552) 2025-03-17 18:53:39 +01:00
12a73ef306 core: Bump aws-cdk-lib from 2.184.0 to 2.184.1 (#13547)
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.184.0 to 2.184.1.
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/compare/v2.184.0...v2.184.1)

---
updated-dependencies:
- dependency-name: aws-cdk-lib
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 18:51:58 +01:00
4469db9b23 core: Bump coverage from 7.6.12 to 7.7.0 (#13548)
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.6.12 to 7.7.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.12...7.7.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 18:50:48 +01:00
b7beac6795 stages/identification: check captcha after checking authentication (#13533) 2025-03-17 17:10:00 +00:00
ad27f268dc website/docs: dev docs: bump node/postgres requirements (#13516)
* wip

Bump Node from 20 to 22 SRC:d4805f326f/Dockerfile (L4)

Signed-off-by: Dominic R <dominic@sdko.org>

* wip

Bump Node 21 -> 22 SRC:d4805f326f/Dockerfile (L4)
Bump PG 14 -> 16 SRC:8fc23141d4/charts/authentik/Chart.yaml (L33) + d4805f326f/docker-compose.yml (L5)

Signed-off-by: Dominic R <dominic@sdko.org>

* wip

Bump Node 20 -> 22 SRC:d4805f326f/Dockerfile (L4)

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-03-14 16:04:29 -05:00
a3f86115e1 sources: prevent deletion of built-in source (#12914)
* web: sources: disable "delete" button for built-in source

* poetry doesn't like that I use python 3.13 / implement check on backend too

* fix ruff i think

Signed-off-by: Dominic R <git@sdko.org>

* nvm

Signed-off-by: Dominic R <git@sdko.org>

* reformat

* check by managed attribute

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* like this?

---------

Signed-off-by: Dominic R <git@sdko.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Dominic R <git@sdko.org>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-14 17:39:09 +00:00
75eb025ef4 core: bump django-tenants (#13536)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-14 17:14:24 +01:00
efb3803371 website/docs: dev docs: full: remove note on installing shell plugin (#13515)
In https://github.com/goauthentik/authentik/pull/13460 , we replaced `poetry shell` with `poetry env activate`. As a result, we no longer need to tell the user to install this plugin.

Signed-off-by: Dominic R <dominic@sdko.org>
2025-03-14 16:57:51 +01:00
904d6cd81b sources/oauth: fix duplicate authentication (#13322)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-14 15:53:43 +00:00
b445cff4c9 web/admin: fix comment being rendered (#13530)
* web/admin: fix comment being rendered

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-14 14:52:16 +00:00
89437ac73b core: Bump aws-cdk-lib from 2.183.0 to 2.184.0 (#13522)
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.183.0 to 2.184.0.
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/compare/v2.183.0...v2.184.0)

---
updated-dependencies:
- dependency-name: aws-cdk-lib
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-14 14:16:03 +00:00
e354e110ca core, web: update translations (#13520)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-14 14:15:54 +00:00
cf5eea74ee lifecycle/aws: Bump aws-cdk from 2.1003.0 to 2.1004.0 in /lifecycle/aws (#13524)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1003.0 to 2.1004.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1004.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-14 14:15:41 +00:00
54433e614a core: Bump github.com/coreos/go-oidc/v3 from 3.12.0 to 3.13.0 (#13525)
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.12.0 to 3.13.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.12.0...v3.13.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-14 14:15:29 +00:00
78a02ff1f0 providers/rac: fix signals and Endpoint caching (#13529)
* fix RAC signals

And possibly other things by not using `ManagedAppConfig`. This was
broken by 2128e7f45f.

* invalidate Endpoint cache on update or delete

This will result in more invalidations, but it will also fix some
invalid Endpoint instances from showing up in Endpoint lists.

Since an Endpoint can be tied to a Policy, some invalid results can
still show up if the result of the Policy changes (either because the
Policy itself changes or because data checked by that Policy changes).

Even with those potentially invalid results, I believe the caching
itself is advantageous as long as the API provides an option for
`superuser_full_list`.
2025-03-14 15:09:12 +01:00
749e015414 web/flows: fix missing padding on authenticator_validate card (#13420)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-13 23:46:03 +00:00
2c9bf4befe web/user: show admin interface button on mobile (#13421) 2025-03-13 23:45:30 +00:00
f14b2fd4c5 website: Bump the build group in /website with 6 updates (#13501)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.8` | `1.11.9` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.8` | `1.11.9` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.8` | `1.11.9` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.8` | `1.11.9` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.8` | `1.11.9` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.8` | `1.11.9` |


Updates `@swc/core-darwin-arm64` from 1.11.8 to 1.11.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.8...v1.11.9)

Updates `@swc/core-linux-arm64-gnu` from 1.11.8 to 1.11.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.8...v1.11.9)

Updates `@swc/core-linux-x64-gnu` from 1.11.8 to 1.11.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.8...v1.11.9)

Updates `@swc/html-darwin-arm64` from 1.11.8 to 1.11.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.8...v1.11.9)

Updates `@swc/html-linux-arm64-gnu` from 1.11.8 to 1.11.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.8...v1.11.9)

Updates `@swc/html-linux-x64-gnu` from 1.11.8 to 1.11.9
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.8...v1.11.9)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-13 23:09:16 +00:00
cda764c5fd core: Bump goauthentik.io/api/v3 from 3.2025021.3 to 3.2025021.4 (#13495)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025021.3 to 3.2025021.4.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025021.3...v3.2025021.4)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-13 19:57:05 +00:00
4cee9f3a31 core: Bump importlib-metadata from 8.5.0 to 8.6.1 (#13499)
Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.5.0 to 8.6.1.
- [Release notes](https://github.com/python/importlib_metadata/releases)
- [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst)
- [Commits](https://github.com/python/importlib_metadata/compare/v8.5.0...v8.6.1)

---
updated-dependencies:
- dependency-name: importlib-metadata
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-13 19:56:56 +00:00
9972b43399 core: Bump msgraph-sdk from 1.23.0 to 1.24.0 (#13500)
Bumps [msgraph-sdk](https://github.com/microsoftgraph/msgraph-sdk-python) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/microsoftgraph/msgraph-sdk-python/releases)
- [Changelog](https://github.com/microsoftgraph/msgraph-sdk-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/microsoftgraph/msgraph-sdk-python/compare/v1.23.0...v1.24.0)

---
updated-dependencies:
- dependency-name: msgraph-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-13 19:56:47 +00:00
d4805f326f core: Bump google-api-python-client from 2.163.0 to 2.164.0 (#13498)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.163.0 to 2.164.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.163.0...v2.164.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-13 19:49:41 +01:00
38864e8e9a core: Bump aws-cdk-lib from 2.182.0 to 2.183.0 (#13496)
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.182.0 to 2.183.0.
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/compare/v2.182.0...v2.183.0)

---
updated-dependencies:
- dependency-name: aws-cdk-lib
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-13 19:48:03 +01:00
5618545248 core: Bump psycopg from 3.2.5 to 3.2.6 (#13497)
Bumps [psycopg](https://github.com/psycopg/psycopg) from 3.2.5 to 3.2.6.
- [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst)
- [Commits](https://github.com/psycopg/psycopg/compare/3.2.5...3.2.6)

---
updated-dependencies:
- dependency-name: psycopg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-13 19:44:29 +01:00
876feccd51 translate: Updates for file web/xliff/en.xlf in fr (#13514)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-13 17:35:04 +00:00
2e28683381 translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#13513)
Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-13 17:34:19 +00:00
5d803a9bf3 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#13510)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-13 18:16:48 +01:00
c7b3272cf6 translate: Updates for file web/xliff/en.xlf in zh-Hans (#13511)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-13 18:16:30 +01:00
2688fa4fe8 translate: Updates for file web/xliff/en.xlf in zh_CN (#13509)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-13 18:16:23 +01:00
b713660e5d translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13508)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-13 18:16:07 +01:00
de237aab10 core, web: update translations (#13494)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-13 14:07:02 +01:00
4068d67424 website: remove the last updated option from footer (#13493)
* really remove the last updated option

* fix background colour in different themes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-12 18:59:21 +00:00
ab6595b597 translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#13487)
Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-12 18:30:52 +00:00
0f89b6b746 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13488)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-12 18:30:40 +00:00
45f74debd9 web: bump API Client version (#13491)
* web: bump API Client version

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* fix duplicate strings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-12 18:30:26 +00:00
5a52225ee2 outposts/controllers: k8s: sanitize resource names to comply with DNS subdomain standards (#13444)
* wip

* wip[skip ci]

* add some tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-12 18:11:46 +00:00
d36f0d187b website: Bump @babel/helpers from 7.26.0 to 7.26.10 in /website (#13471)
Bumps [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) from 7.26.0 to 7.26.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-helpers)

---
updated-dependencies:
- dependency-name: "@babel/helpers"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-12 18:11:17 +00:00
b7bfbff2fe core: Bump goauthentik.io/api/v3 from 3.2025021.2 to 3.2025021.3 (#13479)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025021.2 to 3.2025021.3.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025021.2...v3.2025021.3)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-12 18:11:09 +00:00
46d8be8d20 souces/oauth: reddit: fix duplicate keyword auth (#13466)
* wip

Closes https://github.com/goauthentik/authentik/issues/13464

The issue was that the auth parameter was being passed twice:
Once directly in the get_access_token call: super().get_access_token(auth=auth)
And again in the parent class's get_access_token method where it sets auth=(self.get_client_id(), self.get_client_secret())

The fix:
Instead of passing auth directly to get_access_token, we now add it to the request_kwargs dictionary
Then we pass all the request kwargs to the parent method using **request_kwargs

* wip

lint
2025-03-12 18:10:41 +00:00
58158f61e4 website: Bump @babel/runtime-corejs3 from 7.26.0 to 7.26.10 in /website (#13473)
Bumps [@babel/runtime-corejs3](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime-corejs3) from 7.26.0 to 7.26.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime-corejs3)

---
updated-dependencies:
- dependency-name: "@babel/runtime-corejs3"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-12 17:03:43 +00:00
9543800442 web: Bump @babel/runtime-corejs3 from 7.25.7 to 7.26.10 in /web (#13474)
Bumps [@babel/runtime-corejs3](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime-corejs3) from 7.25.7 to 7.26.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime-corejs3)

---
updated-dependencies:
- dependency-name: "@babel/runtime-corejs3"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-12 17:03:33 +00:00
c0adac3625 core: Bump structlog from 25.1.0 to 25.2.0 (#13476)
Bumps [structlog](https://github.com/hynek/structlog) from 25.1.0 to 25.2.0.
- [Release notes](https://github.com/hynek/structlog/releases)
- [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hynek/structlog/compare/25.1.0...25.2.0)

---
updated-dependencies:
- dependency-name: structlog
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-12 17:03:16 +00:00
cd7dce2cae core: Bump twilio from 9.4.6 to 9.5.0 (#13478)
Bumps [twilio](https://github.com/twilio/twilio-python) from 9.4.6 to 9.5.0.
- [Release notes](https://github.com/twilio/twilio-python/releases)
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md)
- [Commits](https://github.com/twilio/twilio-python/compare/9.4.6...9.5.0)

---
updated-dependencies:
- dependency-name: twilio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-12 17:02:56 +00:00
09570a30f9 website: Bump @babel/runtime from 7.26.0 to 7.26.10 in /website (#13472)
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.26.0 to 7.26.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-12 17:02:37 +00:00
8617bb098d translate: Updates for file web/xliff/en.xlf in fr (#13486)
* Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

* Removing web/xliff/en.xlf in fr

99% of minimum 100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

* Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-12 16:57:19 +00:00
c47fb2612a providers/scim: add compatibility mode for AWS & Slack (#13342)
* providers/scim: override AWS patch support

AWS /ServiceProviderConfig query responds that it supports patch,
 but they only support patching a single group property.
resolves #12321

* introduce compatibility mode for scim provider instead of hack

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* add option for slack

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-12 16:56:30 +00:00
23c0d90b3e website: Bump the build group in /website with 3 updates (#13480)
Bumps the build group in /website with 3 updates: [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack), [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) and [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack).


Updates `@rspack/binding-darwin-arm64` from 1.2.7 to 1.2.8
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.2.8/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.2.7 to 1.2.8
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.2.8/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.2.7 to 1.2.8
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.2.8/packages/rspack)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-12 16:51:55 +00:00
593ae3b52e providers/oauth2: offline_access don't require explicit consent (#13419)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#9312
2025-03-12 16:51:10 +00:00
7a62965928 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#13489)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-12 16:48:26 +00:00
2d060576c7 core, web: update translations (#13475)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-12 17:32:29 +01:00
a51252e1d3 translate: Updates for file web/xliff/en.xlf in zh-Hans (#13482)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-12 17:31:34 +01:00
20904776bb translate: Updates for file web/xliff/en.xlf in zh_CN (#13481)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-12 17:31:23 +01:00
4a50c1f640 website: edit the new footer with links (#13433)
* changes requested

* tweaks

* tweak

* fix github text

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve styling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* keep opacity

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix missing bash highlight

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-12 09:58:51 -05:00
41555c88c4 website/docs: ops/backup-restore: add "pending emails" to lost redis data (#13483)
* website/docs: ops/backup-restore: add "email invitations" to lost redis data 

Adds email invitations to the examples of data loss in the Redis section.

Resolves https://github.com/goauthentik/authentik/pull/12943#issuecomment-2707702812

Signed-off-by: Dominic R <dominic@sdko.org>

* i'm blind

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-03-12 08:33:00 -05:00
408e6ec34e website/integrations: add Mautic (#13324)
* website/integrations: add Mautic

* website/integrations: improve Mautic as suggested in goauthentik/authentik#13324

* website/integrations: change Mautic description to their websites meta-description

* website/integrations: clear up Mautic instructions, improve formatting

* website/integrations: clear up Mautic instructions for certificate generation

* website/integrations: move Mautic certificate generation to Troubleshooting

* website/integrations: Improve Mautic formatting

* website/integrations: For Mautic, make labels bold
2025-03-12 07:35:02 -05:00
5bc65e253b sources/oauth: ignore missing well-known keys (#13468)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-11 23:56:53 +00:00
f5d1f72d22 web: bump API Client version (#13469)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-11 23:56:41 +00:00
ec9e815e7a root: bump python client generator version (#13467)
* root: bump python client generator version

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* run version generate without poetry

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-11 23:37:35 +00:00
b0671e26c8 stages/email: token_expiry format (#13394)
* Change token_expiry type from integer to text in Email Stage to unify with timedelta_string_validator

* Add migration file for token_expiry format, change from number to text field in the UI

* Fix token_expiry new format in stage.py in Email Stage

* fix linting

* Update web/src/admin/stages/email/EmailStageForm.ts

Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* Use db_alias and using() for the queries

* Make valid_delta more readable

* use <ak-utils-time-delta-help> in the UI

* fix missing import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-11 17:22:30 +01:00
f185a41813 core, web: update translations (#13438)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-11 16:12:08 +00:00
a2211135bc website/docs: in developer docs replace deprecated poetry shell command (#13460)
* wip

Signed-off-by: Dominic R <dominic@sdko.org>

* Rev

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-03-11 10:20:51 -05:00
b082849fb5 web: Ignore Storybook when running codespell. (#13454) 2025-03-11 13:28:29 +00:00
e933fd5692 core: bump ruff from 0.9.9 to 0.9.10 (#13448)
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.9.9 to 0.9.10.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.9...0.9.10)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-11 13:26:33 +00:00
38649e5347 core: bump webauthn from 2.5.1 to 2.5.2 (#13449)
Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 2.5.1 to 2.5.2.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Changelog](https://github.com/duo-labs/py_webauthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v2.5.1...v2.5.2)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-11 13:24:47 +00:00
ff91ecf873 website/docs: backup and restore: remove extra period (#13440)
* website/docs: backup and restore: remove extra period

shameful

Signed-off-by: Dominic R <dominic@sdko.org>

* wip

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-03-11 06:27:36 -05:00
15ee17ea60 website: bump prismjs from 1.29.0 to 1.30.0 in /website (#13456)
Bumps [prismjs](https://github.com/PrismJS/prism) from 1.29.0 to 1.30.0.
- [Release notes](https://github.com/PrismJS/prism/releases)
- [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md)
- [Commits](https://github.com/PrismJS/prism/compare/v1.29.0...v1.30.0)

---
updated-dependencies:
- dependency-name: prismjs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-11 00:55:12 +00:00
75a6d8c0c5 web: bump prismjs from 1.29.0 to 1.30.0 in /web (#13455)
Bumps [prismjs](https://github.com/PrismJS/prism) from 1.29.0 to 1.30.0.
- [Release notes](https://github.com/PrismJS/prism/releases)
- [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md)
- [Commits](https://github.com/PrismJS/prism/compare/v1.29.0...v1.30.0)

---
updated-dependencies:
- dependency-name: prismjs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-11 00:54:59 +00:00
ef4d532b9c web: admin interface: faster card load (#13331)
* wip

* wip

* try to make this work with ken's writeup

Signed-off-by: Dominic R <dominic@sdko.org>

* wip

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-03-10 08:34:51 -07:00
985d491073 web/admin: fix display bug for assigned users in application bindings in the wizard (#13435)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/admin: fix display bug for assigned users in application bindings in the wizard

## What

Modifies the type-of-binding detection algorithm to check if there's a user field and
that it's a number.

## Why

The original type-of-binding detector checked if the field was set and asserted that it was a string
of at least one character. Unfortunately, this doesn't work for `user`, where the primary key is an
integer. Changing the algorithm to "It's really a string with something in it, *or* it's a number,"
works.

## Testing

- Ensure you have at least one user you can use, and that user has a username.
- Navigate through the Application Wizard until you reach the binding page.
- Create a user binding
- See that the user shows up in the table.
2025-03-10 08:34:28 -07:00
2bdc415068 website: bump the build group across 1 directory with 9 updates (#13442)
Bumps the build group with 9 updates in the /website directory:

| Package | From | To |
| --- | --- | --- |
| [lightningcss-darwin-arm64](https://github.com/parcel-bundler/lightningcss) | `1.29.1` | `1.29.2` |
| [lightningcss-linux-arm64-gnu](https://github.com/parcel-bundler/lightningcss) | `1.29.1` | `1.29.2` |
| [lightningcss-linux-x64-gnu](https://github.com/parcel-bundler/lightningcss) | `1.29.1` | `1.29.2` |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.7` | `1.11.8` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.7` | `1.11.8` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.7` | `1.11.8` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.7` | `1.11.8` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.7` | `1.11.8` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.7` | `1.11.8` |



Updates `lightningcss-darwin-arm64` from 1.29.1 to 1.29.2
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/commits/v1.29.2)

Updates `lightningcss-linux-arm64-gnu` from 1.29.1 to 1.29.2
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/commits/v1.29.2)

Updates `lightningcss-linux-x64-gnu` from 1.29.1 to 1.29.2
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/commits/v1.29.2)

Updates `@swc/core-darwin-arm64` from 1.11.7 to 1.11.8
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.7...v1.11.8)

Updates `@swc/core-linux-arm64-gnu` from 1.11.7 to 1.11.8
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.7...v1.11.8)

Updates `@swc/core-linux-x64-gnu` from 1.11.7 to 1.11.8
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.7...v1.11.8)

Updates `@swc/html-darwin-arm64` from 1.11.7 to 1.11.8
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.7...v1.11.8)

Updates `@swc/html-linux-arm64-gnu` from 1.11.7 to 1.11.8
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.7...v1.11.8)

Updates `@swc/html-linux-x64-gnu` from 1.11.7 to 1.11.8
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.7...v1.11.8)

---
updated-dependencies:
- dependency-name: lightningcss-darwin-arm64
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: lightningcss-linux-arm64-gnu
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: lightningcss-linux-x64-gnu
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-08 20:15:38 +00:00
547e5be7a2 core: bump django from 5.0.12 to 5.0.13 (#13425)
Bumps [django](https://github.com/django/django) from 5.0.12 to 5.0.13.
- [Commits](https://github.com/django/django/compare/5.0.12...5.0.13)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-08 20:15:16 +00:00
1bc99e48e0 providers/SCIM: fix object exists error for users, attempt to look up user ID in remote system (#13437)
* providers/scim: handle ObjectExistsSyncException when filtering is supported by remote system

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: correctly check for backchannel application in SCIM view page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated: fix missing ignore paths in codespell

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-07 23:07:47 +00:00
349f66e53c website/docs: sys mgmt: document authentik backups/restoration (#12943)
* init

Signed-off-by: Dominic R <dominic@sdko.org>

* docs: sys mgmt: add backup documentation

* adapt command as you're already as root in postgres from what I tested and this is the easiest no-config-change solution that works

* Marc's comment

* href continuous archiving for pg

* add to sidebar

* restore documentation

* tana is gonna yell at me

* start

* static directories table fix my mess

* Update website/docs/sys-mgmt/ops/backup-restore.md

Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/docs/sys-mgmt/ops/backup-restore.md

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-03-07 15:16:40 -06:00
9e0a9f4eee website: fix build in docker (#13430)
* website: fix build in docker

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* sigh

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-07 18:10:34 +00:00
727404c9a4 website/integrations: zipline: add (#13257)
* wip

* Update website/integrations/services/zipline/index.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-03-07 16:36:47 +00:00
0fa4637640 translate: Updates for file web/xliff/en.xlf in fr (#13431)
Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-07 12:38:06 +00:00
afdf830e8a lifecycle/aws: bump aws-cdk from 2.1002.0 to 2.1003.0 in /lifecycle/aws (#13426)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1002.0 to 2.1003.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1003.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-07 12:58:28 +01:00
7ab636e103 translate: Updates for file web/xliff/en.xlf in zh_CN (#13428)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-07 12:46:15 +01:00
4efb4d6191 translate: Updates for file web/xliff/en.xlf in zh-Hans (#13429)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-07 12:46:08 +01:00
b855d98b78 core, web: update translations (#13423)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-07 01:32:39 +01:00
354634cdf4 website: add a better edit this page element (#13391)
website/docs: Flesh out contributor footer.

Co-authored-by: Teffen Ellis <teffen@nirri.us>
2025-03-06 19:27:57 +00:00
319f2ef8d1 web/admin: allow user lists to show active only (#13403)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/admin: allow admins to show only active users in Group assignments

## What

Adds a flag and a visible control to the "Add users to groups" dialog to limit the users
shown to only those marked as "active."

## Why

Requested, it was small, it made sense, and it was fairly trivial to implement.  All the
infrastructure already existed.

## Testing

- Ensure you have both "active" and "inactive" users in your sample group.
- Visit Groups -> (One Group) -> Users ->. Click "Add existing user."  Click the `+` symbol.
- A new toggle control, "Show inactive users," should now be visible.
- Click it and note whether or not the visible display corresponds to the stote of the control.

## Note

This commit does not address the second half of the request, "... the ability to add more than one
user to an entitlement." We recommend that if you have a group of people who correspond to a given
entitlement that you create a named group for them.

## Related Issue:

- [Hide disabled users when adding users to a group or entitlement
  #12653](https://github.com/goauthentik/authentik/issues/12653)

* Provided an explanation for the odd expression around `CoreApi.coreUsersList:isActive`

* Use logical CSS; give  room to expand

* Disambiguate variable names
2025-03-06 10:44:19 -08:00
cf58c5617a core: Tidy contributor onboarding, fix typos. (#12700)
core: Tidy contributor onboarding.

- Fixes typos.
- Fixes stale links.
- Tidies Makefile so that Poetry env is optional for hygiene commands.
- Remove mismatched YAML naming.
- Uses shebang on Python scripts.
- Document semver usage.
- Redirect OpenAPI schema.

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
2025-03-06 18:34:54 +00:00
71344d0b6a translate: Updates for file web/xliff/en.xlf in zh-Hans (#13418)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-06 19:03:09 +01:00
696db2ae05 translate: Updates for file web/xliff/en.xlf in zh_CN (#13417)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-06 19:03:04 +01:00
f08da8f295 lib/config: fix conn_max_age parsing (#13370)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-06 13:53:09 +00:00
89106c8131 core: bump golang.org/x/sync from 0.11.0 to 0.12.0 (#13407)
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/sync/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 12:15:37 +00:00
f6b0eecde7 stages/authenticator_email: Fix Enroll dropdown in the MFA Devices page (#13404)
Implement missing ui_user_settings() in AuthenticatorEmailStage
2025-03-06 12:15:15 +00:00
4ca151ee14 core: bump golang.org/x/oauth2 from 0.27.0 to 0.28.0 (#13408)
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.27.0 to 0.28.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.27.0...v0.28.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 12:14:21 +00:00
f66fea4b0a core: bump aws-cdk-lib from 2.181.1 to 2.182.0 (#13409)
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.181.1 to 2.182.0.
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.md)
- [Commits](https://github.com/aws/aws-cdk/compare/v2.181.1...v2.182.0)

---
updated-dependencies:
- dependency-name: aws-cdk-lib
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 12:14:14 +00:00
6d8dc4ac43 core: bump google-api-python-client from 2.162.0 to 2.163.0 (#13410)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.162.0 to 2.163.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.162.0...v2.163.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 12:13:48 +00:00
04982c8147 core: bump msgraph-sdk from 1.22.0 to 1.23.0 (#13411)
Bumps [msgraph-sdk](https://github.com/microsoftgraph/msgraph-sdk-python) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/microsoftgraph/msgraph-sdk-python/releases)
- [Changelog](https://github.com/microsoftgraph/msgraph-sdk-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/microsoftgraph/msgraph-sdk-python/compare/v1.22.0...v1.23.0)

---
updated-dependencies:
- dependency-name: msgraph-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 12:13:25 +00:00
2ab68480a0 core: bump jinja2 from 3.1.5 to 3.1.6 (#13412)
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.5...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-06 12:13:01 +00:00
248d9e48bb web/user: ensure modal container on user-settings page is min-height: 100% (#13402)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/admin: ensure modal container on user-settings page is min-height: 100%

## What

Add a min-height and auto-scroll directives to the CSS for the main section of the user-settings
page.

```
+                .pf-c-page__main {
+                    min-height: 100vw;
+                    overflow-y: auto;
```

## Why

Without this, Safari refused to render any pop-up modals that were "centered" on the viewport but
were "beneath" the rendered content space of the container. As a result, users could not create new
access tokens or app passwords. This is arguably incorrect behavior on Safari's part, but 🤷‍♀️.
Adding `overflow-y: auto` on the container means that if the page is not long enough to host the
pop-up, it will be accessible via scrolling.

## Testing

- Using Safari, Visit the User->User Settings, click "Tokens and App Passwords" tab, and click
  "Create Token" or "Create App Password"
- Observe that the dialog is now accessible.

## Related Issue:

- [Unable to create API token in Safari
  #12891](https://github.com/goauthentik/authentik/issues/12891)

* Fix a really stupid typo.
2025-03-06 12:10:28 +00:00
e58e4bdbae core, web: update translations (#13405)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-06 11:43:27 +01:00
a07ce35985 web/admin: add button to clear application cache (#13399)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-05 20:23:10 +01:00
cfe275a374 blueprints: Adjust title for MFA set up (#13400)
web/blueprints: Adjust copy.
2025-03-05 20:21:49 +01:00
7f474cde19 web/admin: fix markdown being completely whited out in dark mode on proxy provider pages (#13387)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/admin: fix markdown being completely whited out in dark mode on proxy provider pages

## What

Removed the `pf-m-light` hard-code specification from the wrapper for Markdown.

## Why

Color themes backed with CSS custom properties are vulnerable to overspecification, and that's what
this class did; overspecified the background color to always be in "light mode," which the Markdown
component then inherited.

## Testing

Create a proxy provider page for Forward Auth Proxy (Domain-Level). Using the browser's inspector,
choose the "Styles" tab and click on the paintbrush. Alternate between dark mode and light, and
observe that the styled markdown is changing color along with the rest of the application.

## Related Issue:

- [Proxy Provider setup section completely whited out.
  #13335](https://github.com/goauthentik/authentik/issues/13335)

* web/admin: use card background color directly when not in dark mode
2025-03-05 08:39:45 -08:00
0597a3450b web/admin: decorative display in user’s page breaks in other locales (#13393)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web/admin: decorative display in user's page breaks in other locales

## What

Move the decorations out of the display string and make them part of the presentation instead:

```
- <small>${item.name === "" ? msg("<No name set>") : item.name}</small>
+ <small>${item.name ? item.name : html`&lt;${msg("No name set")}&gt;`}</small>
```

Also a bit of logic re-arrangement; whenever possible, try to put the fallback condition in the
secondary position. A ternary is appropriate here; the nullish coalescing operator (`??`) is not
triggered by an empty string.

## Why

The decorations are being misinterpreted as HTML markers. The localization function re-interprets
the ampersand a second time, creating the string `&amp;lt;No name set&amp;gt;.

## Testing

- Visit the user administration page in English mode:
  http://localhost:9000/if/admin/#/identity/users
- Create a user but do NOT fill in the Name field (the second field, which lacks an asterisk
  indicating "required.")
- Note that the user shows up, and `<No name set>` is displayed for the user's display name.
- Visit the user administration page in French mode:
  http://localhost:9000/if/admin/?locale=fr#/identity/users
- Note that the user shows up, and `<No name set>` (or, if the field is translated, "Aucun nom
  spécifié") is displayed for the user's display name.

## Related Issue:

- [Users list wrong display when Locale is not "EN - English"
  #12951](https://github.com/goauthentik/authentik/issues/12951)
2025-03-05 16:37:34 +00:00
8191b90126 website: bump the build group in /website with 6 updates (#13396)
Bumps the build group in /website with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.11.5` | `1.11.7` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.5` | `1.11.7` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.5` | `1.11.7` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.11.5` | `1.11.7` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.11.5` | `1.11.7` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.11.5` | `1.11.7` |


Updates `@swc/core-darwin-arm64` from 1.11.5 to 1.11.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.5...v1.11.7)

Updates `@swc/core-linux-arm64-gnu` from 1.11.5 to 1.11.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.5...v1.11.7)

Updates `@swc/core-linux-x64-gnu` from 1.11.5 to 1.11.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.5...v1.11.7)

Updates `@swc/html-darwin-arm64` from 1.11.5 to 1.11.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.5...v1.11.7)

Updates `@swc/html-linux-arm64-gnu` from 1.11.5 to 1.11.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.5...v1.11.7)

Updates `@swc/html-linux-x64-gnu` from 1.11.5 to 1.11.7
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.11.5...v1.11.7)

---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-05 14:27:39 +00:00
2613a5da4b core: bump github.com/prometheus/client_golang from 1.21.0 to 1.21.1 (#13397)
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.21.0 to 1.21.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.21.0...v1.21.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-05 14:27:31 +00:00
2c4dd232a1 core: bump debugpy from 1.8.12 to 1.8.13 (#13395)
Bumps [debugpy](https://github.com/microsoft/debugpy) from 1.8.12 to 1.8.13.
- [Release notes](https://github.com/microsoft/debugpy/releases)
- [Commits](https://github.com/microsoft/debugpy/compare/v1.8.12...v1.8.13)

---
updated-dependencies:
- dependency-name: debugpy
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-05 13:23:41 +01:00
6b5c11ccfd website/docs: Update Open Web UI integration (#13392)
website/docs: Update Open Web UI integration with note about adding users and updating URL

Signed-off-by: Rami-Pastrami <25966197+Rami-Pastrami@users.noreply.github.com>
2025-03-04 14:01:01 -06:00
a0b3d37b4a website/integrations: gravity: add (#13258)
* wip

* Update index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dominic R <dominic@sdko.org>

* wip

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-03-04 13:21:39 -06:00
56eca6dc8f website/integrations: Pocketbase (#12906)
* fix conflicts

* Update models.py

Signed-off-by: NiceDevil <17103076+nicedevil007@users.noreply.github.com>

---------

Signed-off-by: NiceDevil <17103076+nicedevil007@users.noreply.github.com>
Co-authored-by: nicedevil007 <nicedevil007@users.noreply.github.com>
2025-03-04 12:58:51 -06:00
0377da2779 ci: cache helper docker images (#13390)
* ci: cache helper docker images

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* pin redis image

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* ci trigger

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-04 18:41:59 +00:00
b16c67cc82 providers/proxy: kubernetes outpost: fix reconcile when only annotations changed (#13372)
* providers/proxy: kubernetes outpost: fix reconcile when only annotations changed

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fixup

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-04 16:40:21 +01:00
28f55635be website: bump the build group in /website with 3 updates (#13381)
Bumps the build group in /website with 3 updates: [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack), [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) and [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack).


Updates `@rspack/binding-darwin-arm64` from 1.2.6 to 1.2.7
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.2.7/packages/rspack)

Updates `@rspack/binding-linux-arm64-gnu` from 1.2.6 to 1.2.7
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.2.7/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.2.6 to 1.2.7
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.2.7/packages/rspack)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-04 13:50:19 +00:00
8d4b2610b1 core, web: update translations (#13378)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-04 13:44:49 +01:00
419cf80469 web/admin: prefer using datefns over moment.js (#13143)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* ## What

Replaces `moment.js` with `date-fns` as a runtime dependency for Chart.js and other features
requiring date manipulation libraries. `date-fns` (and `chartjs-adapter-date-fns`) provides a 1:1
compatible API with Moment.js, is significantly faster and smaller. Moment.js adds
74KB to our bundle; in constrast, using DateFns adds only 18KB.

## Why

[Because ChartJS recommends it](https://github.com/chartjs/chartjs-adapter-moment#overview), and
because DateFns are easier to import and use.

It's worth noting that chartjs-adapter-date-fns was last updated three years ago, but
chartjs-adapter-moment was last updated *four* years ago. Both can be considered stable at this
point, so this cannot be considered an untested swap.

## Testing

1. In the *built* version of the product, assert that in the `./dist/admin/*` folder, no instance of
   `node_modules/moment` is included. `grep "node_modules/moment" ./dist/admin/*` is sufficient for
   this. On the other hand, searching for `date-fns` will get you entries in the maps:

```
// ... many lines of date-fns inclusion; this is near the end, to show the chartjs adapter is
// also included.
admin/chunk-TRZMFVHL.js:// node_modules/date-fns/startOfSecond.js
admin/chunk-TRZMFVHL.js:// node_modules/date-fns/parseISO.js
admin/chunk-TRZMFVHL.js:// node_modules/chartjs-adapter-date-fns/dist/chartjs-adapter-date-fns.esm.js
admin/chunk-TRZMFVHL.js:  _id: "date-fns",
admin/chunk-TRZMFVHL.js:chartjs-adapter-date-fns/dist/chartjs-adapter-date-fns.esm.js:
```

2. Visually inspect and assert that the graphs in Dashboard➜Overview, User➜Statistics, and
   Directory➜Users➜A User are functioning unchanged.

## Documentation Changes Required

None.  No developer or user documentation changes are required.

---------

Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-03 20:11:24 +00:00
632dc4b1b2 website/docs: fix typo (#13377)
Signed-off-by: Elijah Passmore <eljpsm@eljpsm.com>
2025-03-03 20:10:30 +00:00
93cfa64f5a stages/authenticator_email: remove flaky assertions (#13371)
* stages/authenticator_email: try fixing flaky tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* ci trigger

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* remove flaky assertions

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-03-03 17:23:39 +01:00
fa8f9d4017 translate: Updates for file web/xliff/en.xlf in fr (#13374)
* Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

* Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-03 16:20:56 +00:00
d4c0696a8c translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#13373)
Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-03 16:18:10 +00:00
20635a8cc6 website: bump typescript from 5.7.3 to 5.8.2 in /website (#13368)
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.7.3 to 5.8.2.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.7.3...v5.8.2)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 15:09:17 +00:00
c621ac0a6f lifecycle/aws: bump aws-cdk from 2.1001.0 to 2.1002.0 in /lifecycle/aws (#13365)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1001.0 to 2.1002.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1002.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 14:31:43 +00:00
0487c8d0f5 website: bump the build group in /website with 11 updates (#13367)
Bumps the build group in /website with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [@rspack/binding-linux-arm64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.1.6` | `1.2.6` |
| [@rspack/binding-linux-x64-gnu](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) | `1.1.6` | `1.2.6` |
| [lightningcss-darwin-arm64](https://github.com/parcel-bundler/lightningcss) | `1.28.2` | `1.29.1` |
| [lightningcss-linux-arm64-gnu](https://github.com/parcel-bundler/lightningcss) | `1.28.2` | `1.29.1` |
| [lightningcss-linux-x64-gnu](https://github.com/parcel-bundler/lightningcss) | `1.28.2` | `1.29.1` |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc) | `1.10.1` | `1.11.5` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.10.1` | `1.11.5` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc) | `1.10.1` | `1.11.5` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc) | `1.10.1` | `1.11.5` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc) | `1.10.1` | `1.11.5` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc) | `1.10.1` | `1.11.5` |


Updates `@rspack/binding-linux-arm64-gnu` from 1.1.6 to 1.2.6
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.2.6/packages/rspack)

Updates `@rspack/binding-linux-x64-gnu` from 1.1.6 to 1.2.6
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.2.6/packages/rspack)

Updates `lightningcss-darwin-arm64` from 1.28.2 to 1.29.1
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/commits)

Updates `lightningcss-linux-arm64-gnu` from 1.28.2 to 1.29.1
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/commits)

Updates `lightningcss-linux-x64-gnu` from 1.28.2 to 1.29.1
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/commits)

Updates `@swc/core-darwin-arm64` from 1.10.1 to 1.11.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.10.1...v1.11.5)

Updates `@swc/core-linux-arm64-gnu` from 1.10.1 to 1.11.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.10.1...v1.11.5)

Updates `@swc/core-linux-x64-gnu` from 1.10.1 to 1.11.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.10.1...v1.11.5)

Updates `@swc/html-darwin-arm64` from 1.10.1 to 1.11.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.10.1...v1.11.5)

Updates `@swc/html-linux-arm64-gnu` from 1.10.1 to 1.11.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.10.1...v1.11.5)

Updates `@swc/html-linux-x64-gnu` from 1.10.1 to 1.11.5
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.10.1...v1.11.5)

---
updated-dependencies:
- dependency-name: "@rspack/binding-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@rspack/binding-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: lightningcss-darwin-arm64
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: lightningcss-linux-arm64-gnu
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: lightningcss-linux-x64-gnu
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/core-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 14:31:07 +00:00
37511f07a0 ci: bump getsentry/action-release from 1 to 3 (#13366)
Bumps [getsentry/action-release](https://github.com/getsentry/action-release) from 1 to 3.
- [Release notes](https://github.com/getsentry/action-release/releases)
- [Changelog](https://github.com/getsentry/action-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/action-release/compare/v1...v3)

---
updated-dependencies:
- dependency-name: getsentry/action-release
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 13:30:05 +00:00
7840a3b52a website: bump @rspack/binding-darwin-arm64 from 1.1.6 to 1.2.6 in /website (#13354)
* website: bump @rspack/binding-darwin-arm64 in /website

Bumps [@rspack/binding-darwin-arm64](https://github.com/web-infra-dev/rspack/tree/HEAD/packages/rspack) from 1.1.6 to 1.2.6.
- [Release notes](https://github.com/web-infra-dev/rspack/releases)
- [Commits](https://github.com/web-infra-dev/rspack/commits/v1.2.6/packages/rspack)

---
updated-dependencies:
- dependency-name: "@rspack/binding-darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* group it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-03 13:25:09 +00:00
787e9e05e4 core, web: update translations (#13346)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-03 13:22:51 +00:00
3c14b8931f translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#13348)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-03 13:22:27 +00:00
e3f1d259cf translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13347)
Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-03 13:22:11 +00:00
3d981f9391 translate: Updates for file web/xliff/en.xlf in zh-Hans (#13349)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-03 13:21:41 +00:00
ba1c919781 translate: Updates for file web/xliff/en.xlf in zh_CN (#13350)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-03-03 13:21:28 +00:00
38696d4bd9 ci: update versions for daily full testing (#13303)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-03 13:18:20 +00:00
7213a1f27a website: bump prettier from 3.5.2 to 3.5.3 in /website (#13355)
Bumps [prettier](https://github.com/prettier/prettier) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.5.2...3.5.3)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 13:13:59 +00:00
34b5a51990 core: bump ruff from 0.9.8 to 0.9.9 (#13359)
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.9.8 to 0.9.9.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.8...0.9.9)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 13:13:49 +00:00
79e779b339 ci: bump docker/setup-qemu-action from 3.5.0 to 3.6.0 (#13360)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 13:13:18 +00:00
2a35b13ad6 core: bump cryptography from 44.0.1 to 44.0.2 (#13361)
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.1 to 44.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/44.0.1...44.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 13:13:07 +00:00
3754f27275 core: bump pytest from 8.3.4 to 8.3.5 (#13362)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.3.4 to 8.3.5.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/8.3.4...8.3.5)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 13:12:47 +00:00
b0547844b9 core: bump goauthentik.io/api/v3 from 3.2025021.1 to 3.2025021.2 (#13363)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2025021.1 to 3.2025021.2.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2025021.1...v3.2025021.2)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-03 13:12:19 +00:00
1b5abd3a3a core, web: update translations (#13339)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-02 19:16:42 +00:00
8244c2340a web: bump API Client version (#13336)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-01 19:47:35 +00:00
28080595d0 core, web: update translations (#13328)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-03-01 19:47:07 +00:00
3999aa96fb stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#13330)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-03-01 19:46:11 +00:00
b5a8957720 lib/sync/outgoing: add dry run (#13244)
* lib/sync/outgoing: add dry run

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add option to temporarily override dry run

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web a

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* web b

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add dry run label

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add support for entra too

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add entra test and improve error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-01 19:44:17 +00:00
9b01213990 website: bump remark-directive from 3.0.1 to 4.0.0 in /website (#13315)
Bumps [remark-directive](https://github.com/remarkjs/remark-directive) from 3.0.1 to 4.0.0.
- [Release notes](https://github.com/remarkjs/remark-directive/releases)
- [Commits](https://github.com/remarkjs/remark-directive/compare/3.0.1...4.0.0)

---
updated-dependencies:
- dependency-name: remark-directive
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-01 19:43:01 +00:00
ae64d9f0fd *: fix stage incorrectly being inserted instead of appended (#13304)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-28 22:53:10 +00:00
ea55083929 enterprise/stages/source: fix dispatch method signature (#13321)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-28 21:43:05 +00:00
786c38b4cc website: Revert "website: revert enable docusaurus faster option (#12326) (#13207)" (#13323)
Revert "website: revert enable docusaurus faster option (#12326) (#13207)"

This reverts commit f2e1b6d466.
2025-02-28 21:34:43 +00:00
60521d89cb website/docs: enterprise: add instructions to cancel license renewal (#13320)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-02-28 11:05:31 -06:00
7e7fc75e77 providers/oauth2: properly support P-384 and P-521 keys (#13317)
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-02-28 16:50:14 +01:00
d0d46299d2 core: bump aws-cdk-lib from 2.181.0 to 2.181.1 (#13313)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-28 13:01:57 +01:00
e025eabdef core: bump ruff from 0.9.7 to 0.9.8 (#13312)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-28 13:01:47 +01:00
44238e6372 core: bump goauthentik.io/api/v3 from 3.2025020.1 to 3.2025021.1 (#13314)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-28 12:37:21 +01:00
be986c8474 core, web: update translations (#13311)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-02-28 12:20:21 +01:00
afb3623622 website/integrations: Add documentation for Drupal (#12925)
* Add documentation for Drupal

* Alter headings

* address feedback

* address feedback

* address feedback

* Update website/integrations/services/drupal/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sally Young <github@justa.fish>

* Update website/integrations/services/drupal/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sally Young <github@justa.fish>

* Update website/integrations/services/drupal/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sally Young <github@justa.fish>

* Update website/integrations/services/drupal/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sally Young <github@justa.fish>

* Update website/integrations/services/drupal/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sally Young <github@justa.fish>

* Update website/integrations/services/drupal/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sally Young <github@justa.fish>

* Update website/integrations/services/drupal/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Sally Young <github@justa.fish>

* address feedback

* address feedback and fix tests

---------

Signed-off-by: Sally Young <github@justa.fish>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-02-28 01:30:42 -06:00
5eb6d62c9c web: ESBuild performance + Live reload (#13026)
* web: Silence ESBuild warning.

* web: Flesh out live reload. Tidy ESBuild.

---------

Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
2025-02-27 18:35:56 +01:00
2c802cad63 ci: translation extraction: make sure API client is up-to-date (#13301)
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-02-27 16:44:33 +00:00
c24fd618f5 website/integrations: fix netbox env variables (#13267)
Update index.md

I updated SOCIAL_AUTH_OIDC_SCOPE so it can dynamically be updated in Docker vs authentik.py.  

SOCIAL_AUTH_OIDC_ENDPOINT needs to be SOCIAL_AUTH_OIDC_OIDC_ENDPOINT.  I found the correct variable in venv/lib/python3.12/site-packages/social_core/backends/open_id_connect.py.

Signed-off-by: dustindkoch <63759985+dustindkoch@users.noreply.github.com>
2025-02-27 05:59:57 -06:00
c36434bfc8 *: Auto compress images (#13250)
[create-pull-request] automated change

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: tanberry <9368837+tanberry@users.noreply.github.com>
2025-02-27 11:34:30 +00:00
1751d0ce17 core: bump msgraph-sdk from 1.21.0 to 1.22.0 (#13259)
Bumps [msgraph-sdk](https://github.com/microsoftgraph/msgraph-sdk-python) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/microsoftgraph/msgraph-sdk-python/releases)
- [Changelog](https://github.com/microsoftgraph/msgraph-sdk-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/microsoftgraph/msgraph-sdk-python/compare/v1.21.0...v1.22.0)

---
updated-dependencies:
- dependency-name: msgraph-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-27 11:31:28 +00:00
7c386da474 core: bump google-api-python-client from 2.161.0 to 2.162.0 (#13260)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.161.0 to 2.162.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.161.0...v2.162.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-27 11:31:18 +00:00
b8112de172 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#13293)
Translate django.po in zh-Hans

100% translated source file: 'django.po'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-02-27 11:22:13 +00:00
a2644ca865 core: bump aws-cdk-lib from 2.180.0 to 2.181.0 (#13284)
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.180.0 to 2.181.0.
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.md)
- [Commits](https://github.com/aws/aws-cdk/compare/v2.180.0...v2.181.0)

---
updated-dependencies:
- dependency-name: aws-cdk-lib
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-27 11:21:57 +00:00
a036513669 core, web: update translations (#13282)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-02-27 11:21:11 +00:00
44809b8d26 lifecycle/aws: bump aws-cdk from 2.1000.3 to 2.1001.0 in /lifecycle/aws (#13283)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1000.3 to 2.1001.0.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1001.0/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-27 11:21:02 +00:00
73b21a01d1 ci: bump docker/setup-qemu-action from 3.4.0 to 3.5.0 (#13287)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-27 11:20:55 +00:00
1e66a23172 translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13290)
* Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

* Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

* Translate locale/en/LC_MESSAGES/django.po in zh_CN

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-02-27 11:20:26 +00:00
44c50157b7 translate: Updates for file web/xliff/en.xlf in zh_CN (#13291)
Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-02-27 11:19:36 +00:00
ab631e6d9b translate: Updates for file web/xliff/en.xlf in zh-Hans (#13292)
Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-02-27 11:19:26 +00:00
043e57ab2b web: bump API Client version (#13295)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-02-27 11:13:47 +00:00
989d39b154 release: 2025.2.1 (#13278) 2025-02-27 10:55:18 +00:00
1ed6999994 website/docs: Fix Docusaurus plugin regression in Algolia search (#13281)
website/docs: Fix Docusaurus plugin regression.

- Introduced via https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/issues/1096
2025-02-26 22:39:32 +00:00
3bc8dd40d5 website/docs: prepare for 2025.2.1 (#13277) 2025-02-26 20:14:56 +00:00
802d6a548c translate: Updates for file web/xliff/en.xlf in fr (#13275)
* Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

* Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

---------

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-02-26 19:56:18 +00:00
f82c6eda58 translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#13274)
Translate locale/en/LC_MESSAGES/django.po in fr

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2025-02-26 19:51:17 +00:00
05cc64c434 stages/email: Fix email stage serialization (#13256)
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2025-02-26 19:30:48 +00:00
a22b558143 stages/authenticator_email: fix session cleanup test b (#13264) 2025-02-26 20:09:39 +01:00
bb2b6d163b website/docs: remove Enterprise badge from RAC docs -- again (#13268)
remove Enterprise badge from RAC docs

Again. Changes conflicted in d5572a2570 and a714c781a6.
2025-02-26 17:01:10 +01:00
199a2ff11a ci: fix translation extraction for external PRs (#13266) 2025-02-26 13:17:15 +00:00
cc0659168d website/docs: add enterprise label to SSF docs (#13251)
* added Enterprise label

* fix date to be semantic version

* added Ent label, for real this time

* add Ent to procedural page too

---------

Co-authored-by: Tana M Berry <tana@goauthentik.com>
2025-02-25 18:43:39 +01:00
805332061b website/integrations: add plesk (#13000)
* website: add plesk integration

* fix: pr feedback

* fix: pr feedback

* fix: pr feedback
2025-02-25 09:11:31 -06:00
aa340fbfe0 core: add pre-hydrated relative URL (#13243)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-25 10:05:34 +01:00
91572b8621 lifecycle: add warning regarding supported installation methods (#13190)
* wip

* wip

* wip

* Apply suggestions from code review

Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens L. <jens@beryju.org>
2025-02-25 09:25:22 +01:00
080d31f189 ci: run translation extraction on PRs too (#13214) 2025-02-25 09:23:46 +01:00
15b59594e2 core: bump golang.org/x/oauth2 from 0.26.0 to 0.27.0 (#13240)
* core: bump golang.org/x/oauth2 from 0.26.0 to 0.27.0

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.26.0 to 0.27.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* tidy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-02-25 08:33:32 +01:00
b4e295a14a web/admin: fix minor typo (#13181)
Fix typo

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-25 07:48:04 +01:00
b590b6be44 core: bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 (#13235)
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.2 to 4.0.5.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.2...v4.0.5)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-25 07:47:11 +01:00
15ee3d3566 core, web: update translations (#13236)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
2025-02-25 07:47:01 +01:00
aea6c7adbe lifecycle/aws: bump aws-cdk from 2.1000.2 to 2.1000.3 in /lifecycle/aws (#13239)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1000.2 to 2.1000.3.
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1000.3/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-25 07:46:15 +01:00
42a2337200 core: bump goauthentik.io/api/v3 from 3.2024123.7 to 3.2025020.1 (#13241)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2024123.7 to 3.2025020.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2024123.7...v3.2025020.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-25 07:46:03 +01:00
ffdd49e176 website: remove images from integrations index page (#12897)
* remove img

Signed-off-by: Dominic R <dominic@sdko.org>

* Delete website/integrations/sources-logo.png

Signed-off-by: Dominic R <dominic@sdko.org>

* Delete website/integrations/apps-logo.png

Signed-off-by: Dominic R <dominic@sdko.org>

---------

Signed-off-by: Dominic R <dominic@sdko.org>
2025-02-24 13:06:56 -06:00
b41231141c web: bump API Client version (#13226)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-02-24 18:42:08 +01:00
88d3b7f5a4 website/docs: Add Passkeys reference where WebAuthn is mentioned (#13167)
* Add Passkeys reference in several parts where WebAuthn is mentioned for better docs UX and SEO)

* Add version badge to Webauthn / passkeys authenticator

* fix linting issues

* Better wording to differenciate concepts

* Revert to css class for version badge because the ak-version tag don't support versions=<2023
2025-02-24 14:41:08 -03:00
2b39748c84 root: Backport version 2025.2 (#13225)
* release: 2025.2.0-rc1

* release: 2025.2.0-rc2

* release: 2025.2.0-rc3

* release: 2025.2.0
2025-02-24 18:35:13 +01:00
93b93517be website/docs: fix missing breaking entry for 2025.2 release notes (#13223)
* website/docs: fix missing breaking entry for 2025.2 release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update website/docs/releases/2025/v2025.2.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-02-24 16:46:58 +01:00
6da55dc8aa website/docs: update the 2025.2 rel notes (#13213)
* removed rc notice, added links to docs

* remved todo about SSF preview banner

* update sidebar and security

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add api diff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix link

* bolded H3s

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-02-24 16:01:31 +01:00
b93dc48030 core: bump aws-cdk-lib from 2.179.0 to 2.180.0 (#13204)
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.179.0 to 2.180.0.
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.md)
- [Commits](https://github.com/aws/aws-cdk/compare/v2.179.0...v2.180.0)

---
updated-dependencies:
- dependency-name: aws-cdk-lib
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-24 15:35:08 +01:00
7aba4b0c01 website/docs: add paragraph about impossible travel (#13125)
* drafty draft

* polish

* tweak

* redraft with new knowledge

* more facts, less fiction

* polish

* tweak to bump build

* Update website/docs/customize/policies/index.md

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
2025-02-24 13:41:47 +00:00
d5572a2570 website/docs: remove Enterprise badge from RAC docs (#13069)
remove Enterprise badge from RAC docs

See https://github.com/goauthentik/authentik/pull/13015

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-02-24 12:58:37 +00:00
55b1ddff6e website/docs: remove mention of wizard (#13126)
* first pass at removing wizard

* missed one

* Replaced the word modal wth the word box or simply rewrote to avoid saying modal.

* typo

---------

Co-authored-by: Tana M Berry <tana@goauthentik.com>
2025-02-24 06:54:42 -06:00
77c913bfd3 stages/authenticator_email: Email Authenticator Stage Documentation (#12853)
* stages/authenticator_email: Add initial documentation for Email Authenticator Stage

* fix linting/styling

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>

* rearranged to match the UI

* fix my broken links

* Tweak Emil Authenticator stage, also capitalize names of other stages

* final tweaks

* Add authenticator_validate for Email Authenticator in authenticator_validate documentation

* add version badge

* Fix broken links (.md -> .mdx)

---------

Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
2025-02-24 06:54:06 -06:00
69b80e5bb5 website/docs: add info about new perms for super-user in groups (#13188)
* try again

* Update website/docs/users-sources/groups/manage_groups.mdx

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
2025-02-24 06:33:25 -06:00
ba63399a7b website/docs: add new SSF provider docs (#13102)
* website/docs/add-secure-apps/providers/sff/index.md

* draft

* dir name

* added procedural

* first draft for review

* tweak

* tweak

* backchannel info

* tweak

* edits form Ken and Dominic

* not sure

* tweak to rebuild

* tweak

* added finishing sentence

* tweaks

* typos

---------

Co-authored-by: Tana M Berry <tana@goauthentik.com>
2025-02-24 06:32:32 -06:00
86893d83b8 website/docs: updated debugging docs (#12809)
* lifecycle: much improved debugging experience

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Optimised images with calibre/image-actions

* start documenting container debugging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add user: root

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update example override file

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update env var

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2025-02-24 06:17:46 -06:00
85ab201803 web/user: fix display for RAC tile (#13211)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-24 12:18:07 +01:00
2c96b24b62 web/flow: fix translate extract (#13208)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-24 11:48:40 +01:00
1f2cbca833 website: bump prettier from 3.5.1 to 3.5.2 in /website (#13192)
Bumps [prettier](https://github.com/prettier/prettier) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.5.1...3.5.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-24 09:55:54 +01:00
c2db998041 core: bump setproctitle from 1.3.4 to 1.3.5 (#13202)
Bumps [setproctitle](https://github.com/dvarrazzo/py-setproctitle) from 1.3.4 to 1.3.5.
- [Changelog](https://github.com/dvarrazzo/py-setproctitle/blob/master/HISTORY.rst)
- [Commits](https://github.com/dvarrazzo/py-setproctitle/compare/version-1.3.4...version-1.3.5)

---
updated-dependencies:
- dependency-name: setproctitle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-24 09:55:18 +01:00
18a70e93a1 core: bump psycopg from 3.2.4 to 3.2.5 (#13203)
Bumps [psycopg](https://github.com/psycopg/psycopg) from 3.2.4 to 3.2.5.
- [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst)
- [Commits](https://github.com/psycopg/psycopg/compare/3.2.4...3.2.5)

---
updated-dependencies:
- dependency-name: psycopg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-24 09:55:08 +01:00
3123b3ac5e core: bump github.com/redis/go-redis/v9 from 9.7.0 to 9.7.1 (#13205)
Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) from 9.7.0 to 9.7.1.
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/redis/go-redis/compare/v9.7.0...v9.7.1)

---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/v9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-24 09:52:19 +01:00
f2e1b6d466 website: revert enable docusaurus faster option (#12326) (#13207)
Revert "website: enable docusaurus faster option (#12326)"

This reverts commit 46303cc59f.
2025-02-24 09:34:06 +01:00
6bcacd744b core: add darkreader-lock (#13183)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-23 04:22:29 +01:00
e5af964d9d web/admin: fix default selection for binding policy (#13180)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-23 04:05:36 +01:00
122b95197b web/flows: disambiguate brand links codeblock (#12141)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* web/legible/disambiguate-footer-links

# What

- Replaces the "brand links" box at the bottom of FlowExecutor with a component for showing brand
  links.

# Why

- Confusion arose about what "footer links" mean in any given context, and breaking this out,
  labeling it "brand-links," reduces that confusion. It also isolates and reduces the testable
  surface area of the Executor.

* rename

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simplify

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-02-23 01:26:29 +01:00
8d4e7f5d55 web/flow: grab focus to uid input field (#13177)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-23 00:29:31 +01:00
9d32ba261a web/flow: update default flow background (#13175)
* web/flow: update default flow background

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Optimised images with calibre/image-actions

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-02-22 23:23:01 +01:00
b5a9b645f4 website/docs: fix typo (#13174)
The sentence is broken; fixing typo to clarify that a secure connection is established *before* an LDAP bind.

Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
2025-02-22 23:22:27 +01:00
46303cc59f website: enable docusaurus faster option (#12326)
* website: enable docusaurus faster option

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix build failing in CI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lightningcss

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix swc...sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix swc again

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-22 22:00:56 +01:00
4af415f3fd web/user: fix race condition in user settings flow executor (#13163)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-21 20:35:54 +01:00
ef82143811 web/admin: only show message when not editing an application (#13165)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-21 20:35:33 +01:00
c7567e031a root: allow configuring session cookie age (#12389) 2025-02-21 18:21:35 +00:00
3b2cd9e8d6 ci: update poetry sync command (#13161) 2025-02-21 18:19:18 +00:00
261e18b3d6 web/user: fix RAC launch not opening when clicking icon (#13164)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-21 19:18:41 +01:00
51a0f7d314 website/docs: troubleshooting: fix missing command prefix for create admin group command in Docker (#13107) 2025-02-21 18:47:30 +01:00
041ffef812 website: bump disqus-react from 1.1.5 to 1.1.6 in /website (#13152)
Bumps [disqus-react](https://github.com/disqus/disqus-react) from 1.1.5 to 1.1.6.
- [Release notes](https://github.com/disqus/disqus-react/releases)
- [Changelog](https://github.com/disqus/disqus-react/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/disqus/disqus-react/compare/v1.1.5...v1.1.6)

---
updated-dependencies:
- dependency-name: disqus-react
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 17:47:30 +01:00
68b4d58ebd website: bump docusaurus-theme-openapi-docs from 4.3.4 to 4.3.5 in /website (#13154)
website: bump docusaurus-theme-openapi-docs in /website

Bumps [docusaurus-theme-openapi-docs](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/tree/HEAD/packages/docusaurus-theme-openapi-docs) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/releases)
- [Changelog](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/commits/v4.3.5/packages/docusaurus-theme-openapi-docs)

---
updated-dependencies:
- dependency-name: docusaurus-theme-openapi-docs
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 17:30:49 +01:00
881571bd14 core: bump ruff from 0.9.6 to 0.9.7 (#13150)
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.9.6 to 0.9.7.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.6...0.9.7)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 17:18:01 +01:00
64a0f66e62 core: bump twilio from 9.4.5 to 9.4.6 (#13151)
Bumps [twilio](https://github.com/twilio/twilio-python) from 9.4.5 to 9.4.6.
- [Release notes](https://github.com/twilio/twilio-python/releases)
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md)
- [Commits](https://github.com/twilio/twilio-python/compare/9.4.5...9.4.6)

---
updated-dependencies:
- dependency-name: twilio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 17:17:46 +01:00
7d5cda4c25 website: bump docusaurus-plugin-openapi-docs from 4.3.4 to 4.3.5 in /website (#13153)
website: bump docusaurus-plugin-openapi-docs in /website

Bumps [docusaurus-plugin-openapi-docs](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/tree/HEAD/packages/docusaurus-plugin-openapi-docs) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/releases)
- [Changelog](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/commits/v4.3.5/packages/docusaurus-plugin-openapi-docs)

---
updated-dependencies:
- dependency-name: docusaurus-plugin-openapi-docs
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 17:17:26 +01:00
8ba2679036 core: bump selenium from 4.28.1 to 4.29.0 (#13155)
Bumps [selenium](https://github.com/SeleniumHQ/Selenium) from 4.28.1 to 4.29.0.
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](https://github.com/SeleniumHQ/Selenium/commits/selenium-4.29.0)

---
updated-dependencies:
- dependency-name: selenium
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 17:17:07 +01:00
d98523f243 web/user: fix post MFA creation link being invalid (#13157)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-21 16:43:01 +01:00
6da0548fa2 scripts: fix broken link (#13156)
fix broken link
2025-02-21 12:51:51 +01:00
8734710e61 website: bump semver from 7.7.0 to 7.7.1 in /website (#13129)
Bumps [semver](https://github.com/npm/node-semver) from 7.7.0 to 7.7.1.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.7.0...v7.7.1)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 01:02:47 +01:00
64b996aa1f website: bump postcss from 8.5.2 to 8.5.3 in /website (#13130)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.2 to 8.5.3.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.2...8.5.3)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 01:02:37 +01:00
dbe91cbc55 core: bump kubernetes from 32.0.0 to 32.0.1 (#13131)
Bumps [kubernetes](https://github.com/kubernetes-client/python) from 32.0.0 to 32.0.1.
- [Release notes](https://github.com/kubernetes-client/python/releases)
- [Changelog](https://github.com/kubernetes-client/python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes-client/python/compare/v32.0.0...v32.0.1)

---
updated-dependencies:
- dependency-name: kubernetes
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 01:02:28 +01:00
a56e037eae core: bump duo-client from 5.3.0 to 5.4.0 (#13132)
Bumps [duo-client](https://github.com/duosecurity/duo_client_python) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/duosecurity/duo_client_python/releases)
- [Commits](https://github.com/duosecurity/duo_client_python/compare/5.3.0...5.4.0)

---
updated-dependencies:
- dependency-name: duo-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 01:02:20 +01:00
b8f1e2fac0 lifecycle/aws: bump aws-cdk from 2.179.0 to 2.1000.2 in /lifecycle/aws (#13133)
Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.179.0 to 2.1000.2.
- [Commits](https://github.com/aws/aws-cdk-cli/commits/HEAD/packages/aws-cdk)

---
updated-dependencies:
- dependency-name: aws-cdk
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 01:02:07 +01:00
e1b56aac05 core: bump goauthentik.io/api/v3 from 3.2024123.6 to 3.2024123.7 (#13134)
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2024123.6 to 3.2024123.7.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2024123.6...v3.2024123.7)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 01:01:58 +01:00
794731eed7 core: bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 (#13135)
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.20.5 to 1.21.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.20.5...v1.21.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-21 01:01:25 +01:00
19fbc2a022 enterprise/stages/source: fix Source stage not executing authentication/enrollment flow (#12875)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-20 23:27:08 +01:00
38e467bf8e policies/geoip: fix math in impossible travel (#13141)
* policies/geoip: fix math in impossible travel

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix threshold

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-20 23:26:26 +01:00
9e32cf361b core: bump zxcvbn from 4.4.28 to 4.5.0 (#13128)
Bumps [zxcvbn](https://github.com/dwolfhub/zxcvbn-python) from 4.4.28 to 4.5.0.
- [Changelog](https://github.com/dwolfhub/zxcvbn-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/dwolfhub/zxcvbn-python/compare/v4.4.28...v4.5.0)

---
updated-dependencies:
- dependency-name: zxcvbn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-20 16:14:55 +01:00
42a5a43640 revert: rbac: exclude permissions for internal models (#12803) (#13138)
Revert "rbac: exclude permissions for internal models (#12803)"

This reverts commit e08ccf4ca0.
2025-02-20 15:12:23 +01:00
8d5b835c4f web/flows: fix error on interactive Captcha stage when retrying captcha (#13119)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-20 15:00:57 +01:00
ca3b948895 web: Indicate when caps-lock is active during password input. (#12733)
Determining the state of the caps-lock key can be tricky as we're
dependant on a user-provided input to set a value. Thus, our initial
state defaults to not display any warning until the first keystroke.

- Revise to better use lit-html.
2025-02-19 10:38:27 -08:00
a714c781a6 website: Use Docusaurus Frontmatter for badges (#12893)
website/docs: Reduce redundant usage of badges. Move badge logic to components.

- Fix JSX class name warning.
- Remove duplicate titles.
- Flesh out `support_level` frontmatter.
2025-02-19 18:03:05 +00:00
df2e3878d5 sources/oauth: add group sync for azure_ad (#12894)
* sources/oauth: add group sync for azure_ad

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make group sync optional

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-19 17:57:47 +01:00
1370c32aea cmd: set version in outposts (#13116)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-19 17:56:57 +01:00
0ae373bc1e web/admin: update Application Wizard button placement (#12771)
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* web: Make using the wizard the default for new applications

# What

1. I removed the "Wizard Hint" bar and migrated the "Create With Wizard" button down to the default
   position as "Create With Provider," moving the "Create" button to a secondary position.
   Primary coloring has been kept for both.

2. Added an alert to the "Create" legacy dialog:

> Using this form will only create an Application. In order to authenticate with the application,
> you will have to manually pair it with a Provider.

3. Updated the subtitle on the Wizard dialog:

``` diff
-    wizardDescription = msg("Create a new application");
+    wizardDescription = msg("Create a new application and configure a provider for it.");
```

4. Updated the User page so that, if the User is-a Administrator and the number of Applications in
   the system is zero, the user will be invited to create a new Application using the Wizard rather
   than the legacy Form:

```diff
     renderNewAppButton() {
         const href = paramURL("/core/applications", {
-            createForm: true,
+            createWizard: true,
         });
```

5. Fixed a bug where, on initial render, if the `this.brand` field was not available, an error would
   appear in the console. The effects were usually harmless, as brand information came quickly and
   filled in before the user could notice, but it looked bad in the debugger.

6. Fixed a bug in testing where the wizard page "Configure Policy Bindings" had been changed to
   "Configure Policy/User/Group Binding".

# Testing

Since the wizard OUID didn't change (`data-ouia-component-id="start-application-wizard"`), the E2E
tests for "Application Wizard" completed without any substantial changes to the routine or to the
tests.

``` sh
npm run test:e2e:watch -- --spec ./tests/specs/new-application-by-wizard.ts
```

# User documentation changes required.

These changes were made at the request of docs, as an initial draft to show how the page looks with
the Application Wizard as he default tool for creating new Applications.

# Developer documentation changes required.

None.
2025-02-19 08:41:39 -08:00
6facb5872e web/user: fix opening application with Enter not respecting new tab setting (#13115)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-19 15:49:40 +01:00
c67de17dd8 web: bump API Client version (#13113)
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2025-02-19 13:16:28 +01:00
2128e7f45f providers/rac: move to open source (#13015)
* move RAC to open source

* move web out of enterprise

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove enterprise license requirements from RAC

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-02-19 12:48:11 +01:00
0e7a4849f6 website/docs: add 2025.2 release notes (#13002)
* website/docs: add 2025.2 release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make compile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ffs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* ffs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-19 01:43:39 +01:00
85343fa5d4 core: clear expired database sessions (#13105)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-18 20:40:03 +01:00
1596 changed files with 134542 additions and 46437 deletions

View File

@ -1,5 +1,5 @@
[bumpversion] [bumpversion]
current_version = 2025.2.0-rc3 current_version = 2025.6.3
tag = True tag = True
commit = True commit = True
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<rc_t>[a-zA-Z-]+)(?P<rc_n>[1-9]\\d*))? parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<rc_t>[a-zA-Z-]+)(?P<rc_n>[1-9]\\d*))?
@ -17,8 +17,12 @@ optional_value = final
[bumpversion:file:pyproject.toml] [bumpversion:file:pyproject.toml]
[bumpversion:file:uv.lock]
[bumpversion:file:package.json] [bumpversion:file:package.json]
[bumpversion:file:package-lock.json]
[bumpversion:file:docker-compose.yml] [bumpversion:file:docker-compose.yml]
[bumpversion:file:schema.yml] [bumpversion:file:schema.yml]
@ -29,6 +33,4 @@ optional_value = final
[bumpversion:file:internal/constants/constants.go] [bumpversion:file:internal/constants/constants.go]
[bumpversion:file:web/src/common/constants.ts]
[bumpversion:file:lifecycle/aws/template.yaml] [bumpversion:file:lifecycle/aws/template.yaml]

View File

@ -5,8 +5,10 @@ dist/**
build/** build/**
build_docs/** build_docs/**
*Dockerfile *Dockerfile
**/*Dockerfile
blueprints/local blueprints/local
.git .git
!gen-ts-api/node_modules !gen-ts-api/node_modules
!gen-ts-api/dist/** !gen-ts-api/dist/**
!gen-go-api/ !gen-go-api/
.venv

View File

@ -7,6 +7,9 @@ charset = utf-8
trim_trailing_whitespace = true trim_trailing_whitespace = true
insert_final_newline = true insert_final_newline = true
[*.toml]
indent_size = 2
[*.html] [*.html]
indent_size = 2 indent_size = 2

View File

@ -28,7 +28,11 @@ Output of docker-compose logs or kubectl logs respectively
**Version and Deployment (please complete the following information):** **Version and Deployment (please complete the following information):**
- authentik version: [e.g. 2021.8.5] <!--
Notice: authentik supports installation via Docker, Kubernetes, and AWS CloudFormation only. Support is not available for other methods. For detailed installation and configuration instructions, please refer to the official documentation at https://docs.goauthentik.io/docs/install-config/.
-->
- authentik version: [e.g. 2025.2.0]
- Deployment: [e.g. docker-compose, helm] - Deployment: [e.g. docker-compose, helm]
**Additional context** **Additional context**

22
.github/ISSUE_TEMPLATE/docs_issue.md vendored Normal file
View File

@ -0,0 +1,22 @@
---
name: Documentation issue
about: Suggest an improvement or report a problem
title: ""
labels: documentation
assignees: ""
---
**Do you see an area that can be clarified or expanded, a technical inaccuracy, or a broken link? Please describe.**
A clear and concise description of what the problem is, or where the document can be improved. Ex. I believe we need more details about [...]
**Provide the URL or link to the exact page in the documentation to which you are referring.**
If there are multiple pages, list them all, and be sure to state the header or section where the content is.
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Additional context**
Add any other context or screenshots about the documentation issue here.
**Consider opening a PR!**
If the issue is one that you can fix, or even make a good pass at, we'd appreciate a PR. For more information about making a contribution to the docs, and using our Style Guide and our templates, refer to ["Writing documentation"](https://docs.goauthentik.io/docs/developer-docs/docs/writing-documentation).

View File

@ -20,7 +20,12 @@ Output of docker-compose logs or kubectl logs respectively
**Version and Deployment (please complete the following information):** **Version and Deployment (please complete the following information):**
- authentik version: [e.g. 2021.8.5] <!--
Notice: authentik supports installation via Docker, Kubernetes, and AWS CloudFormation only. Support is not available for other methods. For detailed installation and configuration instructions, please refer to the official documentation at https://docs.goauthentik.io/docs/install-config/.
-->
- authentik version: [e.g. 2025.2.0]
- Deployment: [e.g. docker-compose, helm] - Deployment: [e.g. docker-compose, helm]
**Additional context** **Additional context**

View File

@ -44,7 +44,6 @@ if is_release:
] ]
if not prerelease: if not prerelease:
image_tags += [ image_tags += [
f"{name}:latest",
f"{name}:{version_family}", f"{name}:{version_family}",
] ]
else: else:

View File

@ -9,17 +9,22 @@ inputs:
runs: runs:
using: "composite" using: "composite"
steps: steps:
- name: Install poetry & deps - name: Install apt deps
shell: bash shell: bash
run: | run: |
pipx install poetry || true
sudo apt-get update sudo apt-get update
sudo apt-get install --no-install-recommends -y libpq-dev openssl libxmlsec1-dev pkg-config gettext libkrb5-dev krb5-kdc krb5-user krb5-admin-server sudo apt-get install --no-install-recommends -y libpq-dev openssl libxmlsec1-dev pkg-config gettext libkrb5-dev krb5-kdc krb5-user krb5-admin-server
- name: Setup python and restore poetry - name: Install uv
uses: astral-sh/setup-uv@v5
with:
enable-cache: true
- name: Setup python
uses: actions/setup-python@v5 uses: actions/setup-python@v5
with: with:
python-version-file: "pyproject.toml" python-version-file: "pyproject.toml"
cache: "poetry" - name: Install Python deps
shell: bash
run: uv sync --all-extras --dev --frozen
- name: Setup node - name: Setup node
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
@ -30,15 +35,18 @@ runs:
uses: actions/setup-go@v5 uses: actions/setup-go@v5
with: with:
go-version-file: "go.mod" go-version-file: "go.mod"
- name: Setup docker cache
uses: AndreKurait/docker-cache@0fe76702a40db986d9663c24954fc14c6a6031b7
with:
key: docker-images-${{ runner.os }}-${{ hashFiles('.github/actions/setup/docker-compose.yml', 'Makefile') }}-${{ inputs.postgresql_version }}
- name: Setup dependencies - name: Setup dependencies
shell: bash shell: bash
run: | run: |
export PSQL_TAG=${{ inputs.postgresql_version }} export PSQL_TAG=${{ inputs.postgresql_version }}
docker compose -f .github/actions/setup/docker-compose.yml up -d docker compose -f .github/actions/setup/docker-compose.yml up -d
poetry install --sync
cd web && npm ci cd web && npm ci
- name: Generate config - name: Generate config
shell: poetry run python {0} shell: uv run python {0}
run: | run: |
from authentik.lib.generators import generate_id from authentik.lib.generators import generate_id
from yaml import safe_dump from yaml import safe_dump

View File

@ -11,7 +11,7 @@ services:
- 5432:5432 - 5432:5432
restart: always restart: always
redis: redis:
image: docker.io/library/redis image: docker.io/library/redis:7
ports: ports:
- 6379:6379 - 6379:6379
restart: always restart: always

View File

@ -1,7 +1,32 @@
akadmin
asgi
assertIn
authentik
authn
crate
docstrings
entra
goauthentik
gunicorn
hass
jwe
jwks
keypair keypair
keypairs keypairs
hass kubernetes
warmup oidc
ontext ontext
openid
passwordless
plex
saml
scim
singed singed
assertIn slo
sso
totp
traefik
# https://github.com/codespell-project/codespell/issues/1224
upToDate
warmup
webauthn

View File

@ -23,7 +23,13 @@ updates:
- package-ecosystem: npm - package-ecosystem: npm
directories: directories:
- "/web" - "/web"
- "/web/sfe" - "/web/packages/sfe"
- "/web/packages/core"
- "/web/packages/esbuild-plugin-live-reload"
- "/packages/prettier-config"
- "/packages/tsconfig"
- "/packages/docusaurus-config"
- "/packages/eslint-config"
schedule: schedule:
interval: daily interval: daily
time: "04:00" time: "04:00"
@ -68,6 +74,9 @@ updates:
wdio: wdio:
patterns: patterns:
- "@wdio/*" - "@wdio/*"
goauthentik:
patterns:
- "@goauthentik/*"
- package-ecosystem: npm - package-ecosystem: npm
directory: "/website" directory: "/website"
schedule: schedule:
@ -82,6 +91,22 @@ updates:
docusaurus: docusaurus:
patterns: patterns:
- "@docusaurus/*" - "@docusaurus/*"
build:
patterns:
- "@swc/*"
- "swc-*"
- "lightningcss*"
- "@rspack/binding*"
goauthentik:
patterns:
- "@goauthentik/*"
eslint:
patterns:
- "@eslint/*"
- "@typescript-eslint/*"
- "eslint-*"
- "eslint"
- "typescript-eslint"
- package-ecosystem: npm - package-ecosystem: npm
directory: "/lifecycle/aws" directory: "/lifecycle/aws"
schedule: schedule:
@ -92,7 +117,7 @@ updates:
prefix: "lifecycle/aws:" prefix: "lifecycle/aws:"
labels: labels:
- dependencies - dependencies
- package-ecosystem: pip - package-ecosystem: uv
directory: "/" directory: "/"
schedule: schedule:
interval: daily interval: daily
@ -112,3 +137,15 @@ updates:
prefix: "core:" prefix: "core:"
labels: labels:
- dependencies - dependencies
- package-ecosystem: docker-compose
directories:
# - /scripts # Maybe
- /tests/e2e
schedule:
interval: daily
time: "04:00"
open-pull-requests-limit: 10
commit-message:
prefix: "core:"
labels:
- dependencies

View File

@ -38,9 +38,11 @@ jobs:
# Needed for attestation # Needed for attestation
id-token: write id-token: write
attestations: write attestations: write
# Needed for checkout
contents: read
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3.4.0 - uses: docker/setup-qemu-action@v3.6.0
- uses: docker/setup-buildx-action@v3 - uses: docker/setup-buildx-action@v3
- name: prepare variables - name: prepare variables
uses: ./.github/actions/docker-push-variables uses: ./.github/actions/docker-push-variables

View File

@ -30,7 +30,6 @@ jobs:
uses: actions/setup-python@v5 uses: actions/setup-python@v5
with: with:
python-version-file: "pyproject.toml" python-version-file: "pyproject.toml"
cache: "poetry"
- name: Generate API Client - name: Generate API Client
run: make gen-client-py run: make gen-client-py
- name: Publish package - name: Publish package

View File

@ -53,6 +53,7 @@ jobs:
signoff: true signoff: true
# ID from https://api.github.com/users/authentik-automation[bot] # ID from https://api.github.com/users/authentik-automation[bot]
author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
labels: dependencies
- uses: peter-evans/enable-pull-request-automerge@v3 - uses: peter-evans/enable-pull-request-automerge@v3
with: with:
token: ${{ steps.generate_token.outputs.token }} token: ${{ steps.generate_token.outputs.token }}

View File

@ -33,7 +33,7 @@ jobs:
npm ci npm ci
- name: Check changes have been applied - name: Check changes have been applied
run: | run: |
poetry run make aws-cfn uv run make aws-cfn
git diff --exit-code git diff --exit-code
ci-aws-cfn-mark: ci-aws-cfn-mark:
if: always() if: always()

View File

@ -9,14 +9,15 @@ on:
jobs: jobs:
test-container: test-container:
if: ${{ github.repository != 'goauthentik/authentik-internal' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
version: version:
- docs - docs
- version-2024-12 - version-2025-4
- version-2024-10 - version-2025-2
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: | - run: |

View File

@ -34,7 +34,7 @@ jobs:
- name: Setup authentik env - name: Setup authentik env
uses: ./.github/actions/setup uses: ./.github/actions/setup
- name: run job - name: run job
run: poetry run make ci-${{ matrix.job }} run: uv run make ci-${{ matrix.job }}
test-migrations: test-migrations:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -42,7 +42,7 @@ jobs:
- name: Setup authentik env - name: Setup authentik env
uses: ./.github/actions/setup uses: ./.github/actions/setup
- name: run migrations - name: run migrations
run: poetry run python -m lifecycle.migrate run: uv run python -m lifecycle.migrate
test-make-seed: test-make-seed:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -62,6 +62,7 @@ jobs:
psql: psql:
- 15-alpine - 15-alpine
- 16-alpine - 16-alpine
- 17-alpine
run_id: [1, 2, 3, 4, 5] run_id: [1, 2, 3, 4, 5]
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -69,8 +70,6 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: checkout stable - name: checkout stable
run: | run: |
# Delete all poetry envs
rm -rf /home/runner/.cache/pypoetry
# Copy current, latest config to local # Copy current, latest config to local
cp authentik/lib/default.yml local.env.yml cp authentik/lib/default.yml local.env.yml
cp -R .github .. cp -R .github ..
@ -83,7 +82,7 @@ jobs:
with: with:
postgresql_version: ${{ matrix.psql }} postgresql_version: ${{ matrix.psql }}
- name: run migrations to stable - name: run migrations to stable
run: poetry run python -m lifecycle.migrate run: uv run python -m lifecycle.migrate
- name: checkout current code - name: checkout current code
run: | run: |
set -x set -x
@ -91,15 +90,13 @@ jobs:
git reset --hard HEAD git reset --hard HEAD
git clean -d -fx . git clean -d -fx .
git checkout $GITHUB_SHA git checkout $GITHUB_SHA
# Delete previous poetry env
rm -rf /home/runner/.cache/pypoetry/virtualenvs/*
- name: Setup authentik env (ensure latest deps are installed) - name: Setup authentik env (ensure latest deps are installed)
uses: ./.github/actions/setup uses: ./.github/actions/setup
with: with:
postgresql_version: ${{ matrix.psql }} postgresql_version: ${{ matrix.psql }}
- name: migrate to latest - name: migrate to latest
run: | run: |
poetry run python -m lifecycle.migrate uv run python -m lifecycle.migrate
- name: run tests - name: run tests
env: env:
# Test in the main database that we just migrated from the previous stable version # Test in the main database that we just migrated from the previous stable version
@ -108,7 +105,7 @@ jobs:
CI_RUN_ID: ${{ matrix.run_id }} CI_RUN_ID: ${{ matrix.run_id }}
CI_TOTAL_RUNS: "5" CI_TOTAL_RUNS: "5"
run: | run: |
poetry run make ci-test uv run make ci-test
test-unittest: test-unittest:
name: test-unittest - PostgreSQL ${{ matrix.psql }} - Run ${{ matrix.run_id }}/5 name: test-unittest - PostgreSQL ${{ matrix.psql }} - Run ${{ matrix.run_id }}/5
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -120,6 +117,7 @@ jobs:
psql: psql:
- 15-alpine - 15-alpine
- 16-alpine - 16-alpine
- 17-alpine
run_id: [1, 2, 3, 4, 5] run_id: [1, 2, 3, 4, 5]
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -133,7 +131,7 @@ jobs:
CI_RUN_ID: ${{ matrix.run_id }} CI_RUN_ID: ${{ matrix.run_id }}
CI_TOTAL_RUNS: "5" CI_TOTAL_RUNS: "5"
run: | run: |
poetry run make ci-test uv run make ci-test
- if: ${{ always() }} - if: ${{ always() }}
uses: codecov/codecov-action@v5 uses: codecov/codecov-action@v5
with: with:
@ -156,8 +154,8 @@ jobs:
uses: helm/kind-action@v1.12.0 uses: helm/kind-action@v1.12.0
- name: run integration - name: run integration
run: | run: |
poetry run coverage run manage.py test tests/integration uv run coverage run manage.py test tests/integration
poetry run coverage xml uv run coverage xml
- if: ${{ always() }} - if: ${{ always() }}
uses: codecov/codecov-action@v5 uses: codecov/codecov-action@v5
with: with:
@ -204,7 +202,7 @@ jobs:
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
path: web/dist path: web/dist
key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**') }} key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'package-lock.json', 'web/src/**', 'web/packages/sfe/src/**') }}-b
- name: prepare web ui - name: prepare web ui
if: steps.cache-web.outputs.cache-hit != 'true' if: steps.cache-web.outputs.cache-hit != 'true'
working-directory: web working-directory: web
@ -212,10 +210,11 @@ jobs:
npm ci npm ci
make -C .. gen-client-ts make -C .. gen-client-ts
npm run build npm run build
npm run build:sfe
- name: run e2e - name: run e2e
run: | run: |
poetry run coverage run manage.py test ${{ matrix.job.glob }} uv run coverage run manage.py test ${{ matrix.job.glob }}
poetry run coverage xml uv run coverage xml
- if: ${{ always() }} - if: ${{ always() }}
uses: codecov/codecov-action@v5 uses: codecov/codecov-action@v5
with: with:
@ -248,11 +247,13 @@ jobs:
# Needed for attestation # Needed for attestation
id-token: write id-token: write
attestations: write attestations: write
# Needed for checkout
contents: read
needs: ci-core-mark needs: ci-core-mark
uses: ./.github/workflows/_reusable-docker-build.yaml uses: ./.github/workflows/_reusable-docker-build.yaml
secrets: inherit secrets: inherit
with: with:
image_name: ghcr.io/goauthentik/dev-server image_name: ${{ github.repository == 'goauthentik/authentik-internal' && 'ghcr.io/goauthentik/internal-server' || 'ghcr.io/goauthentik/dev-server' }}
release: false release: false
pr-comment: pr-comment:
needs: needs:

View File

@ -29,7 +29,7 @@ jobs:
- name: Generate API - name: Generate API
run: make gen-client-go run: make gen-client-go
- name: golangci-lint - name: golangci-lint
uses: golangci/golangci-lint-action@v6 uses: golangci/golangci-lint-action@v8
with: with:
version: latest version: latest
args: --timeout 5000s --verbose args: --timeout 5000s --verbose
@ -59,6 +59,7 @@ jobs:
with: with:
jobs: ${{ toJSON(needs) }} jobs: ${{ toJSON(needs) }}
build-container: build-container:
if: ${{ github.repository != 'goauthentik/authentik-internal' }}
timeout-minutes: 120 timeout-minutes: 120
needs: needs:
- ci-outpost-mark - ci-outpost-mark
@ -82,7 +83,7 @@ jobs:
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3.4.0 uses: docker/setup-qemu-action@v3.6.0
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: prepare variables - name: prepare variables

View File

@ -49,6 +49,7 @@ jobs:
matrix: matrix:
job: job:
- build - build
- build:integrations
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-node@v4 - uses: actions/setup-node@v4
@ -61,14 +62,65 @@ jobs:
- name: build - name: build
working-directory: website/ working-directory: website/
run: npm run ${{ matrix.job }} run: npm run ${{ matrix.job }}
build-container:
if: ${{ github.repository != 'goauthentik/authentik-internal' }}
runs-on: ubuntu-latest
permissions:
# Needed to upload container images to ghcr.io
packages: write
# Needed for attestation
id-token: write
attestations: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.6.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: prepare variables
uses: ./.github/actions/docker-push-variables
id: ev
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
with:
image-name: ghcr.io/goauthentik/dev-docs
- name: Login to Container Registry
if: ${{ steps.ev.outputs.shouldPush == 'true' }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Docker Image
id: push
uses: docker/build-push-action@v6
with:
tags: ${{ steps.ev.outputs.imageTags }}
file: website/Dockerfile
push: ${{ steps.ev.outputs.shouldPush == 'true' }}
platforms: linux/amd64,linux/arm64
context: .
cache-from: type=registry,ref=ghcr.io/goauthentik/dev-docs:buildcache
cache-to: ${{ steps.ev.outputs.shouldPush == 'true' && 'type=registry,ref=ghcr.io/goauthentik/dev-docs:buildcache,mode=max' || '' }}
- uses: actions/attest-build-provenance@v2
id: attest
if: ${{ steps.ev.outputs.shouldPush == 'true' }}
with:
subject-name: ${{ steps.ev.outputs.attestImageNames }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
ci-website-mark: ci-website-mark:
if: always() if: always()
needs: needs:
- lint - lint
- test - test
- build - build
- build-container
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: re-actors/alls-green@release/v1 - uses: re-actors/alls-green@release/v1
with: with:
jobs: ${{ toJSON(needs) }} jobs: ${{ toJSON(needs) }}
allowed-skips: ${{ github.repository == 'goauthentik/authentik-internal' && 'build-container' || '[]' }}

View File

@ -2,7 +2,7 @@ name: "CodeQL"
on: on:
push: push:
branches: [main, "*", next, version*] branches: [main, next, version*]
pull_request: pull_request:
branches: [main] branches: [main]
schedule: schedule:

View File

@ -2,7 +2,7 @@ name: authentik-gen-update-webauthn-mds
on: on:
workflow_dispatch: workflow_dispatch:
schedule: schedule:
- cron: '30 1 1,15 * *' - cron: "30 1 1,15 * *"
env: env:
POSTGRES_DB: authentik POSTGRES_DB: authentik
@ -24,7 +24,7 @@ jobs:
token: ${{ steps.generate_token.outputs.token }} token: ${{ steps.generate_token.outputs.token }}
- name: Setup authentik env - name: Setup authentik env
uses: ./.github/actions/setup uses: ./.github/actions/setup
- run: poetry run ak update_webauthn_mds - run: uv run ak update_webauthn_mds
- uses: peter-evans/create-pull-request@v7 - uses: peter-evans/create-pull-request@v7
id: cpr id: cpr
with: with:
@ -37,6 +37,7 @@ jobs:
signoff: true signoff: true
# ID from https://api.github.com/users/authentik-automation[bot] # ID from https://api.github.com/users/authentik-automation[bot]
author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
labels: dependencies
- uses: peter-evans/enable-pull-request-automerge@v3 - uses: peter-evans/enable-pull-request-automerge@v3
with: with:
token: ${{ steps.generate_token.outputs.token }} token: ${{ steps.generate_token.outputs.token }}

View File

@ -53,6 +53,7 @@ jobs:
body: ${{ steps.compress.outputs.markdown }} body: ${{ steps.compress.outputs.markdown }}
delete-branch: true delete-branch: true
signoff: true signoff: true
labels: dependencies
- uses: peter-evans/enable-pull-request-automerge@v3 - uses: peter-evans/enable-pull-request-automerge@v3
if: "${{ github.event_name != 'pull_request' && steps.compress.outputs.markdown != '' }}" if: "${{ github.event_name != 'pull_request' && steps.compress.outputs.markdown != '' }}"
with: with:

View File

@ -0,0 +1,47 @@
name: authentik-packages-npm-publish
on:
push:
branches: [main]
paths:
- packages/docusaurus-config/**
- packages/eslint-config/**
- packages/prettier-config/**
- packages/tsconfig/**
- web/packages/esbuild-plugin-live-reload/**
workflow_dispatch:
jobs:
publish:
if: ${{ github.repository != 'goauthentik/authentik-internal' }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
package:
- packages/docusaurus-config
- packages/eslint-config
- packages/prettier-config
- packages/tsconfig
- web/packages/esbuild-plugin-live-reload
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- uses: actions/setup-node@v4
with:
node-version-file: ${{ matrix.package }}/package.json
registry-url: "https://registry.npmjs.org"
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
with:
files: |
${{ matrix.package }}/package.json
- name: Publish package
if: steps.changed-files.outputs.any_changed == 'true'
working-directory: ${{ matrix.package }}
run: |
npm ci
npm run build
npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}

View File

@ -21,8 +21,8 @@ jobs:
uses: ./.github/actions/setup uses: ./.github/actions/setup
- name: generate docs - name: generate docs
run: | run: |
poetry run make migrate uv run make migrate
poetry run ak build_source_docs uv run ak build_source_docs
- name: Publish - name: Publish
uses: netlify/actions/cli@master uses: netlify/actions/cli@master
with: with:

View File

@ -20,6 +20,49 @@ jobs:
release: true release: true
registry_dockerhub: true registry_dockerhub: true
registry_ghcr: true registry_ghcr: true
build-docs:
runs-on: ubuntu-latest
permissions:
# Needed to upload container images to ghcr.io
packages: write
# Needed for attestation
id-token: write
attestations: write
steps:
- uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.6.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: prepare variables
uses: ./.github/actions/docker-push-variables
id: ev
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
with:
image-name: ghcr.io/goauthentik/docs
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Docker Image
id: push
uses: docker/build-push-action@v6
with:
tags: ${{ steps.ev.outputs.imageTags }}
file: website/Dockerfile
push: true
platforms: linux/amd64,linux/arm64
context: .
- uses: actions/attest-build-provenance@v2
id: attest
if: true
with:
subject-name: ${{ steps.ev.outputs.attestImageNames }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
build-outpost: build-outpost:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
@ -42,7 +85,7 @@ jobs:
with: with:
go-version-file: "go.mod" go-version-file: "go.mod"
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3.4.0 uses: docker/setup-qemu-action@v3.6.0
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: prepare variables - name: prepare variables
@ -186,13 +229,13 @@ jobs:
container=$(docker container create ${{ steps.ev.outputs.imageMainName }}) container=$(docker container create ${{ steps.ev.outputs.imageMainName }})
docker cp ${container}:web/ . docker cp ${container}:web/ .
- name: Create a Sentry.io release - name: Create a Sentry.io release
uses: getsentry/action-release@v1 uses: getsentry/action-release@v3
continue-on-error: true continue-on-error: true
env: env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: authentik-security-inc SENTRY_ORG: authentik-security-inc
SENTRY_PROJECT: authentik SENTRY_PROJECT: authentik
with: with:
version: authentik@${{ steps.ev.outputs.version }} release: authentik@${{ steps.ev.outputs.version }}
sourcemaps: "./web/dist" sourcemaps: "./web/dist"
url_prefix: "~/static/dist" url_prefix: "~/static/dist"

View File

@ -0,0 +1,21 @@
name: "authentik-repo-mirror-cleanup"
on:
workflow_dispatch:
jobs:
to_internal:
if: ${{ github.repository != 'goauthentik/authentik-internal' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- if: ${{ env.MIRROR_KEY != '' }}
uses: BeryJu/repository-mirroring-action@5cf300935bc2e068f73ea69bcc411a8a997208eb
with:
target_repo_url: git@github.com:goauthentik/authentik-internal.git
ssh_private_key: ${{ secrets.GH_MIRROR_KEY }}
args: --tags --force --prune
env:
MIRROR_KEY: ${{ secrets.GH_MIRROR_KEY }}

View File

@ -11,11 +11,10 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- if: ${{ env.MIRROR_KEY != '' }} - if: ${{ env.MIRROR_KEY != '' }}
uses: pixta-dev/repository-mirroring-action@v1 uses: BeryJu/repository-mirroring-action@5cf300935bc2e068f73ea69bcc411a8a997208eb
with: with:
target_repo_url: target_repo_url: git@github.com:goauthentik/authentik-internal.git
git@github.com:goauthentik/authentik-internal.git ssh_private_key: ${{ secrets.GH_MIRROR_KEY }}
ssh_private_key: args: --tags --force
${{ secrets.GH_MIRROR_KEY }}
env: env:
MIRROR_KEY: ${{ secrets.GH_MIRROR_KEY }} MIRROR_KEY: ${{ secrets.GH_MIRROR_KEY }}

27
.github/workflows/semgrep.yml vendored Normal file
View File

@ -0,0 +1,27 @@
name: authentik-semgrep
on:
workflow_dispatch: {}
pull_request: {}
push:
branches:
- main
- master
paths:
- .github/workflows/semgrep.yml
schedule:
# random HH:MM to avoid a load spike on GitHub Actions at 00:00
- cron: '12 15 * * *'
jobs:
semgrep:
name: semgrep/ci
runs-on: ubuntu-latest
permissions:
contents: read
env:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
container:
image: semgrep/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- uses: actions/checkout@v4
- run: semgrep ci

View File

@ -1,9 +1,13 @@
--- ---
name: authentik-backend-translate-extract-compile name: authentik-translate-extract-compile
on: on:
schedule: schedule:
- cron: "0 0 * * *" # every day at midnight - cron: "0 0 * * *" # every day at midnight
workflow_dispatch: workflow_dispatch:
pull_request:
branches:
- main
- version-*
env: env:
POSTGRES_DB: authentik POSTGRES_DB: authentik
@ -12,26 +16,34 @@ env:
jobs: jobs:
compile: compile:
if: ${{ github.repository != 'goauthentik/authentik-internal' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- id: generate_token - id: generate_token
if: ${{ github.event_name != 'pull_request' }}
uses: tibdex/github-app-token@v2 uses: tibdex/github-app-token@v2
with: with:
app_id: ${{ secrets.GH_APP_ID }} app_id: ${{ secrets.GH_APP_ID }}
private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request' }}
with: with:
token: ${{ steps.generate_token.outputs.token }} token: ${{ steps.generate_token.outputs.token }}
- uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request' }}
- name: Setup authentik env - name: Setup authentik env
uses: ./.github/actions/setup uses: ./.github/actions/setup
- name: Generate API
run: make gen-client-ts
- name: run extract - name: run extract
run: | run: |
poetry run make i18n-extract uv run make i18n-extract
- name: run compile - name: run compile
run: | run: |
poetry run ak compilemessages uv run ak compilemessages
make web-check-compile make web-check-compile
- name: Create Pull Request - name: Create Pull Request
if: ${{ github.event_name != 'pull_request' }}
uses: peter-evans/create-pull-request@v7 uses: peter-evans/create-pull-request@v7
with: with:
token: ${{ steps.generate_token.outputs.token }} token: ${{ steps.generate_token.outputs.token }}
@ -41,3 +53,6 @@ jobs:
body: "core, web: update translations" body: "core, web: update translations"
delete-branch: true delete-branch: true
signoff: true signoff: true
labels: dependencies
# ID from https://api.github.com/users/authentik-automation[bot]
author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

View File

@ -15,6 +15,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ github.event.pull_request.user.login == 'transifex-integration[bot]'}} if: ${{ github.event.pull_request.user.login == 'transifex-integration[bot]'}}
steps: steps:
- uses: actions/checkout@v4
- id: generate_token - id: generate_token
uses: tibdex/github-app-token@v2 uses: tibdex/github-app-token@v2
with: with:
@ -25,23 +26,13 @@ jobs:
env: env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }} GH_TOKEN: ${{ steps.generate_token.outputs.token }}
run: | run: |
title=$(curl -q -L \ title=$(gh pr view ${{ github.event.pull_request.number }} --json "title" -q ".title")
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GH_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/${{ github.event.pull_request.number }} | jq -r .title)
echo "title=${title}" >> "$GITHUB_OUTPUT" echo "title=${title}" >> "$GITHUB_OUTPUT"
- name: Rename - name: Rename
env: env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }} GH_TOKEN: ${{ steps.generate_token.outputs.token }}
run: | run: |
curl -L \ gh pr edit ${{ github.event.pull_request.number }} -t "translate: ${{ steps.title.outputs.title }}" --add-label dependencies
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GH_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/${{ github.event.pull_request.number }} \
-d "{\"title\":\"translate: ${{ steps.title.outputs.title }}\"}"
- uses: peter-evans/enable-pull-request-automerge@v3 - uses: peter-evans/enable-pull-request-automerge@v3
with: with:
token: ${{ steps.generate_token.outputs.token }} token: ${{ steps.generate_token.outputs.token }}

5
.gitignore vendored
View File

@ -11,6 +11,10 @@ local_settings.py
db.sqlite3 db.sqlite3
media media
# Node
node_modules
# If your build process includes running collectstatic, then you probably don't need or want to include staticfiles/ # If your build process includes running collectstatic, then you probably don't need or want to include staticfiles/
# in your Git repository. Update and uncomment the following line accordingly. # in your Git repository. Update and uncomment the following line accordingly.
# <django-project-name>/staticfiles/ # <django-project-name>/staticfiles/
@ -33,6 +37,7 @@ eggs/
lib64/ lib64/
parts/ parts/
dist/ dist/
out/
sdist/ sdist/
var/ var/
wheels/ wheels/

47
.prettierignore Normal file
View File

@ -0,0 +1,47 @@
# Prettier Ignorefile
## Static Files
**/LICENSE
authentik/stages/**/*
## Build asset directories
coverage
dist
out
.docusaurus
website/docs/developer-docs/api/**/*
## Environment
*.env
## Secrets
*.secrets
## Yarn
.yarn/**/*
## Node
node_modules
coverage
## Configs
*.log
*.yaml
*.yml
# Templates
# TODO: Rename affected files to *.template.* or similar.
*.html
*.mdx
*.md
## Import order matters
poly.ts
src/locale-codes.ts
src/locales/
# Storybook
storybook-static/
.storybook/css-import-maps*

32
.vscode/settings.json vendored
View File

@ -1,26 +1,4 @@
{ {
"cSpell.words": [
"akadmin",
"asgi",
"authentik",
"authn",
"entra",
"goauthentik",
"jwe",
"jwks",
"kubernetes",
"oidc",
"openid",
"passwordless",
"plex",
"saml",
"scim",
"slo",
"sso",
"totp",
"traefik",
"webauthn"
],
"todo-tree.tree.showCountsInTree": true, "todo-tree.tree.showCountsInTree": true,
"todo-tree.tree.showBadges": true, "todo-tree.tree.showBadges": true,
"yaml.customTags": [ "yaml.customTags": [
@ -28,17 +6,19 @@
"!Context scalar", "!Context scalar",
"!Enumerate sequence", "!Enumerate sequence",
"!Env scalar", "!Env scalar",
"!Env sequence",
"!Find sequence", "!Find sequence",
"!Format sequence", "!Format sequence",
"!If sequence", "!If sequence",
"!Index scalar", "!Index scalar",
"!KeyOf scalar", "!KeyOf scalar",
"!Value scalar", "!Value scalar",
"!AtIndex scalar" "!AtIndex scalar",
"!ParseJSON scalar"
], ],
"typescript.preferences.importModuleSpecifier": "non-relative", "typescript.preferences.importModuleSpecifier": "non-relative",
"typescript.preferences.importModuleSpecifierEnding": "index", "typescript.preferences.importModuleSpecifierEnding": "index",
"typescript.tsdk": "./web/node_modules/typescript/lib", "typescript.tsdk": "./node_modules/typescript/lib",
"typescript.enablePromptUseWorkspaceTsdk": true, "typescript.enablePromptUseWorkspaceTsdk": true,
"yaml.schemas": { "yaml.schemas": {
"./blueprints/schema.json": "blueprints/**/*.yaml" "./blueprints/schema.json": "blueprints/**/*.yaml"
@ -52,7 +32,5 @@
} }
], ],
"go.testFlags": ["-count=1"], "go.testFlags": ["-count=1"],
"github-actions.workflows.pinned.workflows": [ "github-actions.workflows.pinned.workflows": [".github/workflows/ci-main.yml"]
".github/workflows/ci-main.yml"
]
} }

46
.vscode/tasks.json vendored
View File

@ -3,8 +3,13 @@
"tasks": [ "tasks": [
{ {
"label": "authentik/core: make", "label": "authentik/core: make",
"command": "poetry", "command": "uv",
"args": ["run", "make", "lint-fix", "lint"], "args": [
"run",
"make",
"lint-fix",
"lint"
],
"presentation": { "presentation": {
"panel": "new" "panel": "new"
}, },
@ -12,8 +17,12 @@
}, },
{ {
"label": "authentik/core: run", "label": "authentik/core: run",
"command": "poetry", "command": "uv",
"args": ["run", "ak", "server"], "args": [
"run",
"ak",
"server"
],
"group": "build", "group": "build",
"presentation": { "presentation": {
"panel": "dedicated", "panel": "dedicated",
@ -23,13 +32,17 @@
{ {
"label": "authentik/web: make", "label": "authentik/web: make",
"command": "make", "command": "make",
"args": ["web"], "args": [
"web"
],
"group": "build" "group": "build"
}, },
{ {
"label": "authentik/web: watch", "label": "authentik/web: watch",
"command": "make", "command": "make",
"args": ["web-watch"], "args": [
"web-watch"
],
"group": "build", "group": "build",
"presentation": { "presentation": {
"panel": "dedicated", "panel": "dedicated",
@ -39,19 +52,26 @@
{ {
"label": "authentik: install", "label": "authentik: install",
"command": "make", "command": "make",
"args": ["install", "-j4"], "args": [
"install",
"-j4"
],
"group": "build" "group": "build"
}, },
{ {
"label": "authentik/website: make", "label": "authentik/website: make",
"command": "make", "command": "make",
"args": ["website"], "args": [
"website"
],
"group": "build" "group": "build"
}, },
{ {
"label": "authentik/website: watch", "label": "authentik/website: watch",
"command": "make", "command": "make",
"args": ["website-watch"], "args": [
"website-watch"
],
"group": "build", "group": "build",
"presentation": { "presentation": {
"panel": "dedicated", "panel": "dedicated",
@ -60,8 +80,12 @@
}, },
{ {
"label": "authentik/api: generate", "label": "authentik/api: generate",
"command": "poetry", "command": "uv",
"args": ["run", "make", "gen"], "args": [
"run",
"make",
"gen"
],
"group": "build" "group": "build"
} }
] ]

View File

@ -10,7 +10,7 @@ schemas/ @goauthentik/backend
scripts/ @goauthentik/backend scripts/ @goauthentik/backend
tests/ @goauthentik/backend tests/ @goauthentik/backend
pyproject.toml @goauthentik/backend pyproject.toml @goauthentik/backend
poetry.lock @goauthentik/backend uv.lock @goauthentik/backend
go.mod @goauthentik/backend go.mod @goauthentik/backend
go.sum @goauthentik/backend go.sum @goauthentik/backend
# Infrastructure # Infrastructure
@ -23,6 +23,8 @@ docker-compose.yml @goauthentik/infrastructure
Makefile @goauthentik/infrastructure Makefile @goauthentik/infrastructure
.editorconfig @goauthentik/infrastructure .editorconfig @goauthentik/infrastructure
CODEOWNERS @goauthentik/infrastructure CODEOWNERS @goauthentik/infrastructure
# Web packages
packages/ @goauthentik/frontend
# Web # Web
web/ @goauthentik/frontend web/ @goauthentik/frontend
tests/wdio/ @goauthentik/frontend tests/wdio/ @goauthentik/frontend

View File

@ -5,7 +5,7 @@
We as members, contributors, and leaders pledge to make participation in our We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status, identity and expression, level of experience, education, socioeconomic status,
nationality, personal appearance, race, religion, or sexual identity nationality, personal appearance, race, religion, or sexual identity
and orientation. and orientation.

View File

@ -1,26 +1,7 @@
# syntax=docker/dockerfile:1 # syntax=docker/dockerfile:1
# Stage 1: Build website # Stage 1: Build webui
FROM --platform=${BUILDPLATFORM} docker.io/library/node:22 AS website-builder FROM --platform=${BUILDPLATFORM} docker.io/library/node:24-slim AS node-builder
ENV NODE_ENV=production
WORKDIR /work/website
RUN --mount=type=bind,target=/work/website/package.json,src=./website/package.json \
--mount=type=bind,target=/work/website/package-lock.json,src=./website/package-lock.json \
--mount=type=cache,id=npm-website,sharing=shared,target=/root/.npm \
npm ci --include=dev
COPY ./website /work/website/
COPY ./blueprints /work/blueprints/
COPY ./schema.yml /work/
COPY ./SECURITY.md /work/
RUN npm run build-bundled
# Stage 2: Build webui
FROM --platform=${BUILDPLATFORM} docker.io/library/node:22 AS web-builder
ARG GIT_BUILD_HASH ARG GIT_BUILD_HASH
ENV GIT_BUILD_HASH=$GIT_BUILD_HASH ENV GIT_BUILD_HASH=$GIT_BUILD_HASH
@ -32,7 +13,7 @@ RUN --mount=type=bind,target=/work/web/package.json,src=./web/package.json \
--mount=type=bind,target=/work/web/package-lock.json,src=./web/package-lock.json \ --mount=type=bind,target=/work/web/package-lock.json,src=./web/package-lock.json \
--mount=type=bind,target=/work/web/packages/sfe/package.json,src=./web/packages/sfe/package.json \ --mount=type=bind,target=/work/web/packages/sfe/package.json,src=./web/packages/sfe/package.json \
--mount=type=bind,target=/work/web/scripts,src=./web/scripts \ --mount=type=bind,target=/work/web/scripts,src=./web/scripts \
--mount=type=cache,id=npm-web,sharing=shared,target=/root/.npm \ --mount=type=cache,id=npm-ak,sharing=shared,target=/root/.npm \
npm ci --include=dev npm ci --include=dev
COPY ./package.json /work COPY ./package.json /work
@ -40,10 +21,11 @@ COPY ./web /work/web/
COPY ./website /work/website/ COPY ./website /work/website/
COPY ./gen-ts-api /work/web/node_modules/@goauthentik/api COPY ./gen-ts-api /work/web/node_modules/@goauthentik/api
RUN npm run build RUN npm run build && \
npm run build:sfe
# Stage 3: Build go proxy # Stage 2: Build go proxy
FROM --platform=${BUILDPLATFORM} mcr.microsoft.com/oss/go/microsoft/golang:1.23-fips-bookworm AS go-builder FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.24-bookworm AS go-builder
ARG TARGETOS ARG TARGETOS
ARG TARGETARCH ARG TARGETARCH
@ -67,8 +49,8 @@ RUN --mount=type=bind,target=/go/src/goauthentik.io/go.mod,src=./go.mod \
COPY ./cmd /go/src/goauthentik.io/cmd COPY ./cmd /go/src/goauthentik.io/cmd
COPY ./authentik/lib /go/src/goauthentik.io/authentik/lib COPY ./authentik/lib /go/src/goauthentik.io/authentik/lib
COPY ./web/static.go /go/src/goauthentik.io/web/static.go COPY ./web/static.go /go/src/goauthentik.io/web/static.go
COPY --from=web-builder /work/web/robots.txt /go/src/goauthentik.io/web/robots.txt COPY --from=node-builder /work/web/robots.txt /go/src/goauthentik.io/web/robots.txt
COPY --from=web-builder /work/web/security.txt /go/src/goauthentik.io/web/security.txt COPY --from=node-builder /work/web/security.txt /go/src/goauthentik.io/web/security.txt
COPY ./internal /go/src/goauthentik.io/internal COPY ./internal /go/src/goauthentik.io/internal
COPY ./go.mod /go/src/goauthentik.io/go.mod COPY ./go.mod /go/src/goauthentik.io/go.mod
COPY ./go.sum /go/src/goauthentik.io/go.sum COPY ./go.sum /go/src/goauthentik.io/go.sum
@ -76,70 +58,75 @@ COPY ./go.sum /go/src/goauthentik.io/go.sum
RUN --mount=type=cache,sharing=locked,target=/go/pkg/mod \ RUN --mount=type=cache,sharing=locked,target=/go/pkg/mod \
--mount=type=cache,id=go-build-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/root/.cache/go-build \ --mount=type=cache,id=go-build-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/root/.cache/go-build \
if [ "$TARGETARCH" = "arm64" ]; then export CC=aarch64-linux-gnu-gcc && export CC_FOR_TARGET=gcc-aarch64-linux-gnu; fi && \ if [ "$TARGETARCH" = "arm64" ]; then export CC=aarch64-linux-gnu-gcc && export CC_FOR_TARGET=gcc-aarch64-linux-gnu; fi && \
CGO_ENABLED=1 GOEXPERIMENT="systemcrypto" GOFLAGS="-tags=requirefips" GOARM="${TARGETVARIANT#v}" \ CGO_ENABLED=1 GOFIPS140=latest GOARM="${TARGETVARIANT#v}" \
go build -o /go/authentik ./cmd/server go build -o /go/authentik ./cmd/server
# Stage 4: MaxMind GeoIP # Stage 3: MaxMind GeoIP
FROM --platform=${BUILDPLATFORM} ghcr.io/maxmind/geoipupdate:v7.1.0 AS geoip FROM --platform=${BUILDPLATFORM} ghcr.io/maxmind/geoipupdate:v7.1.0 AS geoip
ENV GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN" ENV GEOIPUPDATE_EDITION_IDS="GeoLite2-City GeoLite2-ASN"
ENV GEOIPUPDATE_VERBOSE="1" ENV GEOIPUPDATE_VERBOSE="1"
ENV GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID" ENV GEOIPUPDATE_ACCOUNT_ID_FILE="/run/secrets/GEOIPUPDATE_ACCOUNT_ID"
ENV GEOIPUPDATE_LICENSE_KEY_FILE="/run/secrets/GEOIPUPDATE_LICENSE_KEY"
USER root USER root
RUN --mount=type=secret,id=GEOIPUPDATE_ACCOUNT_ID \ RUN --mount=type=secret,id=GEOIPUPDATE_ACCOUNT_ID \
--mount=type=secret,id=GEOIPUPDATE_LICENSE_KEY \ --mount=type=secret,id=GEOIPUPDATE_LICENSE_KEY \
mkdir -p /usr/share/GeoIP && \ mkdir -p /usr/share/GeoIP && \
/bin/sh -c "/usr/bin/entry.sh || echo 'Failed to get GeoIP database, disabling'; exit 0" /bin/sh -c "GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/GEOIPUPDATE_LICENSE_KEY /usr/bin/entry.sh || echo 'Failed to get GeoIP database, disabling'; exit 0"
# Stage 5: Python dependencies # Stage 4: Download uv
FROM ghcr.io/goauthentik/fips-python:3.12.8-slim-bookworm-fips AS python-deps FROM ghcr.io/astral-sh/uv:0.7.17 AS uv
# Stage 5: Base python image
FROM ghcr.io/goauthentik/fips-python:3.13.5-slim-bookworm-fips AS python-base
ENV VENV_PATH="/ak-root/.venv" \
PATH="/lifecycle:/ak-root/.venv/bin:$PATH" \
UV_COMPILE_BYTECODE=1 \
UV_LINK_MODE=copy \
UV_NATIVE_TLS=1 \
UV_PYTHON_DOWNLOADS=0
WORKDIR /ak-root/
COPY --from=uv /uv /uvx /bin/
# Stage 6: Python dependencies
FROM python-base AS python-deps
ARG TARGETARCH ARG TARGETARCH
ARG TARGETVARIANT ARG TARGETVARIANT
WORKDIR /ak-root/poetry
ENV VENV_PATH="/ak-root/venv" \
POETRY_VIRTUALENVS_CREATE=false \
PATH="/ak-root/venv/bin:$PATH"
RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
ENV PATH="/root/.cargo/bin:$PATH"
RUN --mount=type=cache,id=apt-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/var/cache/apt \ RUN --mount=type=cache,id=apt-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/var/cache/apt \
apt-get update && \ apt-get update && \
# Required for installing pip packages # Required for installing pip packages
apt-get install -y --no-install-recommends build-essential pkg-config libpq-dev libkrb5-dev
RUN --mount=type=bind,target=./pyproject.toml,src=./pyproject.toml \
--mount=type=bind,target=./poetry.lock,src=./poetry.lock \
--mount=type=cache,target=/root/.cache/pip \
--mount=type=cache,target=/root/.cache/pypoetry \
pip install --no-cache cffi && \
apt-get update && \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
build-essential libffi-dev \ # Build essentials
# Required for cryptography build-essential pkg-config libffi-dev git \
curl pkg-config \ # cryptography
# Required for lxml curl \
libxslt-dev zlib1g-dev \ # libxml
# Required for xmlsec libxslt-dev zlib1g-dev \
libltdl-dev \ # postgresql
# Required for kadmin libpq-dev \
sccache clang && \ # python-kadmin-rs
curl https://sh.rustup.rs -sSf | sh -s -- -y && \ clang libkrb5-dev sccache \
. "$HOME/.cargo/env" && \ # xmlsec
python -m venv /ak-root/venv/ && \ libltdl-dev && \
bash -c "source ${VENV_PATH}/bin/activate && \ curl https://sh.rustup.rs -sSf | sh -s -- -y
pip3 install --upgrade pip poetry && \
poetry config --local installer.no-binary cryptography,xmlsec,lxml,python-kadmin-rs && \
poetry install --only=main --no-ansi --no-interaction --no-root && \
pip uninstall cryptography -y && \
poetry install --only=main --no-ansi --no-interaction --no-root"
# Stage 6: Run ENV UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec"
FROM ghcr.io/goauthentik/fips-python:3.12.8-slim-bookworm-fips AS final-image
RUN --mount=type=bind,target=pyproject.toml,src=pyproject.toml \
--mount=type=bind,target=uv.lock,src=uv.lock \
--mount=type=cache,target=/root/.cache/uv \
uv sync --frozen --no-install-project --no-dev
# Stage 7: Run
FROM python-base AS final-image
ARG VERSION ARG VERSION
ARG GIT_BUILD_HASH ARG GIT_BUILD_HASH
@ -171,7 +158,7 @@ RUN apt-get update && \
COPY ./authentik/ /authentik COPY ./authentik/ /authentik
COPY ./pyproject.toml / COPY ./pyproject.toml /
COPY ./poetry.lock / COPY ./uv.lock /
COPY ./schemas /schemas COPY ./schemas /schemas
COPY ./locale /locale COPY ./locale /locale
COPY ./tests /tests COPY ./tests /tests
@ -180,10 +167,9 @@ COPY ./blueprints /blueprints
COPY ./lifecycle/ /lifecycle COPY ./lifecycle/ /lifecycle
COPY ./authentik/sources/kerberos/krb5.conf /etc/krb5.conf COPY ./authentik/sources/kerberos/krb5.conf /etc/krb5.conf
COPY --from=go-builder /go/authentik /bin/authentik COPY --from=go-builder /go/authentik /bin/authentik
COPY --from=python-deps /ak-root/venv /ak-root/venv COPY --from=python-deps /ak-root/.venv /ak-root/.venv
COPY --from=web-builder /work/web/dist/ /web/dist/ COPY --from=node-builder /work/web/dist/ /web/dist/
COPY --from=web-builder /work/web/authentik/ /web/authentik/ COPY --from=node-builder /work/web/authentik/ /web/authentik/
COPY --from=website-builder /work/website/build/ /website/help/
COPY --from=geoip /usr/share/GeoIP /geoip COPY --from=geoip /usr/share/GeoIP /geoip
USER 1000 USER 1000
@ -191,9 +177,6 @@ USER 1000
ENV TMPDIR=/dev/shm/ \ ENV TMPDIR=/dev/shm/ \
PYTHONDONTWRITEBYTECODE=1 \ PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \ PYTHONUNBUFFERED=1 \
PATH="/ak-root/venv/bin:/lifecycle:$PATH" \
VENV_PATH="/ak-root/venv" \
POETRY_VIRTUALENVS_CREATE=false \
GOFIPS=1 GOFIPS=1
HEALTHCHECK --interval=30s --timeout=30s --start-period=60s --retries=3 CMD [ "ak", "healthcheck" ] HEALTHCHECK --interval=30s --timeout=30s --start-period=60s --retries=3 CMD [ "ak", "healthcheck" ]

129
Makefile
View File

@ -1,37 +1,21 @@
.PHONY: gen dev-reset all clean test web website .PHONY: gen dev-reset all clean test web website
.SHELLFLAGS += ${SHELLFLAGS} -e SHELL := /usr/bin/env bash
.SHELLFLAGS += ${SHELLFLAGS} -e -o pipefail
PWD = $(shell pwd) PWD = $(shell pwd)
UID = $(shell id -u) UID = $(shell id -u)
GID = $(shell id -g) GID = $(shell id -g)
NPM_VERSION = $(shell python -m scripts.npm_version) NPM_VERSION = $(shell python -m scripts.generate_semver)
PY_SOURCES = authentik tests scripts lifecycle .github PY_SOURCES = authentik tests scripts lifecycle .github
GO_SOURCES = cmd internal
WEB_SOURCES = web/src web/packages
DOCKER_IMAGE ?= "authentik:test" DOCKER_IMAGE ?= "authentik:test"
GEN_API_TS = "gen-ts-api" GEN_API_TS = gen-ts-api
GEN_API_PY = "gen-py-api" GEN_API_PY = gen-py-api
GEN_API_GO = "gen-go-api" GEN_API_GO = gen-go-api
pg_user := $(shell python -m authentik.lib.config postgresql.user 2>/dev/null) pg_user := $(shell uv run python -m authentik.lib.config postgresql.user 2>/dev/null)
pg_host := $(shell python -m authentik.lib.config postgresql.host 2>/dev/null) pg_host := $(shell uv run python -m authentik.lib.config postgresql.host 2>/dev/null)
pg_name := $(shell python -m authentik.lib.config postgresql.name 2>/dev/null) pg_name := $(shell uv run python -m authentik.lib.config postgresql.name 2>/dev/null)
CODESPELL_ARGS = -D - -D .github/codespell-dictionary.txt \
-I .github/codespell-words.txt \
-S 'web/src/locales/**' \
-S 'website/docs/developer-docs/api/reference/**' \
-S '**/node_modules/**' \
-S '**/dist/**' \
$(PY_SOURCES) \
$(GO_SOURCES) \
$(WEB_SOURCES) \
website/src \
website/blog \
website/docs \
website/integrations \
website/src
all: lint-fix lint test gen web ## Lint, build, and test everything all: lint-fix lint test gen web ## Lint, build, and test everything
@ -49,34 +33,37 @@ go-test:
go test -timeout 0 -v -race -cover ./... go test -timeout 0 -v -race -cover ./...
test: ## Run the server tests and produce a coverage report (locally) test: ## Run the server tests and produce a coverage report (locally)
coverage run manage.py test --keepdb authentik uv run coverage run manage.py test --keepdb authentik
coverage html uv run coverage html
coverage report uv run coverage report
lint-fix: lint-codespell ## Lint and automatically fix errors in the python source code. Reports spelling errors. lint-fix: lint-codespell ## Lint and automatically fix errors in the python source code. Reports spelling errors.
black $(PY_SOURCES) uv run black $(PY_SOURCES)
ruff check --fix $(PY_SOURCES) uv run ruff check --fix $(PY_SOURCES)
lint-codespell: ## Reports spelling errors. lint-codespell: ## Reports spelling errors.
codespell -w $(CODESPELL_ARGS) uv run codespell -w
lint: ## Lint the python and golang sources lint: ## Lint the python and golang sources
bandit -r $(PY_SOURCES) -x web/node_modules -x tests/wdio/node_modules -x website/node_modules uv run bandit -c pyproject.toml -r $(PY_SOURCES)
golangci-lint run -v golangci-lint run -v
core-install: core-install:
poetry install uv sync --frozen
migrate: ## Run the Authentik Django server's migrations migrate: ## Run the Authentik Django server's migrations
python -m lifecycle.migrate uv run python -m lifecycle.migrate
i18n-extract: core-i18n-extract web-i18n-extract ## Extract strings that require translation into files to send to a translation service i18n-extract: core-i18n-extract web-i18n-extract ## Extract strings that require translation into files to send to a translation service
aws-cfn: aws-cfn:
cd lifecycle/aws && npm run aws-cfn cd lifecycle/aws && npm run aws-cfn
run: ## Run the main authentik server process
uv run ak server
core-i18n-extract: core-i18n-extract:
ak makemessages \ uv run ak makemessages \
--add-location file \ --add-location file \
--no-obsolete \ --no-obsolete \
--ignore web \ --ignore web \
@ -99,6 +86,10 @@ dev-create-db:
dev-reset: dev-drop-db dev-create-db migrate ## Drop and restore the Authentik PostgreSQL instance to a "fresh install" state. dev-reset: dev-drop-db dev-create-db migrate ## Drop and restore the Authentik PostgreSQL instance to a "fresh install" state.
update-test-mmdb: ## Update test GeoIP and ASN Databases
curl -L https://raw.githubusercontent.com/maxmind/MaxMind-DB/refs/heads/main/test-data/GeoLite2-ASN-Test.mmdb -o ${PWD}/tests/GeoLite2-ASN-Test.mmdb
curl -L https://raw.githubusercontent.com/maxmind/MaxMind-DB/refs/heads/main/test-data/GeoLite2-City-Test.mmdb -o ${PWD}/tests/GeoLite2-City-Test.mmdb
######################### #########################
## API Schema ## API Schema
######################### #########################
@ -107,11 +98,11 @@ gen-build: ## Extract the schema from the database
AUTHENTIK_DEBUG=true \ AUTHENTIK_DEBUG=true \
AUTHENTIK_TENANTS__ENABLED=true \ AUTHENTIK_TENANTS__ENABLED=true \
AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true \ AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true \
ak make_blueprint_schema > blueprints/schema.json uv run ak make_blueprint_schema --file blueprints/schema.json
AUTHENTIK_DEBUG=true \ AUTHENTIK_DEBUG=true \
AUTHENTIK_TENANTS__ENABLED=true \ AUTHENTIK_TENANTS__ENABLED=true \
AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true \ AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST=true \
ak spectacular --file schema.yml uv run ak spectacular --file schema.yml
gen-changelog: ## (Release) generate the changelog based from the commits since the last tag gen-changelog: ## (Release) generate the changelog based from the commits since the last tag
git log --pretty=format:" - %s" $(shell git describe --tags $(shell git rev-list --tags --max-count=1))...$(shell git branch --show-current) | sort > changelog.md git log --pretty=format:" - %s" $(shell git describe --tags $(shell git rev-list --tags --max-count=1))...$(shell git branch --show-current) | sort > changelog.md
@ -131,14 +122,19 @@ gen-diff: ## (Release) generate the changelog diff between the current schema a
npx prettier --write diff.md npx prettier --write diff.md
gen-clean-ts: ## Remove generated API client for Typescript gen-clean-ts: ## Remove generated API client for Typescript
rm -rf ./${GEN_API_TS}/ rm -rf ${PWD}/${GEN_API_TS}/
rm -rf ./web/node_modules/@goauthentik/api/ rm -rf ${PWD}/web/node_modules/@goauthentik/api/
gen-clean-go: ## Remove generated API client for Go gen-clean-go: ## Remove generated API client for Go
rm -rf ./${GEN_API_GO}/ mkdir -p ${PWD}/${GEN_API_GO}
ifneq ($(wildcard ${PWD}/${GEN_API_GO}/.*),)
make -C ${PWD}/${GEN_API_GO} clean
else
rm -rf ${PWD}/${GEN_API_GO}
endif
gen-clean-py: ## Remove generated API client for Python gen-clean-py: ## Remove generated API client for Python
rm -rf ./${GEN_API_PY}/ rm -rf ${PWD}/${GEN_API_PY}/
gen-clean: gen-clean-ts gen-clean-go gen-clean-py ## Remove generated API clients gen-clean: gen-clean-ts gen-clean-go gen-clean-py ## Remove generated API clients
@ -154,15 +150,15 @@ gen-client-ts: gen-clean-ts ## Build and install the authentik API for Typescri
--additional-properties=npmVersion=${NPM_VERSION} \ --additional-properties=npmVersion=${NPM_VERSION} \
--git-repo-id authentik \ --git-repo-id authentik \
--git-user-id goauthentik --git-user-id goauthentik
mkdir -p web/node_modules/@goauthentik/api
cd ./${GEN_API_TS} && npm i cd ${PWD}/${GEN_API_TS} && npm link
\cp -rf ./${GEN_API_TS}/* web/node_modules/@goauthentik/api cd ${PWD}/web && npm link @goauthentik/api
gen-client-py: gen-clean-py ## Build and install the authentik API for Python gen-client-py: gen-clean-py ## Build and install the authentik API for Python
docker run \ docker run \
--rm -v ${PWD}:/local \ --rm -v ${PWD}:/local \
--user ${UID}:${GID} \ --user ${UID}:${GID} \
docker.io/openapitools/openapi-generator-cli:v7.4.0 generate \ docker.io/openapitools/openapi-generator-cli:v7.11.0 generate \
-i /local/schema.yml \ -i /local/schema.yml \
-g python \ -g python \
-o /local/${GEN_API_PY} \ -o /local/${GEN_API_PY} \
@ -170,27 +166,20 @@ gen-client-py: gen-clean-py ## Build and install the authentik API for Python
--additional-properties=packageVersion=${NPM_VERSION} \ --additional-properties=packageVersion=${NPM_VERSION} \
--git-repo-id authentik \ --git-repo-id authentik \
--git-user-id goauthentik --git-user-id goauthentik
pip install ./${GEN_API_PY}
gen-client-go: gen-clean-go ## Build and install the authentik API for Golang gen-client-go: gen-clean-go ## Build and install the authentik API for Golang
mkdir -p ./${GEN_API_GO} ./${GEN_API_GO}/templates mkdir -p ${PWD}/${GEN_API_GO}
wget https://raw.githubusercontent.com/goauthentik/client-go/main/config.yaml -O ./${GEN_API_GO}/config.yaml ifeq ($(wildcard ${PWD}/${GEN_API_GO}/.*),)
wget https://raw.githubusercontent.com/goauthentik/client-go/main/templates/README.mustache -O ./${GEN_API_GO}/templates/README.mustache git clone --depth 1 https://github.com/goauthentik/client-go.git ${PWD}/${GEN_API_GO}
wget https://raw.githubusercontent.com/goauthentik/client-go/main/templates/go.mod.mustache -O ./${GEN_API_GO}/templates/go.mod.mustache else
cp schema.yml ./${GEN_API_GO}/ cd ${PWD}/${GEN_API_GO} && git pull
docker run \ endif
--rm -v ${PWD}/${GEN_API_GO}:/local \ cp ${PWD}/schema.yml ${PWD}/${GEN_API_GO}
--user ${UID}:${GID} \ make -C ${PWD}/${GEN_API_GO} build
docker.io/openapitools/openapi-generator-cli:v6.5.0 generate \
-i /local/schema.yml \
-g go \
-o /local/ \
-c /local/config.yaml
go mod edit -replace goauthentik.io/api/v3=./${GEN_API_GO} go mod edit -replace goauthentik.io/api/v3=./${GEN_API_GO}
rm -rf ./${GEN_API_GO}/config.yaml ./${GEN_API_GO}/templates/
gen-dev-config: ## Generate a local development config file gen-dev-config: ## Generate a local development config file
python -m scripts.generate_config uv run scripts/generate_config.py
gen: gen-build gen-client-ts gen: gen-build gen-client-ts
@ -258,7 +247,7 @@ docker: ## Build a docker image of the current source tree
DOCKER_BUILDKIT=1 docker build . --progress plain --tag ${DOCKER_IMAGE} DOCKER_BUILDKIT=1 docker build . --progress plain --tag ${DOCKER_IMAGE}
test-docker: test-docker:
BUILD=true ./scripts/test_docker.sh BUILD=true ${PWD}/scripts/test_docker.sh
######################### #########################
## CI ## CI
@ -271,21 +260,21 @@ ci--meta-debug:
node --version node --version
ci-black: ci--meta-debug ci-black: ci--meta-debug
black --check $(PY_SOURCES) uv run black --check $(PY_SOURCES)
ci-ruff: ci--meta-debug ci-ruff: ci--meta-debug
ruff check $(PY_SOURCES) uv run ruff check $(PY_SOURCES)
ci-codespell: ci--meta-debug ci-codespell: ci--meta-debug
codespell $(CODESPELL_ARGS) -s uv run codespell -s
ci-bandit: ci--meta-debug ci-bandit: ci--meta-debug
bandit -r $(PY_SOURCES) uv run bandit -r $(PY_SOURCES)
ci-pending-migrations: ci--meta-debug ci-pending-migrations: ci--meta-debug
ak makemigrations --check uv run ak makemigrations --check
ci-test: ci--meta-debug ci-test: ci--meta-debug
coverage run manage.py test --keepdb --randomly-seed ${CI_TEST_SEED} authentik uv run coverage run manage.py test --keepdb --randomly-seed ${CI_TEST_SEED} authentik
coverage report uv run coverage report
coverage xml uv run coverage xml

View File

@ -42,4 +42,4 @@ See [SECURITY.md](SECURITY.md)
## Adoption and Contributions ## Adoption and Contributions
Your organization uses authentik? We'd love to add your logo to the readme and our website! Email us @ hello@goauthentik.io or open a GitHub Issue/PR! For more information on how to contribute to authentik, please refer to our [CONTRIBUTING.md file](./CONTRIBUTING.md). Your organization uses authentik? We'd love to add your logo to the readme and our website! Email us @ hello@goauthentik.io or open a GitHub Issue/PR! For more information on how to contribute to authentik, please refer to our [contribution guide](https://docs.goauthentik.io/docs/developer-docs?utm_source=github).

View File

@ -2,7 +2,7 @@ authentik takes security very seriously. We follow the rules of [responsible di
## Independent audits and pentests ## Independent audits and pentests
We are committed to engaging in regular pentesting and security audits of authentik. Defining and adhering to a cadence of external testing ensures a stronger probability that our code base, our features, and our architecture is as secure and non-exploitable as possible. For more details about specfic audits and pentests, refer to "Audits and Certificates" in our [Security documentation](https://docs.goauthentik.io/docs/security). We are committed to engaging in regular pentesting and security audits of authentik. Defining and adhering to a cadence of external testing ensures a stronger probability that our code base, our features, and our architecture is as secure and non-exploitable as possible. For more details about specific audits and pentests, refer to "Audits and Certificates" in our [Security documentation](https://docs.goauthentik.io/docs/security).
## What authentik classifies as a CVE ## What authentik classifies as a CVE
@ -20,8 +20,8 @@ Even if the issue is not a CVE, we still greatly appreciate your help in hardeni
| Version | Supported | | Version | Supported |
| --------- | --------- | | --------- | --------- |
| 2024.10.x | ✅ | | 2025.4.x | ✅ |
| 2024.12.x | ✅ | | 2025.6.x | ✅ |
## Reporting a Vulnerability ## Reporting a Vulnerability

View File

@ -2,7 +2,7 @@
from os import environ from os import environ
__version__ = "2025.2.0" __version__ = "2025.6.3"
ENV_GIT_HASH_KEY = "GIT_BUILD_HASH" ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"

View File

@ -1,79 +0,0 @@
"""authentik administration metrics"""
from datetime import timedelta
from django.db.models.functions import ExtractHour
from drf_spectacular.utils import extend_schema, extend_schema_field
from guardian.shortcuts import get_objects_for_user
from rest_framework.fields import IntegerField, SerializerMethodField
from rest_framework.permissions import IsAuthenticated
from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework.views import APIView
from authentik.core.api.utils import PassiveSerializer
from authentik.events.models import EventAction
class CoordinateSerializer(PassiveSerializer):
"""Coordinates for diagrams"""
x_cord = IntegerField(read_only=True)
y_cord = IntegerField(read_only=True)
class LoginMetricsSerializer(PassiveSerializer):
"""Login Metrics per 1h"""
logins = SerializerMethodField()
logins_failed = SerializerMethodField()
authorizations = SerializerMethodField()
@extend_schema_field(CoordinateSerializer(many=True))
def get_logins(self, _):
"""Get successful logins per 8 hours for the last 7 days"""
user = self.context["user"]
return (
get_objects_for_user(user, "authentik_events.view_event").filter(
action=EventAction.LOGIN
)
# 3 data points per day, so 8 hour spans
.get_events_per(timedelta(days=7), ExtractHour, 7 * 3)
)
@extend_schema_field(CoordinateSerializer(many=True))
def get_logins_failed(self, _):
"""Get failed logins per 8 hours for the last 7 days"""
user = self.context["user"]
return (
get_objects_for_user(user, "authentik_events.view_event").filter(
action=EventAction.LOGIN_FAILED
)
# 3 data points per day, so 8 hour spans
.get_events_per(timedelta(days=7), ExtractHour, 7 * 3)
)
@extend_schema_field(CoordinateSerializer(many=True))
def get_authorizations(self, _):
"""Get successful authorizations per 8 hours for the last 7 days"""
user = self.context["user"]
return (
get_objects_for_user(user, "authentik_events.view_event").filter(
action=EventAction.AUTHORIZE_APPLICATION
)
# 3 data points per day, so 8 hour spans
.get_events_per(timedelta(days=7), ExtractHour, 7 * 3)
)
class AdministrationMetricsViewSet(APIView):
"""Login Metrics per 1h"""
permission_classes = [IsAuthenticated]
@extend_schema(responses={200: LoginMetricsSerializer(many=False)})
def get(self, request: Request) -> Response:
"""Login Metrics per 1h"""
serializer = LoginMetricsSerializer(True)
serializer.context["user"] = request.user
return Response(serializer.data)

View File

@ -59,7 +59,7 @@ class SystemInfoSerializer(PassiveSerializer):
if not isinstance(value, str): if not isinstance(value, str):
continue continue
actual_value = value actual_value = value
if raw_session in actual_value: if raw_session is not None and raw_session in actual_value:
actual_value = actual_value.replace( actual_value = actual_value.replace(
raw_session, SafeExceptionReporterFilter.cleansed_substitute raw_session, SafeExceptionReporterFilter.cleansed_substitute
) )

View File

@ -1,6 +1,7 @@
"""authentik administration overview""" """authentik administration overview"""
from django.core.cache import cache from django.core.cache import cache
from django_tenants.utils import get_public_schema_name
from drf_spectacular.utils import extend_schema from drf_spectacular.utils import extend_schema
from packaging.version import parse from packaging.version import parse
from rest_framework.fields import SerializerMethodField from rest_framework.fields import SerializerMethodField
@ -13,6 +14,7 @@ from authentik import __version__, get_build_hash
from authentik.admin.tasks import VERSION_CACHE_KEY, VERSION_NULL, update_latest_version from authentik.admin.tasks import VERSION_CACHE_KEY, VERSION_NULL, update_latest_version
from authentik.core.api.utils import PassiveSerializer from authentik.core.api.utils import PassiveSerializer
from authentik.outposts.models import Outpost from authentik.outposts.models import Outpost
from authentik.tenants.utils import get_current_tenant
class VersionSerializer(PassiveSerializer): class VersionSerializer(PassiveSerializer):
@ -35,6 +37,8 @@ class VersionSerializer(PassiveSerializer):
def get_version_latest(self, _) -> str: def get_version_latest(self, _) -> str:
"""Get latest version from cache""" """Get latest version from cache"""
if get_current_tenant().schema_name == get_public_schema_name():
return __version__
version_in_cache = cache.get(VERSION_CACHE_KEY) version_in_cache = cache.get(VERSION_CACHE_KEY)
if not version_in_cache: # pragma: no cover if not version_in_cache: # pragma: no cover
update_latest_version.delay() update_latest_version.delay()

View File

@ -14,3 +14,19 @@ class AuthentikAdminConfig(ManagedAppConfig):
label = "authentik_admin" label = "authentik_admin"
verbose_name = "authentik Admin" verbose_name = "authentik Admin"
default = True default = True
@ManagedAppConfig.reconcile_global
def clear_update_notifications(self):
"""Clear update notifications on startup if the notification was for the version
we're running now."""
from packaging.version import parse
from authentik.admin.tasks import LOCAL_VERSION
from authentik.events.models import EventAction, Notification
for notification in Notification.objects.filter(event__action=EventAction.UPDATE_AVAILABLE):
if "new_version" not in notification.event.context:
continue
notification_version = notification.event.context["new_version"]
if LOCAL_VERSION >= parse(notification_version):
notification.delete()

View File

@ -1,6 +1,7 @@
"""authentik admin settings""" """authentik admin settings"""
from celery.schedules import crontab from celery.schedules import crontab
from django_tenants.utils import get_public_schema_name
from authentik.lib.utils.time import fqdn_rand from authentik.lib.utils.time import fqdn_rand
@ -8,6 +9,7 @@ CELERY_BEAT_SCHEDULE = {
"admin_latest_version": { "admin_latest_version": {
"task": "authentik.admin.tasks.update_latest_version", "task": "authentik.admin.tasks.update_latest_version",
"schedule": crontab(minute=fqdn_rand("admin_latest_version"), hour="*"), "schedule": crontab(minute=fqdn_rand("admin_latest_version"), hour="*"),
"tenant_schemas": [get_public_schema_name()],
"options": {"queue": "authentik_scheduled"}, "options": {"queue": "authentik_scheduled"},
} }
} }

View File

@ -1,7 +1,6 @@
"""authentik admin tasks""" """authentik admin tasks"""
from django.core.cache import cache from django.core.cache import cache
from django.db import DatabaseError, InternalError, ProgrammingError
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from packaging.version import parse from packaging.version import parse
from requests import RequestException from requests import RequestException
@ -9,7 +8,7 @@ from structlog.stdlib import get_logger
from authentik import __version__, get_build_hash from authentik import __version__, get_build_hash
from authentik.admin.apps import PROM_INFO from authentik.admin.apps import PROM_INFO
from authentik.events.models import Event, EventAction, Notification from authentik.events.models import Event, EventAction
from authentik.events.system_tasks import SystemTask, TaskStatus, prefill_task from authentik.events.system_tasks import SystemTask, TaskStatus, prefill_task
from authentik.lib.config import CONFIG from authentik.lib.config import CONFIG
from authentik.lib.utils.http import get_http_session from authentik.lib.utils.http import get_http_session
@ -33,20 +32,6 @@ def _set_prom_info():
) )
@CELERY_APP.task(
throws=(DatabaseError, ProgrammingError, InternalError),
)
def clear_update_notifications():
"""Clear update notifications on startup if the notification was for the version
we're running now."""
for notification in Notification.objects.filter(event__action=EventAction.UPDATE_AVAILABLE):
if "new_version" not in notification.event.context:
continue
notification_version = notification.event.context["new_version"]
if LOCAL_VERSION >= parse(notification_version):
notification.delete()
@CELERY_APP.task(bind=True, base=SystemTask) @CELERY_APP.task(bind=True, base=SystemTask)
@prefill_task @prefill_task
def update_latest_version(self: SystemTask): def update_latest_version(self: SystemTask):

View File

@ -36,11 +36,6 @@ class TestAdminAPI(TestCase):
body = loads(response.content) body = loads(response.content)
self.assertEqual(len(body), 0) self.assertEqual(len(body), 0)
def test_metrics(self):
"""Test metrics API"""
response = self.client.get(reverse("authentik_api:admin_metrics"))
self.assertEqual(response.status_code, 200)
def test_apps(self): def test_apps(self):
"""Test apps API""" """Test apps API"""
response = self.client.get(reverse("authentik_api:apps-list")) response = self.client.get(reverse("authentik_api:apps-list"))

View File

@ -1,12 +1,12 @@
"""test admin tasks""" """test admin tasks"""
from django.apps import apps
from django.core.cache import cache from django.core.cache import cache
from django.test import TestCase from django.test import TestCase
from requests_mock import Mocker from requests_mock import Mocker
from authentik.admin.tasks import ( from authentik.admin.tasks import (
VERSION_CACHE_KEY, VERSION_CACHE_KEY,
clear_update_notifications,
update_latest_version, update_latest_version,
) )
from authentik.events.models import Event, EventAction from authentik.events.models import Event, EventAction
@ -72,12 +72,13 @@ class TestAdminTasks(TestCase):
def test_clear_update_notifications(self): def test_clear_update_notifications(self):
"""Test clear of previous notification""" """Test clear of previous notification"""
admin_config = apps.get_app_config("authentik_admin")
Event.objects.create( Event.objects.create(
action=EventAction.UPDATE_AVAILABLE, context={"new_version": "99999999.9999999.9999999"} action=EventAction.UPDATE_AVAILABLE, context={"new_version": "99999999.9999999.9999999"}
) )
Event.objects.create(action=EventAction.UPDATE_AVAILABLE, context={"new_version": "1.1.1"}) Event.objects.create(action=EventAction.UPDATE_AVAILABLE, context={"new_version": "1.1.1"})
Event.objects.create(action=EventAction.UPDATE_AVAILABLE, context={}) Event.objects.create(action=EventAction.UPDATE_AVAILABLE, context={})
clear_update_notifications() admin_config.clear_update_notifications()
self.assertFalse( self.assertFalse(
Event.objects.filter( Event.objects.filter(
action=EventAction.UPDATE_AVAILABLE, context__new_version="1.1" action=EventAction.UPDATE_AVAILABLE, context__new_version="1.1"

View File

@ -3,7 +3,6 @@
from django.urls import path from django.urls import path
from authentik.admin.api.meta import AppsViewSet, ModelViewSet from authentik.admin.api.meta import AppsViewSet, ModelViewSet
from authentik.admin.api.metrics import AdministrationMetricsViewSet
from authentik.admin.api.system import SystemView from authentik.admin.api.system import SystemView
from authentik.admin.api.version import VersionView from authentik.admin.api.version import VersionView
from authentik.admin.api.version_history import VersionHistoryViewSet from authentik.admin.api.version_history import VersionHistoryViewSet
@ -12,11 +11,6 @@ from authentik.admin.api.workers import WorkerView
api_urlpatterns = [ api_urlpatterns = [
("admin/apps", AppsViewSet, "apps"), ("admin/apps", AppsViewSet, "apps"),
("admin/models", ModelViewSet, "models"), ("admin/models", ModelViewSet, "models"),
path(
"admin/metrics/",
AdministrationMetricsViewSet.as_view(),
name="admin_metrics",
),
path("admin/version/", VersionView.as_view(), name="admin_version"), path("admin/version/", VersionView.as_view(), name="admin_version"),
("admin/version/history", VersionHistoryViewSet, "version_history"), ("admin/version/history", VersionHistoryViewSet, "version_history"),
path("admin/workers/", WorkerView.as_view(), name="admin_workers"), path("admin/workers/", WorkerView.as_view(), name="admin_workers"),

View File

@ -1,12 +1,13 @@
"""authentik API AppConfig""" """authentik API AppConfig"""
from django.apps import AppConfig from authentik.blueprints.apps import ManagedAppConfig
class AuthentikAPIConfig(AppConfig): class AuthentikAPIConfig(ManagedAppConfig):
"""authentik API Config""" """authentik API Config"""
name = "authentik.api" name = "authentik.api"
label = "authentik_api" label = "authentik_api"
mountpoint = "api/" mountpoint = "api/"
verbose_name = "authentik API" verbose_name = "authentik API"
default = True

View File

@ -1,9 +1,12 @@
"""API Authentication""" """API Authentication"""
from hmac import compare_digest from hmac import compare_digest
from pathlib import Path
from tempfile import gettempdir
from typing import Any from typing import Any
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import AnonymousUser
from drf_spectacular.extensions import OpenApiAuthenticationExtension from drf_spectacular.extensions import OpenApiAuthenticationExtension
from rest_framework.authentication import BaseAuthentication, get_authorization_header from rest_framework.authentication import BaseAuthentication, get_authorization_header
from rest_framework.exceptions import AuthenticationFailed from rest_framework.exceptions import AuthenticationFailed
@ -11,11 +14,17 @@ from rest_framework.request import Request
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.core.middleware import CTX_AUTH_VIA from authentik.core.middleware import CTX_AUTH_VIA
from authentik.core.models import Token, TokenIntents, User from authentik.core.models import Token, TokenIntents, User, UserTypes
from authentik.outposts.models import Outpost from authentik.outposts.models import Outpost
from authentik.providers.oauth2.constants import SCOPE_AUTHENTIK_API from authentik.providers.oauth2.constants import SCOPE_AUTHENTIK_API
LOGGER = get_logger() LOGGER = get_logger()
_tmp = Path(gettempdir())
try:
with open(_tmp / "authentik-core-ipc.key") as _f:
ipc_key = _f.read()
except OSError:
ipc_key = None
def validate_auth(header: bytes) -> str | None: def validate_auth(header: bytes) -> str | None:
@ -73,6 +82,11 @@ def auth_user_lookup(raw_header: bytes) -> User | None:
if user: if user:
CTX_AUTH_VIA.set("secret_key") CTX_AUTH_VIA.set("secret_key")
return user return user
# then try to auth via secret key (for embedded outpost/etc)
user = token_ipc(auth_credentials)
if user:
CTX_AUTH_VIA.set("ipc")
return user
raise AuthenticationFailed("Token invalid/expired") raise AuthenticationFailed("Token invalid/expired")
@ -90,6 +104,43 @@ def token_secret_key(value: str) -> User | None:
return outpost.user return outpost.user
class IPCUser(AnonymousUser):
"""'Virtual' user for IPC communication between authentik core and the authentik router"""
username = "authentik:system"
is_active = True
is_superuser = True
@property
def type(self):
return UserTypes.INTERNAL_SERVICE_ACCOUNT
def has_perm(self, perm, obj=None):
return True
def has_perms(self, perm_list, obj=None):
return True
def has_module_perms(self, module):
return True
@property
def is_anonymous(self):
return False
@property
def is_authenticated(self):
return True
def token_ipc(value: str) -> User | None:
"""Check if the token is the secret key
and return the service account for the managed outpost"""
if not ipc_key or not compare_digest(value, ipc_key):
return None
return IPCUser()
class TokenAuthentication(BaseAuthentication): class TokenAuthentication(BaseAuthentication):
"""Token-based authentication using HTTP Bearer authentication""" """Token-based authentication using HTTP Bearer authentication"""

View File

@ -54,7 +54,7 @@ def create_component(generator: SchemaGenerator, name, schema, type_=ResolvedCom
return component return component
def postprocess_schema_responses(result, generator: SchemaGenerator, **kwargs): # noqa: W0613 def postprocess_schema_responses(result, generator: SchemaGenerator, **kwargs):
"""Workaround to set a default response for endpoints. """Workaround to set a default response for endpoints.
Workaround suggested at Workaround suggested at
<https://github.com/tfranzel/drf-spectacular/issues/119#issuecomment-656970357> <https://github.com/tfranzel/drf-spectacular/issues/119#issuecomment-656970357>

View File

@ -7,7 +7,7 @@ from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField, DateTimeField from rest_framework.fields import CharField, DateTimeField
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.serializers import ListSerializer, ModelSerializer from rest_framework.serializers import ListSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.blueprints.models import BlueprintInstance from authentik.blueprints.models import BlueprintInstance
@ -15,7 +15,7 @@ from authentik.blueprints.v1.importer import Importer
from authentik.blueprints.v1.oci import OCI_PREFIX from authentik.blueprints.v1.oci import OCI_PREFIX
from authentik.blueprints.v1.tasks import apply_blueprint, blueprints_find_dict from authentik.blueprints.v1.tasks import apply_blueprint, blueprints_find_dict
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import JSONDictField, PassiveSerializer from authentik.core.api.utils import JSONDictField, ModelSerializer, PassiveSerializer
from authentik.rbac.decorators import permission_required from authentik.rbac.decorators import permission_required

View File

@ -72,20 +72,33 @@ class Command(BaseCommand):
"additionalProperties": True, "additionalProperties": True,
}, },
"entries": { "entries": {
"type": "array", "anyOf": [
"items": { {
"oneOf": [], "type": "array",
}, "items": {"$ref": "#/$defs/blueprint_entry"},
},
{
"type": "object",
"additionalProperties": {
"type": "array",
"items": {"$ref": "#/$defs/blueprint_entry"},
},
},
],
}, },
}, },
"$defs": {}, "$defs": {"blueprint_entry": {"oneOf": []}},
} }
def add_arguments(self, parser):
parser.add_argument("--file", type=str)
@no_translations @no_translations
def handle(self, *args, **options): def handle(self, *args, file: str, **options):
"""Generate JSON Schema for blueprints""" """Generate JSON Schema for blueprints"""
self.build() self.build()
self.stdout.write(dumps(self.schema, indent=4, default=Command.json_default)) with open(file, "w") as _schema:
_schema.write(dumps(self.schema, indent=4, default=Command.json_default))
@staticmethod @staticmethod
def json_default(value: Any) -> Any: def json_default(value: Any) -> Any:
@ -112,7 +125,7 @@ class Command(BaseCommand):
} }
) )
model_path = f"{model._meta.app_label}.{model._meta.model_name}" model_path = f"{model._meta.app_label}.{model._meta.model_name}"
self.schema["properties"]["entries"]["items"]["oneOf"].append( self.schema["$defs"]["blueprint_entry"]["oneOf"].append(
self.template_entry(model_path, model, serializer) self.template_entry(model_path, model, serializer)
) )
@ -134,7 +147,7 @@ class Command(BaseCommand):
"id": {"type": "string"}, "id": {"type": "string"},
"state": { "state": {
"type": "string", "type": "string",
"enum": [s.value for s in BlueprintEntryDesiredState], "enum": sorted([s.value for s in BlueprintEntryDesiredState]),
"default": "present", "default": "present",
}, },
"conditions": {"type": "array", "items": {"type": "boolean"}}, "conditions": {"type": "array", "items": {"type": "boolean"}},
@ -205,7 +218,7 @@ class Command(BaseCommand):
"type": "object", "type": "object",
"required": ["permission"], "required": ["permission"],
"properties": { "properties": {
"permission": {"type": "string", "enum": perms}, "permission": {"type": "string", "enum": sorted(perms)},
"user": {"type": "integer"}, "user": {"type": "integer"},
"role": {"type": "string"}, "role": {"type": "string"},
}, },

View File

@ -1,10 +1,11 @@
version: 1 version: 1
entries: entries:
- identifiers: foo:
name: "%(id)s" - identifiers:
slug: "%(id)s" name: "%(id)s"
model: authentik_flows.flow slug: "%(id)s"
state: present model: authentik_flows.flow
attrs: state: present
designation: stage_configuration attrs:
title: foo designation: stage_configuration
title: foo

View File

@ -37,6 +37,7 @@ entries:
- attrs: - attrs:
attributes: attributes:
env_null: !Env [bar-baz, null] env_null: !Env [bar-baz, null]
json_parse: !ParseJSON '{"foo": "bar"}'
policy_pk1: policy_pk1:
!Format [ !Format [
"%s-%s", "%s-%s",

View File

@ -0,0 +1,14 @@
from django.test import TestCase
from authentik.blueprints.apps import ManagedAppConfig
from authentik.enterprise.apps import EnterpriseConfig
from authentik.lib.utils.reflection import get_apps
class TestManagedAppConfig(TestCase):
def test_apps_use_managed_app_config(self):
for app in get_apps():
if app.name.startswith("authentik.enterprise"):
self.assertIn(EnterpriseConfig, app.__class__.__bases__)
else:
self.assertIn(ManagedAppConfig, app.__class__.__bases__)

View File

@ -35,6 +35,6 @@ def blueprint_tester(file_name: Path) -> Callable:
for blueprint_file in Path("blueprints/").glob("**/*.yaml"): for blueprint_file in Path("blueprints/").glob("**/*.yaml"):
if "local" in str(blueprint_file): if "local" in str(blueprint_file) or "testing" in str(blueprint_file):
continue continue
setattr(TestPackaged, f"test_blueprint_{blueprint_file}", blueprint_tester(blueprint_file)) setattr(TestPackaged, f"test_blueprint_{blueprint_file}", blueprint_tester(blueprint_file))

View File

@ -5,7 +5,6 @@ from collections.abc import Callable
from django.apps import apps from django.apps import apps
from django.test import TestCase from django.test import TestCase
from authentik.blueprints.v1.importer import is_model_allowed
from authentik.lib.models import SerializerModel from authentik.lib.models import SerializerModel
from authentik.providers.oauth2.models import RefreshToken from authentik.providers.oauth2.models import RefreshToken
@ -22,10 +21,13 @@ def serializer_tester_factory(test_model: type[SerializerModel]) -> Callable:
return return
model_class = test_model() model_class = test_model()
self.assertTrue(isinstance(model_class, SerializerModel)) self.assertTrue(isinstance(model_class, SerializerModel))
# Models that have subclasses don't have to have a serializer
if len(test_model.__subclasses__()) > 0:
return
self.assertIsNotNone(model_class.serializer) self.assertIsNotNone(model_class.serializer)
if model_class.serializer.Meta().model == RefreshToken: if model_class.serializer.Meta().model == RefreshToken:
return return
self.assertEqual(model_class.serializer.Meta().model, test_model) self.assertTrue(issubclass(test_model, model_class.serializer.Meta().model))
return tester return tester
@ -34,6 +36,6 @@ for app in apps.get_app_configs():
if not app.label.startswith("authentik"): if not app.label.startswith("authentik"):
continue continue
for model in app.get_models(): for model in app.get_models():
if not is_model_allowed(model): if not issubclass(model, SerializerModel):
continue continue
setattr(TestModels, f"test_{app.label}_{model.__name__}", serializer_tester_factory(model)) setattr(TestModels, f"test_{app.label}_{model.__name__}", serializer_tester_factory(model))

View File

@ -215,6 +215,7 @@ class TestBlueprintsV1(TransactionTestCase):
}, },
"nested_context": "context-nested-value", "nested_context": "context-nested-value",
"env_null": None, "env_null": None,
"json_parse": {"foo": "bar"},
"at_index_sequence": "foo", "at_index_sequence": "foo",
"at_index_sequence_default": "non existent", "at_index_sequence_default": "non existent",
"at_index_mapping": 2, "at_index_mapping": 2,

View File

@ -6,6 +6,7 @@ from copy import copy
from dataclasses import asdict, dataclass, field, is_dataclass from dataclasses import asdict, dataclass, field, is_dataclass
from enum import Enum from enum import Enum
from functools import reduce from functools import reduce
from json import JSONDecodeError, loads
from operator import ixor from operator import ixor
from os import getenv from os import getenv
from typing import Any, Literal, Union from typing import Any, Literal, Union
@ -164,9 +165,7 @@ class BlueprintEntry:
"""Get the blueprint model, with yaml tags resolved if present""" """Get the blueprint model, with yaml tags resolved if present"""
return str(self.tag_resolver(self.model, blueprint)) return str(self.tag_resolver(self.model, blueprint))
def get_permissions( def get_permissions(self, blueprint: "Blueprint") -> Generator[BlueprintEntryPermission]:
self, blueprint: "Blueprint"
) -> Generator[BlueprintEntryPermission, None, None]:
"""Get permissions of this entry, with all yaml tags resolved""" """Get permissions of this entry, with all yaml tags resolved"""
for perm in self.permissions: for perm in self.permissions:
yield BlueprintEntryPermission( yield BlueprintEntryPermission(
@ -193,11 +192,18 @@ class Blueprint:
"""Dataclass used for a full export""" """Dataclass used for a full export"""
version: int = field(default=1) version: int = field(default=1)
entries: list[BlueprintEntry] = field(default_factory=list) entries: list[BlueprintEntry] | dict[str, list[BlueprintEntry]] = field(default_factory=list)
context: dict = field(default_factory=dict) context: dict = field(default_factory=dict)
metadata: BlueprintMetadata | None = field(default=None) metadata: BlueprintMetadata | None = field(default=None)
def iter_entries(self) -> Iterable[BlueprintEntry]:
if isinstance(self.entries, dict):
for _section, entries in self.entries.items():
yield from entries
else:
yield from self.entries
class YAMLTag: class YAMLTag:
"""Base class for all YAML Tags""" """Base class for all YAML Tags"""
@ -228,7 +234,7 @@ class KeyOf(YAMLTag):
self.id_from = node.value self.id_from = node.value
def resolve(self, entry: BlueprintEntry, blueprint: Blueprint) -> Any: def resolve(self, entry: BlueprintEntry, blueprint: Blueprint) -> Any:
for _entry in blueprint.entries: for _entry in blueprint.iter_entries():
if _entry.id == self.id_from and _entry._state.instance: if _entry.id == self.id_from and _entry._state.instance:
# Special handling for PolicyBindingModels, as they'll have a different PK # Special handling for PolicyBindingModels, as they'll have a different PK
# which is used when creating policy bindings # which is used when creating policy bindings
@ -286,6 +292,22 @@ class Context(YAMLTag):
return value return value
class ParseJSON(YAMLTag):
"""Parse JSON from context/env/etc value"""
raw: str
def __init__(self, loader: "BlueprintLoader", node: ScalarNode) -> None:
super().__init__()
self.raw = node.value
def resolve(self, entry: BlueprintEntry, blueprint: Blueprint) -> Any:
try:
return loads(self.raw)
except JSONDecodeError as exc:
raise EntryInvalidError.from_entry(exc, entry) from exc
class Format(YAMLTag): class Format(YAMLTag):
"""Format a string""" """Format a string"""
@ -661,6 +683,7 @@ class BlueprintLoader(SafeLoader):
self.add_constructor("!Value", Value) self.add_constructor("!Value", Value)
self.add_constructor("!Index", Index) self.add_constructor("!Index", Index)
self.add_constructor("!AtIndex", AtIndex) self.add_constructor("!AtIndex", AtIndex)
self.add_constructor("!ParseJSON", ParseJSON)
class EntryInvalidError(SentryIgnoredException): class EntryInvalidError(SentryIgnoredException):

View File

@ -36,6 +36,7 @@ from authentik.core.models import (
GroupSourceConnection, GroupSourceConnection,
PropertyMapping, PropertyMapping,
Provider, Provider,
Session,
Source, Source,
User, User,
UserSourceConnection, UserSourceConnection,
@ -108,6 +109,7 @@ def excluded_models() -> list[type[Model]]:
Policy, Policy,
PolicyBindingModel, PolicyBindingModel,
# Classes that have other dependencies # Classes that have other dependencies
Session,
AuthenticatedSession, AuthenticatedSession,
# Classes which are only internally managed # Classes which are only internally managed
# FIXME: these shouldn't need to be explicitly listed, but rather based off of a mixin # FIXME: these shouldn't need to be explicitly listed, but rather based off of a mixin
@ -382,7 +384,7 @@ class Importer:
def _apply_models(self, raise_errors=False) -> bool: def _apply_models(self, raise_errors=False) -> bool:
"""Apply (create/update) models yaml""" """Apply (create/update) models yaml"""
self.__pk_map = {} self.__pk_map = {}
for entry in self._import.entries: for entry in self._import.iter_entries():
model_app_label, model_name = entry.get_model(self._import).split(".") model_app_label, model_name = entry.get_model(self._import).split(".")
try: try:
model: type[SerializerModel] = registry.get_model(model_app_label, model_name) model: type[SerializerModel] = registry.get_model(model_app_label, model_name)

View File

@ -47,7 +47,7 @@ class MetaModelRegistry:
models = apps.get_models() models = apps.get_models()
for _, value in self.models.items(): for _, value in self.models.items():
models.append(value) models.append(value)
return models return sorted(models, key=str)
def get_model(self, app_label: str, model_id: str) -> type[Model]: def get_model(self, app_label: str, model_id: str) -> type[Model]:
"""Get model checks if any virtual models are registered, and falls back """Get model checks if any virtual models are registered, and falls back

View File

@ -49,6 +49,8 @@ class BrandSerializer(ModelSerializer):
"branding_title", "branding_title",
"branding_logo", "branding_logo",
"branding_favicon", "branding_favicon",
"branding_custom_css",
"branding_default_flow_background",
"flow_authentication", "flow_authentication",
"flow_invalidation", "flow_invalidation",
"flow_recovery", "flow_recovery",
@ -57,6 +59,7 @@ class BrandSerializer(ModelSerializer):
"flow_device_code", "flow_device_code",
"default_application", "default_application",
"web_certificate", "web_certificate",
"client_certificates",
"attributes", "attributes",
] ]
extra_kwargs = { extra_kwargs = {
@ -86,6 +89,7 @@ class CurrentBrandSerializer(PassiveSerializer):
branding_title = CharField() branding_title = CharField()
branding_logo = CharField(source="branding_logo_url") branding_logo = CharField(source="branding_logo_url")
branding_favicon = CharField(source="branding_favicon_url") branding_favicon = CharField(source="branding_favicon_url")
branding_custom_css = CharField()
ui_footer_links = ListField( ui_footer_links = ListField(
child=FooterLinkSerializer(), child=FooterLinkSerializer(),
read_only=True, read_only=True,
@ -117,6 +121,7 @@ class BrandViewSet(UsedByMixin, ModelViewSet):
"domain", "domain",
"branding_title", "branding_title",
"web_certificate__name", "web_certificate__name",
"client_certificates__name",
] ]
filterset_fields = [ filterset_fields = [
"brand_uuid", "brand_uuid",
@ -125,6 +130,7 @@ class BrandViewSet(UsedByMixin, ModelViewSet):
"branding_title", "branding_title",
"branding_logo", "branding_logo",
"branding_favicon", "branding_favicon",
"branding_default_flow_background",
"flow_authentication", "flow_authentication",
"flow_invalidation", "flow_invalidation",
"flow_recovery", "flow_recovery",
@ -132,6 +138,7 @@ class BrandViewSet(UsedByMixin, ModelViewSet):
"flow_user_settings", "flow_user_settings",
"flow_device_code", "flow_device_code",
"web_certificate", "web_certificate",
"client_certificates",
] ]
ordering = ["domain"] ordering = ["domain"]

View File

@ -1,9 +1,9 @@
"""authentik brands app""" """authentik brands app"""
from django.apps import AppConfig from authentik.blueprints.apps import ManagedAppConfig
class AuthentikBrandsConfig(AppConfig): class AuthentikBrandsConfig(ManagedAppConfig):
"""authentik Brand app""" """authentik Brand app"""
name = "authentik.brands" name = "authentik.brands"
@ -12,3 +12,4 @@ class AuthentikBrandsConfig(AppConfig):
mountpoints = { mountpoints = {
"authentik.brands.urls_root": "", "authentik.brands.urls_root": "",
} }
default = True

View File

@ -0,0 +1,35 @@
# Generated by Django 5.0.12 on 2025-02-22 01:51
from pathlib import Path
from django.db import migrations, models
from django.apps.registry import Apps
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
def migrate_custom_css(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
Brand = apps.get_model("authentik_brands", "brand")
db_alias = schema_editor.connection.alias
path = Path("/web/dist/custom.css")
if not path.exists():
return
css = path.read_text()
Brand.objects.using(db_alias).all().update(branding_custom_css=css)
class Migration(migrations.Migration):
dependencies = [
("authentik_brands", "0007_brand_default_application"),
]
operations = [
migrations.AddField(
model_name="brand",
name="branding_custom_css",
field=models.TextField(blank=True, default=""),
),
migrations.RunPython(migrate_custom_css),
]

View File

@ -0,0 +1,18 @@
# Generated by Django 5.0.13 on 2025-03-19 22:54
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_brands", "0008_brand_branding_custom_css"),
]
operations = [
migrations.AddField(
model_name="brand",
name="branding_default_flow_background",
field=models.TextField(default="/static/dist/assets/images/flow_background.jpg"),
),
]

View File

@ -0,0 +1,37 @@
# Generated by Django 5.1.9 on 2025-05-19 15:09
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_brands", "0009_brand_branding_default_flow_background"),
("authentik_crypto", "0004_alter_certificatekeypair_name"),
]
operations = [
migrations.AddField(
model_name="brand",
name="client_certificates",
field=models.ManyToManyField(
blank=True,
default=None,
help_text="Certificates used for client authentication.",
to="authentik_crypto.certificatekeypair",
),
),
migrations.AlterField(
model_name="brand",
name="web_certificate",
field=models.ForeignKey(
default=None,
help_text="Web Certificate used by the authentik Core webserver.",
null=True,
on_delete=django.db.models.deletion.SET_DEFAULT,
related_name="+",
to="authentik_crypto.certificatekeypair",
),
),
]

View File

@ -33,6 +33,10 @@ class Brand(SerializerModel):
branding_logo = models.TextField(default="/static/dist/assets/icons/icon_left_brand.svg") branding_logo = models.TextField(default="/static/dist/assets/icons/icon_left_brand.svg")
branding_favicon = models.TextField(default="/static/dist/assets/icons/icon.png") branding_favicon = models.TextField(default="/static/dist/assets/icons/icon.png")
branding_custom_css = models.TextField(default="", blank=True)
branding_default_flow_background = models.TextField(
default="/static/dist/assets/images/flow_background.jpg"
)
flow_authentication = models.ForeignKey( flow_authentication = models.ForeignKey(
Flow, null=True, on_delete=models.SET_NULL, related_name="brand_authentication" Flow, null=True, on_delete=models.SET_NULL, related_name="brand_authentication"
@ -69,6 +73,13 @@ class Brand(SerializerModel):
default=None, default=None,
on_delete=models.SET_DEFAULT, on_delete=models.SET_DEFAULT,
help_text=_("Web Certificate used by the authentik Core webserver."), help_text=_("Web Certificate used by the authentik Core webserver."),
related_name="+",
)
client_certificates = models.ManyToManyField(
CertificateKeyPair,
default=None,
blank=True,
help_text=_("Certificates used for client authentication."),
) )
attributes = models.JSONField(default=dict, blank=True) attributes = models.JSONField(default=dict, blank=True)
@ -84,6 +95,12 @@ class Brand(SerializerModel):
return CONFIG.get("web.path", "/")[:-1] + self.branding_favicon return CONFIG.get("web.path", "/")[:-1] + self.branding_favicon
return self.branding_favicon return self.branding_favicon
def branding_default_flow_background_url(self) -> str:
"""Get branding_default_flow_background with the correct prefix"""
if self.branding_default_flow_background.startswith("/static"):
return CONFIG.get("web.path", "/")[:-1] + self.branding_default_flow_background
return self.branding_default_flow_background
@property @property
def serializer(self) -> Serializer: def serializer(self) -> Serializer:
from authentik.brands.api import BrandSerializer from authentik.brands.api import BrandSerializer

View File

@ -24,6 +24,7 @@ class TestBrands(APITestCase):
"branding_logo": "/static/dist/assets/icons/icon_left_brand.svg", "branding_logo": "/static/dist/assets/icons/icon_left_brand.svg",
"branding_favicon": "/static/dist/assets/icons/icon.png", "branding_favicon": "/static/dist/assets/icons/icon.png",
"branding_title": "authentik", "branding_title": "authentik",
"branding_custom_css": "",
"matched_domain": brand.domain, "matched_domain": brand.domain,
"ui_footer_links": [], "ui_footer_links": [],
"ui_theme": Themes.AUTOMATIC, "ui_theme": Themes.AUTOMATIC,
@ -43,6 +44,7 @@ class TestBrands(APITestCase):
"branding_logo": "/static/dist/assets/icons/icon_left_brand.svg", "branding_logo": "/static/dist/assets/icons/icon_left_brand.svg",
"branding_favicon": "/static/dist/assets/icons/icon.png", "branding_favicon": "/static/dist/assets/icons/icon.png",
"branding_title": "custom", "branding_title": "custom",
"branding_custom_css": "",
"matched_domain": "bar.baz", "matched_domain": "bar.baz",
"ui_footer_links": [], "ui_footer_links": [],
"ui_theme": Themes.AUTOMATIC, "ui_theme": Themes.AUTOMATIC,
@ -59,6 +61,7 @@ class TestBrands(APITestCase):
"branding_logo": "/static/dist/assets/icons/icon_left_brand.svg", "branding_logo": "/static/dist/assets/icons/icon_left_brand.svg",
"branding_favicon": "/static/dist/assets/icons/icon.png", "branding_favicon": "/static/dist/assets/icons/icon.png",
"branding_title": "authentik", "branding_title": "authentik",
"branding_custom_css": "",
"matched_domain": "fallback", "matched_domain": "fallback",
"ui_footer_links": [], "ui_footer_links": [],
"ui_theme": Themes.AUTOMATIC, "ui_theme": Themes.AUTOMATIC,
@ -121,3 +124,38 @@ class TestBrands(APITestCase):
"subject": None, "subject": None,
}, },
) )
def test_branding_url(self):
"""Test branding attributes return correct values"""
brand = create_test_brand()
brand.branding_default_flow_background = "https://goauthentik.io/img/icon.png"
brand.branding_favicon = "https://goauthentik.io/img/icon.png"
brand.branding_logo = "https://goauthentik.io/img/icon.png"
brand.save()
self.assertEqual(
brand.branding_default_flow_background_url(), "https://goauthentik.io/img/icon.png"
)
self.assertJSONEqual(
self.client.get(reverse("authentik_api:brand-current")).content.decode(),
{
"branding_logo": "https://goauthentik.io/img/icon.png",
"branding_favicon": "https://goauthentik.io/img/icon.png",
"branding_title": "authentik",
"branding_custom_css": "",
"matched_domain": brand.domain,
"ui_footer_links": [],
"ui_theme": Themes.AUTOMATIC,
"default_locale": "",
},
)
def test_custom_css(self):
"""Test custom_css"""
brand = create_test_brand()
brand.branding_custom_css = """* {
font-family: "Foo bar";
}"""
brand.save()
res = self.client.get(reverse("authentik_core:if-user"))
self.assertEqual(res.status_code, 200)
self.assertIn(brand.branding_custom_css, res.content.decode())

View File

@ -5,10 +5,12 @@ from typing import Any
from django.db.models import F, Q from django.db.models import F, Q
from django.db.models import Value as V from django.db.models import Value as V
from django.http.request import HttpRequest from django.http.request import HttpRequest
from sentry_sdk import get_current_span from django.utils.html import _json_script_escapes
from django.utils.safestring import mark_safe
from authentik import get_full_version from authentik import get_full_version
from authentik.brands.models import Brand from authentik.brands.models import Brand
from authentik.lib.sentry import get_http_meta
from authentik.tenants.models import Tenant from authentik.tenants.models import Tenant
_q_default = Q(default=True) _q_default = Q(default=True)
@ -32,13 +34,14 @@ def context_processor(request: HttpRequest) -> dict[str, Any]:
"""Context Processor that injects brand object into every template""" """Context Processor that injects brand object into every template"""
brand = getattr(request, "brand", DEFAULT_BRAND) brand = getattr(request, "brand", DEFAULT_BRAND)
tenant = getattr(request, "tenant", Tenant()) tenant = getattr(request, "tenant", Tenant())
trace = "" # similarly to `json_script` we escape everything HTML-related, however django
span = get_current_span() # only directly exposes this as a function that also wraps it in a <script> tag
if span: # which we dont want for CSS
trace = span.to_traceparent() brand_css = mark_safe(str(brand.branding_custom_css).translate(_json_script_escapes)) # nosec
return { return {
"brand": brand, "brand": brand,
"brand_css": brand_css,
"footer_links": tenant.footer_links, "footer_links": tenant.footer_links,
"sentry_trace": trace, "html_meta": {**get_http_meta()},
"version": get_full_version(), "version": get_full_version(),
} }

View File

@ -2,11 +2,9 @@
from collections.abc import Iterator from collections.abc import Iterator
from copy import copy from copy import copy
from datetime import timedelta
from django.core.cache import cache from django.core.cache import cache
from django.db.models import QuerySet from django.db.models import QuerySet
from django.db.models.functions import ExtractHour
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from drf_spectacular.types import OpenApiTypes from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema
@ -20,7 +18,6 @@ from rest_framework.response import Response
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.admin.api.metrics import CoordinateSerializer
from authentik.api.pagination import Pagination from authentik.api.pagination import Pagination
from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT
from authentik.core.api.providers import ProviderSerializer from authentik.core.api.providers import ProviderSerializer
@ -28,7 +25,6 @@ from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import ModelSerializer from authentik.core.api.utils import ModelSerializer
from authentik.core.models import Application, User from authentik.core.models import Application, User
from authentik.events.logs import LogEventSerializer, capture_logs from authentik.events.logs import LogEventSerializer, capture_logs
from authentik.events.models import EventAction
from authentik.lib.utils.file import ( from authentik.lib.utils.file import (
FilePathSerializer, FilePathSerializer,
FileUploadSerializer, FileUploadSerializer,
@ -46,7 +42,7 @@ LOGGER = get_logger()
def user_app_cache_key(user_pk: str, page_number: int | None = None) -> str: def user_app_cache_key(user_pk: str, page_number: int | None = None) -> str:
"""Cache key where application list for user is saved""" """Cache key where application list for user is saved"""
key = f"{CACHE_PREFIX}/app_access/{user_pk}" key = f"{CACHE_PREFIX}app_access/{user_pk}"
if page_number: if page_number:
key += f"/{page_number}" key += f"/{page_number}"
return key return key
@ -321,18 +317,3 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
"""Set application icon (as URL)""" """Set application icon (as URL)"""
app: Application = self.get_object() app: Application = self.get_object()
return set_file_url(request, app, "meta_icon") return set_file_url(request, app, "meta_icon")
@permission_required("authentik_core.view_application", ["authentik_events.view_event"])
@extend_schema(responses={200: CoordinateSerializer(many=True)})
@action(detail=True, pagination_class=None, filter_backends=[])
def metrics(self, request: Request, slug: str):
"""Metrics for application logins"""
app = self.get_object()
return Response(
get_objects_for_user(request.user, "authentik_events.view_event").filter(
action=EventAction.AUTHORIZE_APPLICATION,
context__authorized_application__pk=app.pk.hex,
)
# 3 data points per day, so 8 hour spans
.get_events_per(timedelta(days=7), ExtractHour, 7 * 3)
)

View File

@ -5,6 +5,7 @@ from typing import TypedDict
from rest_framework import mixins from rest_framework import mixins
from rest_framework.fields import SerializerMethodField from rest_framework.fields import SerializerMethodField
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.serializers import CharField, DateTimeField, IPAddressField
from rest_framework.viewsets import GenericViewSet from rest_framework.viewsets import GenericViewSet
from ua_parser import user_agent_parser from ua_parser import user_agent_parser
@ -54,6 +55,11 @@ class UserAgentDict(TypedDict):
class AuthenticatedSessionSerializer(ModelSerializer): class AuthenticatedSessionSerializer(ModelSerializer):
"""AuthenticatedSession Serializer""" """AuthenticatedSession Serializer"""
expires = DateTimeField(source="session.expires", read_only=True)
last_ip = IPAddressField(source="session.last_ip", read_only=True)
last_user_agent = CharField(source="session.last_user_agent", read_only=True)
last_used = DateTimeField(source="session.last_used", read_only=True)
current = SerializerMethodField() current = SerializerMethodField()
user_agent = SerializerMethodField() user_agent = SerializerMethodField()
geo_ip = SerializerMethodField() geo_ip = SerializerMethodField()
@ -62,19 +68,19 @@ class AuthenticatedSessionSerializer(ModelSerializer):
def get_current(self, instance: AuthenticatedSession) -> bool: def get_current(self, instance: AuthenticatedSession) -> bool:
"""Check if session is currently active session""" """Check if session is currently active session"""
request: Request = self.context["request"] request: Request = self.context["request"]
return request._request.session.session_key == instance.session_key return request._request.session.session_key == instance.session.session_key
def get_user_agent(self, instance: AuthenticatedSession) -> UserAgentDict: def get_user_agent(self, instance: AuthenticatedSession) -> UserAgentDict:
"""Get parsed user agent""" """Get parsed user agent"""
return user_agent_parser.Parse(instance.last_user_agent) return user_agent_parser.Parse(instance.session.last_user_agent)
def get_geo_ip(self, instance: AuthenticatedSession) -> GeoIPDict | None: # pragma: no cover def get_geo_ip(self, instance: AuthenticatedSession) -> GeoIPDict | None: # pragma: no cover
"""Get GeoIP Data""" """Get GeoIP Data"""
return GEOIP_CONTEXT_PROCESSOR.city_dict(instance.last_ip) return GEOIP_CONTEXT_PROCESSOR.city_dict(instance.session.last_ip)
def get_asn(self, instance: AuthenticatedSession) -> ASNDict | None: # pragma: no cover def get_asn(self, instance: AuthenticatedSession) -> ASNDict | None: # pragma: no cover
"""Get ASN Data""" """Get ASN Data"""
return ASN_CONTEXT_PROCESSOR.asn_dict(instance.last_ip) return ASN_CONTEXT_PROCESSOR.asn_dict(instance.session.last_ip)
class Meta: class Meta:
model = AuthenticatedSession model = AuthenticatedSession
@ -90,6 +96,7 @@ class AuthenticatedSessionSerializer(ModelSerializer):
"last_used", "last_used",
"expires", "expires",
] ]
extra_args = {"uuid": {"read_only": True}}
class AuthenticatedSessionViewSet( class AuthenticatedSessionViewSet(
@ -101,9 +108,10 @@ class AuthenticatedSessionViewSet(
): ):
"""AuthenticatedSession Viewset""" """AuthenticatedSession Viewset"""
queryset = AuthenticatedSession.objects.all() lookup_field = "uuid"
queryset = AuthenticatedSession.objects.select_related("session").all()
serializer_class = AuthenticatedSessionSerializer serializer_class = AuthenticatedSessionSerializer
search_fields = ["user__username", "last_ip", "last_user_agent"] search_fields = ["user__username", "session__last_ip", "session__last_user_agent"]
filterset_fields = ["user__username", "last_ip", "last_user_agent"] filterset_fields = ["user__username", "session__last_ip", "session__last_user_agent"]
ordering = ["user__username"] ordering = ["user__username"]
owner_field = "user" owner_field = "user"

View File

@ -1,8 +1,6 @@
"""Authenticator Devices API Views""" """Authenticator Devices API Views"""
from django.utils.translation import gettext_lazy as _ from drf_spectacular.utils import extend_schema
from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, extend_schema
from guardian.shortcuts import get_objects_for_user from guardian.shortcuts import get_objects_for_user
from rest_framework.fields import ( from rest_framework.fields import (
BooleanField, BooleanField,
@ -15,6 +13,7 @@ from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.viewsets import ViewSet from rest_framework.viewsets import ViewSet
from authentik.core.api.users import ParamUserSerializer
from authentik.core.api.utils import MetaNameSerializer from authentik.core.api.utils import MetaNameSerializer
from authentik.enterprise.stages.authenticator_endpoint_gdtc.models import EndpointDevice from authentik.enterprise.stages.authenticator_endpoint_gdtc.models import EndpointDevice
from authentik.stages.authenticator import device_classes, devices_for_user from authentik.stages.authenticator import device_classes, devices_for_user
@ -23,7 +22,7 @@ from authentik.stages.authenticator_webauthn.models import WebAuthnDevice
class DeviceSerializer(MetaNameSerializer): class DeviceSerializer(MetaNameSerializer):
"""Serializer for Duo authenticator devices""" """Serializer for authenticator devices"""
pk = CharField() pk = CharField()
name = CharField() name = CharField()
@ -33,22 +32,27 @@ class DeviceSerializer(MetaNameSerializer):
last_updated = DateTimeField(read_only=True) last_updated = DateTimeField(read_only=True)
last_used = DateTimeField(read_only=True, allow_null=True) last_used = DateTimeField(read_only=True, allow_null=True)
extra_description = SerializerMethodField() extra_description = SerializerMethodField()
external_id = SerializerMethodField()
def get_type(self, instance: Device) -> str: def get_type(self, instance: Device) -> str:
"""Get type of device""" """Get type of device"""
return instance._meta.label return instance._meta.label
def get_extra_description(self, instance: Device) -> str: def get_extra_description(self, instance: Device) -> str | None:
"""Get extra description""" """Get extra description"""
if isinstance(instance, WebAuthnDevice): if isinstance(instance, WebAuthnDevice):
return ( return instance.device_type.description if instance.device_type else None
instance.device_type.description
if instance.device_type
else _("Extra description not available")
)
if isinstance(instance, EndpointDevice): if isinstance(instance, EndpointDevice):
return instance.data.get("deviceSignals", {}).get("deviceModel") return instance.data.get("deviceSignals", {}).get("deviceModel")
return "" return None
def get_external_id(self, instance: Device) -> str | None:
"""Get external Device ID"""
if isinstance(instance, WebAuthnDevice):
return instance.device_type.aaguid if instance.device_type else None
if isinstance(instance, EndpointDevice):
return instance.data.get("deviceSignals", {}).get("deviceModel")
return None
class DeviceViewSet(ViewSet): class DeviceViewSet(ViewSet):
@ -57,7 +61,6 @@ class DeviceViewSet(ViewSet):
serializer_class = DeviceSerializer serializer_class = DeviceSerializer
permission_classes = [IsAuthenticated] permission_classes = [IsAuthenticated]
@extend_schema(responses={200: DeviceSerializer(many=True)})
def list(self, request: Request) -> Response: def list(self, request: Request) -> Response:
"""Get all devices for current user""" """Get all devices for current user"""
devices = devices_for_user(request.user) devices = devices_for_user(request.user)
@ -79,18 +82,11 @@ class AdminDeviceViewSet(ViewSet):
yield from device_set yield from device_set
@extend_schema( @extend_schema(
parameters=[ parameters=[ParamUserSerializer],
OpenApiParameter(
name="user",
location=OpenApiParameter.QUERY,
type=OpenApiTypes.INT,
)
],
responses={200: DeviceSerializer(many=True)}, responses={200: DeviceSerializer(many=True)},
) )
def list(self, request: Request) -> Response: def list(self, request: Request) -> Response:
"""Get all devices for current user""" """Get all devices for current user"""
kwargs = {} args = ParamUserSerializer(data=request.query_params)
if "user" in request.query_params: args.is_valid(raise_exception=True)
kwargs = {"user": request.query_params["user"]} return Response(DeviceSerializer(self.get_devices(**args.validated_data), many=True).data)
return Response(DeviceSerializer(self.get_devices(**kwargs), many=True).data)

View File

@ -99,18 +99,17 @@ class GroupSerializer(ModelSerializer):
if superuser if superuser
else "authentik_core.disable_group_superuser" else "authentik_core.disable_group_superuser"
) )
has_perm = user.has_perm(perm) if self.instance or superuser:
if self.instance and not has_perm: has_perm = user.has_perm(perm) or user.has_perm(perm, self.instance)
has_perm = user.has_perm(perm, self.instance) if not has_perm:
if not has_perm: raise ValidationError(
raise ValidationError( _(
_( (
( "User does not have permission to set "
"User does not have permission to set " "superuser status to {superuser_status}."
"superuser status to {superuser_status}." ).format_map({"superuser_status": superuser})
).format_map({"superuser_status": superuser}) )
) )
)
return superuser return superuser
class Meta: class Meta:

View File

@ -5,6 +5,7 @@ from collections.abc import Iterable
from drf_spectacular.utils import OpenApiResponse, extend_schema from drf_spectacular.utils import OpenApiResponse, extend_schema
from rest_framework import mixins from rest_framework import mixins
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField, ReadOnlyField, SerializerMethodField from rest_framework.fields import CharField, ReadOnlyField, SerializerMethodField
from rest_framework.parsers import MultiPartParser from rest_framework.parsers import MultiPartParser
from rest_framework.request import Request from rest_framework.request import Request
@ -154,6 +155,17 @@ class SourceViewSet(
matching_sources.append(source_settings.validated_data) matching_sources.append(source_settings.validated_data)
return Response(matching_sources) return Response(matching_sources)
def destroy(self, request: Request, *args, **kwargs):
"""Prevent deletion of built-in sources"""
instance: Source = self.get_object()
if instance.managed == Source.MANAGED_INBUILT:
raise ValidationError(
{"detail": "Built-in sources cannot be deleted"}, code="protected"
)
return super().destroy(request, *args, **kwargs)
class UserSourceConnectionSerializer(SourceSerializer): class UserSourceConnectionSerializer(SourceSerializer):
"""User source connection""" """User source connection"""
@ -167,10 +179,13 @@ class UserSourceConnectionSerializer(SourceSerializer):
"user", "user",
"source", "source",
"source_obj", "source_obj",
"identifier",
"created", "created",
"last_updated",
] ]
extra_kwargs = { extra_kwargs = {
"created": {"read_only": True}, "created": {"read_only": True},
"last_updated": {"read_only": True},
} }
@ -187,7 +202,7 @@ class UserSourceConnectionViewSet(
queryset = UserSourceConnection.objects.all() queryset = UserSourceConnection.objects.all()
serializer_class = UserSourceConnectionSerializer serializer_class = UserSourceConnectionSerializer
filterset_fields = ["user", "source__slug"] filterset_fields = ["user", "source__slug"]
search_fields = ["source__slug"] search_fields = ["user__username", "source__slug", "identifier"]
ordering = ["source__slug", "pk"] ordering = ["source__slug", "pk"]
owner_field = "user" owner_field = "user"
@ -206,9 +221,11 @@ class GroupSourceConnectionSerializer(SourceSerializer):
"source_obj", "source_obj",
"identifier", "identifier",
"created", "created",
"last_updated",
] ]
extra_kwargs = { extra_kwargs = {
"created": {"read_only": True}, "created": {"read_only": True},
"last_updated": {"read_only": True},
} }
@ -225,6 +242,5 @@ class GroupSourceConnectionViewSet(
queryset = GroupSourceConnection.objects.all() queryset = GroupSourceConnection.objects.all()
serializer_class = GroupSourceConnectionSerializer serializer_class = GroupSourceConnectionSerializer
filterset_fields = ["group", "source__slug"] filterset_fields = ["group", "source__slug"]
search_fields = ["source__slug"] search_fields = ["group__name", "source__slug", "identifier"]
ordering = ["source__slug", "pk"] ordering = ["source__slug", "pk"]
owner_field = "user"

View File

@ -6,9 +6,6 @@ from typing import Any
from django.contrib.auth import update_session_auth_hash from django.contrib.auth import update_session_auth_hash
from django.contrib.auth.models import Permission from django.contrib.auth.models import Permission
from django.contrib.sessions.backends.cache import KEY_PREFIX
from django.core.cache import cache
from django.db.models.functions import ExtractHour
from django.db.transaction import atomic from django.db.transaction import atomic
from django.db.utils import IntegrityError from django.db.utils import IntegrityError
from django.urls import reverse_lazy from django.urls import reverse_lazy
@ -54,7 +51,6 @@ from rest_framework.validators import UniqueValidator
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.admin.api.metrics import CoordinateSerializer
from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT
from authentik.brands.models import Brand from authentik.brands.models import Brand
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
@ -71,8 +67,8 @@ from authentik.core.middleware import (
from authentik.core.models import ( from authentik.core.models import (
USER_ATTRIBUTE_TOKEN_EXPIRING, USER_ATTRIBUTE_TOKEN_EXPIRING,
USER_PATH_SERVICE_ACCOUNT, USER_PATH_SERVICE_ACCOUNT,
AuthenticatedSession,
Group, Group,
Session,
Token, Token,
TokenIntents, TokenIntents,
User, User,
@ -86,6 +82,7 @@ from authentik.flows.views.executor import QS_KEY_TOKEN
from authentik.lib.avatars import get_avatar from authentik.lib.avatars import get_avatar
from authentik.rbac.decorators import permission_required from authentik.rbac.decorators import permission_required
from authentik.rbac.models import get_permission_choices from authentik.rbac.models import get_permission_choices
from authentik.stages.email.flow import pickle_flow_token_for_email
from authentik.stages.email.models import EmailStage from authentik.stages.email.models import EmailStage
from authentik.stages.email.tasks import send_mails from authentik.stages.email.tasks import send_mails
from authentik.stages.email.utils import TemplateEmailMessage from authentik.stages.email.utils import TemplateEmailMessage
@ -93,6 +90,12 @@ from authentik.stages.email.utils import TemplateEmailMessage
LOGGER = get_logger() LOGGER = get_logger()
class ParamUserSerializer(PassiveSerializer):
"""Partial serializer for query parameters to select a user"""
user = PrimaryKeyRelatedField(queryset=User.objects.all().exclude_anonymous(), required=False)
class UserGroupSerializer(ModelSerializer): class UserGroupSerializer(ModelSerializer):
"""Simplified Group Serializer for user's groups""" """Simplified Group Serializer for user's groups"""
@ -226,6 +229,7 @@ class UserSerializer(ModelSerializer):
"name", "name",
"is_active", "is_active",
"last_login", "last_login",
"date_joined",
"is_superuser", "is_superuser",
"groups", "groups",
"groups_obj", "groups_obj",
@ -240,6 +244,7 @@ class UserSerializer(ModelSerializer):
] ]
extra_kwargs = { extra_kwargs = {
"name": {"allow_blank": True}, "name": {"allow_blank": True},
"date_joined": {"read_only": True},
"password_change_date": {"read_only": True}, "password_change_date": {"read_only": True},
} }
@ -316,53 +321,6 @@ class SessionUserSerializer(PassiveSerializer):
original = UserSelfSerializer(required=False) original = UserSelfSerializer(required=False)
class UserMetricsSerializer(PassiveSerializer):
"""User Metrics"""
logins = SerializerMethodField()
logins_failed = SerializerMethodField()
authorizations = SerializerMethodField()
@extend_schema_field(CoordinateSerializer(many=True))
def get_logins(self, _):
"""Get successful logins per 8 hours for the last 7 days"""
user = self.context["user"]
request = self.context["request"]
return (
get_objects_for_user(request.user, "authentik_events.view_event").filter(
action=EventAction.LOGIN, user__pk=user.pk
)
# 3 data points per day, so 8 hour spans
.get_events_per(timedelta(days=7), ExtractHour, 7 * 3)
)
@extend_schema_field(CoordinateSerializer(many=True))
def get_logins_failed(self, _):
"""Get failed logins per 8 hours for the last 7 days"""
user = self.context["user"]
request = self.context["request"]
return (
get_objects_for_user(request.user, "authentik_events.view_event").filter(
action=EventAction.LOGIN_FAILED, context__username=user.username
)
# 3 data points per day, so 8 hour spans
.get_events_per(timedelta(days=7), ExtractHour, 7 * 3)
)
@extend_schema_field(CoordinateSerializer(many=True))
def get_authorizations(self, _):
"""Get failed logins per 8 hours for the last 7 days"""
user = self.context["user"]
request = self.context["request"]
return (
get_objects_for_user(request.user, "authentik_events.view_event").filter(
action=EventAction.AUTHORIZE_APPLICATION, user__pk=user.pk
)
# 3 data points per day, so 8 hour spans
.get_events_per(timedelta(days=7), ExtractHour, 7 * 3)
)
class UsersFilter(FilterSet): class UsersFilter(FilterSet):
"""Filter for users""" """Filter for users"""
@ -373,7 +331,7 @@ class UsersFilter(FilterSet):
method="filter_attributes", method="filter_attributes",
) )
is_superuser = BooleanFilter(field_name="ak_groups", lookup_expr="is_superuser") is_superuser = BooleanFilter(field_name="ak_groups", method="filter_is_superuser")
uuid = UUIDFilter(field_name="uuid") uuid = UUIDFilter(field_name="uuid")
path = CharFilter(field_name="path") path = CharFilter(field_name="path")
@ -391,6 +349,11 @@ class UsersFilter(FilterSet):
queryset=Group.objects.all().order_by("name"), queryset=Group.objects.all().order_by("name"),
) )
def filter_is_superuser(self, queryset, name, value):
if value:
return queryset.filter(ak_groups__is_superuser=True).distinct()
return queryset.exclude(ak_groups__is_superuser=True).distinct()
def filter_attributes(self, queryset, name, value): def filter_attributes(self, queryset, name, value):
"""Filter attributes by query args""" """Filter attributes by query args"""
try: try:
@ -429,8 +392,23 @@ class UserViewSet(UsedByMixin, ModelViewSet):
queryset = User.objects.none() queryset = User.objects.none()
ordering = ["username"] ordering = ["username"]
serializer_class = UserSerializer serializer_class = UserSerializer
search_fields = ["username", "name", "is_active", "email", "uuid", "attributes"]
filterset_class = UsersFilter filterset_class = UsersFilter
search_fields = ["username", "name", "is_active", "email", "uuid", "attributes"]
def get_ql_fields(self):
from djangoql.schema import BoolField, StrField
from authentik.enterprise.search.fields import ChoiceSearchField, JSONSearchField
return [
StrField(User, "username"),
StrField(User, "name"),
StrField(User, "email"),
StrField(User, "path"),
BoolField(User, "is_active", nullable=True),
ChoiceSearchField(User, "type"),
JSONSearchField(User, "attributes", suggest_nested=False),
]
def get_queryset(self): def get_queryset(self):
base_qs = User.objects.all().exclude_anonymous() base_qs = User.objects.all().exclude_anonymous()
@ -446,7 +424,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
def list(self, request, *args, **kwargs): def list(self, request, *args, **kwargs):
return super().list(request, *args, **kwargs) return super().list(request, *args, **kwargs)
def _create_recovery_link(self) -> tuple[str, Token]: def _create_recovery_link(self, for_email=False) -> tuple[str, Token]:
"""Create a recovery link (when the current brand has a recovery flow set), """Create a recovery link (when the current brand has a recovery flow set),
that can either be shown to an admin or sent to the user directly""" that can either be shown to an admin or sent to the user directly"""
brand: Brand = self.request._request.brand brand: Brand = self.request._request.brand
@ -468,12 +446,16 @@ class UserViewSet(UsedByMixin, ModelViewSet):
raise ValidationError( raise ValidationError(
{"non_field_errors": "Recovery flow not applicable to user"} {"non_field_errors": "Recovery flow not applicable to user"}
) from None ) from None
_plan = FlowToken.pickle(plan)
if for_email:
_plan = pickle_flow_token_for_email(plan)
token, __ = FlowToken.objects.update_or_create( token, __ = FlowToken.objects.update_or_create(
identifier=f"{user.uid}-password-reset", identifier=f"{user.uid}-password-reset",
defaults={ defaults={
"user": user, "user": user,
"flow": flow, "flow": flow,
"_plan": FlowToken.pickle(plan), "_plan": _plan,
"revoke_on_execution": not for_email,
}, },
) )
querystring = urlencode({QS_KEY_TOKEN: token.key}) querystring = urlencode({QS_KEY_TOKEN: token.key})
@ -597,17 +579,6 @@ class UserViewSet(UsedByMixin, ModelViewSet):
update_session_auth_hash(self.request, user) update_session_auth_hash(self.request, user)
return Response(status=204) return Response(status=204)
@permission_required("authentik_core.view_user", ["authentik_events.view_event"])
@extend_schema(responses={200: UserMetricsSerializer(many=False)})
@action(detail=True, pagination_class=None, filter_backends=[])
def metrics(self, request: Request, pk: int) -> Response:
"""User metrics per 1h"""
user: User = self.get_object()
serializer = UserMetricsSerializer(instance={})
serializer.context["user"] = user
serializer.context["request"] = request
return Response(serializer.data)
@permission_required("authentik_core.reset_user_password") @permission_required("authentik_core.reset_user_password")
@extend_schema( @extend_schema(
responses={ responses={
@ -643,7 +614,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
if for_user.email == "": if for_user.email == "":
LOGGER.debug("User doesn't have an email address") LOGGER.debug("User doesn't have an email address")
raise ValidationError({"non_field_errors": "User does not have an email address set."}) raise ValidationError({"non_field_errors": "User does not have an email address set."})
link, token = self._create_recovery_link() link, token = self._create_recovery_link(for_email=True)
# Lookup the email stage to assure the current user can access it # Lookup the email stage to assure the current user can access it
stages = get_objects_for_user( stages = get_objects_for_user(
request.user, "authentik_stages_email.view_emailstage" request.user, "authentik_stages_email.view_emailstage"
@ -767,9 +738,6 @@ class UserViewSet(UsedByMixin, ModelViewSet):
response = super().partial_update(request, *args, **kwargs) response = super().partial_update(request, *args, **kwargs)
instance: User = self.get_object() instance: User = self.get_object()
if not instance.is_active: if not instance.is_active:
sessions = AuthenticatedSession.objects.filter(user=instance) Session.objects.filter(authenticatedsession__user=instance).delete()
session_ids = sessions.values_list("session_key", flat=True)
cache.delete_many(f"{KEY_PREFIX}{session}" for session in session_ids)
sessions.delete()
LOGGER.debug("Deleted user's sessions", user=instance.username) LOGGER.debug("Deleted user's sessions", user=instance.username)
return response return response

View File

@ -2,6 +2,7 @@
from typing import Any from typing import Any
from django.db import models
from django.db.models import Model from django.db.models import Model
from drf_spectacular.extensions import OpenApiSerializerFieldExtension from drf_spectacular.extensions import OpenApiSerializerFieldExtension
from drf_spectacular.plumbing import build_basic_type from drf_spectacular.plumbing import build_basic_type
@ -20,6 +21,8 @@ from rest_framework.serializers import (
raise_errors_on_nested_writes, raise_errors_on_nested_writes,
) )
from authentik.rbac.permissions import assign_initial_permissions
def is_dict(value: Any): def is_dict(value: Any):
"""Ensure a value is a dictionary, useful for JSONFields""" """Ensure a value is a dictionary, useful for JSONFields"""
@ -28,8 +31,36 @@ def is_dict(value: Any):
raise ValidationError("Value must be a dictionary, and not have any duplicate keys.") raise ValidationError("Value must be a dictionary, and not have any duplicate keys.")
class JSONDictField(JSONField):
"""JSON Field which only allows dictionaries"""
default_validators = [is_dict]
class JSONExtension(OpenApiSerializerFieldExtension):
"""Generate API Schema for JSON fields as"""
target_class = "authentik.core.api.utils.JSONDictField"
def map_serializer_field(self, auto_schema, direction):
return build_basic_type(OpenApiTypes.OBJECT)
class ModelSerializer(BaseModelSerializer): class ModelSerializer(BaseModelSerializer):
# By default, JSON fields we have are used to store dictionaries
serializer_field_mapping = BaseModelSerializer.serializer_field_mapping.copy()
serializer_field_mapping[models.JSONField] = JSONDictField
def create(self, validated_data):
instance = super().create(validated_data)
request = self.context.get("request")
if request and hasattr(request, "user") and not request.user.is_anonymous:
assign_initial_permissions(request.user, instance)
return instance
def update(self, instance: Model, validated_data): def update(self, instance: Model, validated_data):
raise_errors_on_nested_writes("update", self, validated_data) raise_errors_on_nested_writes("update", self, validated_data)
info = model_meta.get_field_info(instance) info = model_meta.get_field_info(instance)
@ -61,21 +92,6 @@ class ModelSerializer(BaseModelSerializer):
return instance return instance
class JSONDictField(JSONField):
"""JSON Field which only allows dictionaries"""
default_validators = [is_dict]
class JSONExtension(OpenApiSerializerFieldExtension):
"""Generate API Schema for JSON fields as"""
target_class = "authentik.core.api.utils.JSONDictField"
def map_serializer_field(self, auto_schema, direction):
return build_basic_type(OpenApiTypes.OBJECT)
class PassiveSerializer(Serializer): class PassiveSerializer(Serializer):
"""Base serializer class which doesn't implement create/update methods""" """Base serializer class which doesn't implement create/update methods"""

View File

@ -32,5 +32,5 @@ class AuthentikCoreConfig(ManagedAppConfig):
"name": "authentik Built-in", "name": "authentik Built-in",
"slug": "authentik-built-in", "slug": "authentik-built-in",
}, },
managed="goauthentik.io/sources/inbuilt", managed=Source.MANAGED_INBUILT,
) )

View File

@ -24,6 +24,15 @@ class InbuiltBackend(ModelBackend):
self.set_method("password", request) self.set_method("password", request)
return user return user
async def aauthenticate(
self, request: HttpRequest, username: str | None, password: str | None, **kwargs: Any
) -> User | None:
user = await super().aauthenticate(request, username=username, password=password, **kwargs)
if not user:
return None
self.set_method("password", request)
return user
def set_method(self, method: str, request: HttpRequest | None, **kwargs): def set_method(self, method: str, request: HttpRequest | None, **kwargs):
"""Set method data on current flow, if possbiel""" """Set method data on current flow, if possbiel"""
if not request: if not request:

View File

@ -13,7 +13,6 @@ class Command(TenantCommand):
parser.add_argument("usernames", nargs="*", type=str) parser.add_argument("usernames", nargs="*", type=str)
def handle_per_tenant(self, **options): def handle_per_tenant(self, **options):
print(options)
new_type = UserTypes(options["type"]) new_type = UserTypes(options["type"])
qs = ( qs = (
User.objects.exclude_anonymous() User.objects.exclude_anonymous()

View File

@ -0,0 +1,15 @@
"""Change user type"""
from importlib import import_module
from django.conf import settings
from authentik.tenants.management import TenantCommand
class Command(TenantCommand):
"""Delete all sessions"""
def handle_per_tenant(self, **options):
engine = import_module(settings.SESSION_ENGINE)
engine.SessionStore.clear_expired()

View File

@ -2,6 +2,7 @@
from django.apps import apps from django.apps import apps
from django.contrib.auth.management import create_permissions from django.contrib.auth.management import create_permissions
from django.core.management import call_command
from django.core.management.base import BaseCommand, no_translations from django.core.management.base import BaseCommand, no_translations
from guardian.management import create_anonymous_user from guardian.management import create_anonymous_user
@ -16,6 +17,10 @@ class Command(BaseCommand):
"""Check permissions for all apps""" """Check permissions for all apps"""
for tenant in Tenant.objects.filter(ready=True): for tenant in Tenant.objects.filter(ready=True):
with tenant: with tenant:
# See https://code.djangoproject.com/ticket/28417
# Remove potential lingering old permissions
call_command("remove_stale_contenttypes", "--no-input")
for app in apps.get_app_configs(): for app in apps.get_app_configs():
self.stdout.write(f"Checking app {app.name} ({app.label})\n") self.stdout.write(f"Checking app {app.name} ({app.label})\n")
create_permissions(app, verbosity=0) create_permissions(app, verbosity=0)

View File

@ -2,9 +2,14 @@
from collections.abc import Callable from collections.abc import Callable
from contextvars import ContextVar from contextvars import ContextVar
from functools import partial
from uuid import uuid4 from uuid import uuid4
from django.contrib.auth.models import AnonymousUser
from django.core.exceptions import ImproperlyConfigured
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
from django.utils.deprecation import MiddlewareMixin
from django.utils.functional import SimpleLazyObject
from django.utils.translation import override from django.utils.translation import override
from sentry_sdk.api import set_tag from sentry_sdk.api import set_tag
from structlog.contextvars import STRUCTLOG_KEY_PREFIX from structlog.contextvars import STRUCTLOG_KEY_PREFIX
@ -20,6 +25,40 @@ CTX_HOST = ContextVar[str | None](STRUCTLOG_KEY_PREFIX + "host", default=None)
CTX_AUTH_VIA = ContextVar[str | None](STRUCTLOG_KEY_PREFIX + KEY_AUTH_VIA, default=None) CTX_AUTH_VIA = ContextVar[str | None](STRUCTLOG_KEY_PREFIX + KEY_AUTH_VIA, default=None)
def get_user(request):
if not hasattr(request, "_cached_user"):
user = None
if (authenticated_session := request.session.get("authenticatedsession", None)) is not None:
user = authenticated_session.user
request._cached_user = user or AnonymousUser()
return request._cached_user
async def aget_user(request):
if not hasattr(request, "_cached_user"):
user = None
if (
authenticated_session := await request.session.aget("authenticatedsession", None)
) is not None:
user = authenticated_session.user
request._cached_user = user or AnonymousUser()
return request._cached_user
class AuthenticationMiddleware(MiddlewareMixin):
def process_request(self, request):
if not hasattr(request, "session"):
raise ImproperlyConfigured(
"The Django authentication middleware requires session "
"middleware to be installed. Edit your MIDDLEWARE setting to "
"insert "
"'authentik.root.middleware.SessionMiddleware' before "
"'authentik.core.middleware.AuthenticationMiddleware'."
)
request.user = SimpleLazyObject(lambda: get_user(request))
request.auser = partial(aget_user, request)
class ImpersonateMiddleware: class ImpersonateMiddleware:
"""Middleware to impersonate users""" """Middleware to impersonate users"""

View File

@ -0,0 +1,19 @@
# Generated by Django 5.0.13 on 2025-04-07 14:04
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_core", "0043_alter_group_options"),
]
operations = [
migrations.AddField(
model_name="usersourceconnection",
name="new_identifier",
field=models.TextField(default=""),
preserve_default=False,
),
]

View File

@ -0,0 +1,30 @@
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_core", "0044_usersourceconnection_new_identifier"),
("authentik_sources_kerberos", "0003_migrate_userkerberossourceconnection_identifier"),
("authentik_sources_oauth", "0009_migrate_useroauthsourceconnection_identifier"),
("authentik_sources_plex", "0005_migrate_userplexsourceconnection_identifier"),
("authentik_sources_saml", "0019_migrate_usersamlsourceconnection_identifier"),
]
operations = [
migrations.RenameField(
model_name="usersourceconnection",
old_name="new_identifier",
new_name="identifier",
),
migrations.AddIndex(
model_name="usersourceconnection",
index=models.Index(fields=["identifier"], name="authentik_c_identif_59226f_idx"),
),
migrations.AddIndex(
model_name="usersourceconnection",
index=models.Index(
fields=["source", "identifier"], name="authentik_c_source__649e04_idx"
),
),
]

View File

@ -0,0 +1,242 @@
# Generated by Django 5.0.11 on 2025-01-27 12:58
import uuid
import pickle # nosec
from django.core import signing
from django.contrib.auth import BACKEND_SESSION_KEY, HASH_SESSION_KEY, SESSION_KEY
from django.db import migrations, models
import django.db.models.deletion
from django.conf import settings
from django.contrib.sessions.backends.cache import KEY_PREFIX
from django.utils.timezone import now, timedelta
from authentik.lib.migrations import progress_bar
from authentik.root.middleware import ClientIPMiddleware
SESSION_CACHE_ALIAS = "default"
class PickleSerializer:
"""
Simple wrapper around pickle to be used in signing.dumps()/loads() and
cache backends.
"""
def __init__(self, protocol=None):
self.protocol = pickle.HIGHEST_PROTOCOL if protocol is None else protocol
def dumps(self, obj):
"""Pickle data to be stored in redis"""
return pickle.dumps(obj, self.protocol)
def loads(self, data):
"""Unpickle data to be loaded from redis"""
try:
return pickle.loads(data) # nosec
except Exception:
return {}
def _migrate_session(
apps,
db_alias,
session_key,
session_data,
expires,
):
Session = apps.get_model("authentik_core", "Session")
OldAuthenticatedSession = apps.get_model("authentik_core", "OldAuthenticatedSession")
AuthenticatedSession = apps.get_model("authentik_core", "AuthenticatedSession")
old_auth_session = (
OldAuthenticatedSession.objects.using(db_alias).filter(session_key=session_key).first()
)
args = {
"session_key": session_key,
"expires": expires,
"last_ip": ClientIPMiddleware.default_ip,
"last_user_agent": "",
"session_data": {},
}
for k, v in session_data.items():
if k == "authentik/stages/user_login/last_ip":
args["last_ip"] = v
elif k in ["last_user_agent", "last_used"]:
args[k] = v
elif args in [SESSION_KEY, BACKEND_SESSION_KEY, HASH_SESSION_KEY]:
pass
else:
args["session_data"][k] = v
if old_auth_session:
args["last_user_agent"] = old_auth_session.last_user_agent
args["last_used"] = old_auth_session.last_used
args["session_data"] = pickle.dumps(args["session_data"])
session = Session.objects.using(db_alias).create(**args)
if old_auth_session:
AuthenticatedSession.objects.using(db_alias).create(
session=session,
user=old_auth_session.user,
uuid=old_auth_session.uuid,
)
def migrate_redis_sessions(apps, schema_editor):
from django.core.cache import caches
db_alias = schema_editor.connection.alias
cache = caches[SESSION_CACHE_ALIAS]
# Not a redis cache, skipping
if not hasattr(cache, "keys"):
return
print("\nMigrating Redis sessions to database, this might take a couple of minutes...")
for key, session_data in progress_bar(cache.get_many(cache.keys(f"{KEY_PREFIX}*")).items()):
_migrate_session(
apps=apps,
db_alias=db_alias,
session_key=key.removeprefix(KEY_PREFIX),
session_data=session_data,
expires=now() + timedelta(seconds=cache.ttl(key)),
)
def migrate_database_sessions(apps, schema_editor):
DjangoSession = apps.get_model("sessions", "Session")
db_alias = schema_editor.connection.alias
print("\nMigration database sessions, this might take a couple of minutes...")
for django_session in progress_bar(DjangoSession.objects.using(db_alias).all()):
session_data = signing.loads(
django_session.session_data,
salt="django.contrib.sessions.SessionStore",
serializer=PickleSerializer,
)
_migrate_session(
apps=apps,
db_alias=db_alias,
session_key=django_session.session_key,
session_data=session_data,
expires=django_session.expire_date,
)
class Migration(migrations.Migration):
dependencies = [
("sessions", "0001_initial"),
("authentik_core", "0045_rename_new_identifier_usersourceconnection_identifier_and_more"),
("authentik_providers_oauth2", "0027_accesstoken_authentik_p_expires_9f24a5_idx_and_more"),
("authentik_providers_rac", "0006_connectiontoken_authentik_p_expires_91f148_idx_and_more"),
]
operations = [
# Rename AuthenticatedSession to OldAuthenticatedSession
migrations.RenameModel(
old_name="AuthenticatedSession",
new_name="OldAuthenticatedSession",
),
migrations.RenameIndex(
model_name="oldauthenticatedsession",
new_name="authentik_c_expires_cf4f72_idx",
old_name="authentik_c_expires_08251d_idx",
),
migrations.RenameIndex(
model_name="oldauthenticatedsession",
new_name="authentik_c_expirin_c1f17f_idx",
old_name="authentik_c_expirin_9cd839_idx",
),
migrations.RenameIndex(
model_name="oldauthenticatedsession",
new_name="authentik_c_expirin_e04f5d_idx",
old_name="authentik_c_expirin_195a84_idx",
),
migrations.RenameIndex(
model_name="oldauthenticatedsession",
new_name="authentik_c_session_a44819_idx",
old_name="authentik_c_session_d0f005_idx",
),
migrations.RunSQL(
sql="ALTER INDEX authentik_core_authenticatedsession_user_id_5055b6cf RENAME TO authentik_core_oldauthenticatedsession_user_id_5055b6cf",
reverse_sql="ALTER INDEX authentik_core_oldauthenticatedsession_user_id_5055b6cf RENAME TO authentik_core_authenticatedsession_user_id_5055b6cf",
),
# Create new Session and AuthenticatedSession models
migrations.CreateModel(
name="Session",
fields=[
(
"session_key",
models.CharField(
max_length=40, primary_key=True, serialize=False, verbose_name="session key"
),
),
("expires", models.DateTimeField(default=None, null=True)),
("expiring", models.BooleanField(default=True)),
("session_data", models.BinaryField(verbose_name="session data")),
("last_ip", models.GenericIPAddressField()),
("last_user_agent", models.TextField(blank=True)),
("last_used", models.DateTimeField(auto_now=True)),
],
options={
"default_permissions": [],
"verbose_name": "Session",
"verbose_name_plural": "Sessions",
},
),
migrations.AddIndex(
model_name="session",
index=models.Index(fields=["expires"], name="authentik_c_expires_d2f607_idx"),
),
migrations.AddIndex(
model_name="session",
index=models.Index(fields=["expiring"], name="authentik_c_expirin_7c2cfb_idx"),
),
migrations.AddIndex(
model_name="session",
index=models.Index(
fields=["expiring", "expires"], name="authentik_c_expirin_1ab2e4_idx"
),
),
migrations.AddIndex(
model_name="session",
index=models.Index(
fields=["expires", "session_key"], name="authentik_c_expires_c49143_idx"
),
),
migrations.CreateModel(
name="AuthenticatedSession",
fields=[
(
"session",
models.OneToOneField(
on_delete=django.db.models.deletion.CASCADE,
primary_key=True,
serialize=False,
to="authentik_core.session",
),
),
("uuid", models.UUIDField(default=uuid.uuid4, unique=True)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
),
),
],
options={
"verbose_name": "Authenticated Session",
"verbose_name_plural": "Authenticated Sessions",
},
),
migrations.RunPython(
code=migrate_redis_sessions,
reverse_code=migrations.RunPython.noop,
),
migrations.RunPython(
code=migrate_database_sessions,
reverse_code=migrations.RunPython.noop,
),
]

View File

@ -0,0 +1,18 @@
# Generated by Django 5.0.11 on 2025-01-27 13:02
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("authentik_core", "0046_session_and_more"),
("authentik_providers_rac", "0007_migrate_session"),
("authentik_providers_oauth2", "0028_migrate_session"),
]
operations = [
migrations.DeleteModel(
name="OldAuthenticatedSession",
),
]

View File

@ -0,0 +1,103 @@
# Generated by Django 5.1.9 on 2025-05-14 11:15
from django.apps.registry import Apps, apps as global_apps
from django.db import migrations
from django.contrib.contenttypes.management import create_contenttypes
from django.contrib.auth.management import create_permissions
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
def migrate_authenticated_session_permissions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
"""Migrate permissions from OldAuthenticatedSession to AuthenticatedSession"""
db_alias = schema_editor.connection.alias
# `apps` here is just an instance of `django.db.migrations.state.AppConfigStub`, we need the
# real config for creating permissions and content types
authentik_core_config = global_apps.get_app_config("authentik_core")
# These are only ran by django after all migrations, but we need them right now.
# `global_apps` is needed,
create_permissions(authentik_core_config, using=db_alias, verbosity=1)
create_contenttypes(authentik_core_config, using=db_alias, verbosity=1)
# But from now on, this is just a regular migration, so use `apps`
Permission = apps.get_model("auth", "Permission")
ContentType = apps.get_model("contenttypes", "ContentType")
try:
old_ct = ContentType.objects.using(db_alias).get(
app_label="authentik_core", model="oldauthenticatedsession"
)
new_ct = ContentType.objects.using(db_alias).get(
app_label="authentik_core", model="authenticatedsession"
)
except ContentType.DoesNotExist:
# This should exist at this point, but if not, let's cut our losses
return
# Get all permissions for the old content type
old_perms = Permission.objects.using(db_alias).filter(content_type=old_ct)
# Create equivalent permissions for the new content type
for old_perm in old_perms:
new_perm = (
Permission.objects.using(db_alias)
.filter(
content_type=new_ct,
codename=old_perm.codename,
)
.first()
)
if not new_perm:
# This should exist at this point, but if not, let's cut our losses
continue
# Global user permissions
User = apps.get_model("authentik_core", "User")
User.user_permissions.through.objects.using(db_alias).filter(
permission=old_perm
).all().update(permission=new_perm)
# Global role permissions
DjangoGroup = apps.get_model("auth", "Group")
DjangoGroup.permissions.through.objects.using(db_alias).filter(
permission=old_perm
).all().update(permission=new_perm)
# Object user permissions
UserObjectPermission = apps.get_model("guardian", "UserObjectPermission")
UserObjectPermission.objects.using(db_alias).filter(permission=old_perm).all().update(
permission=new_perm, content_type=new_ct
)
# Object role permissions
GroupObjectPermission = apps.get_model("guardian", "GroupObjectPermission")
GroupObjectPermission.objects.using(db_alias).filter(permission=old_perm).all().update(
permission=new_perm, content_type=new_ct
)
def remove_old_authenticated_session_content_type(
apps: Apps, schema_editor: BaseDatabaseSchemaEditor
):
db_alias = schema_editor.connection.alias
ContentType = apps.get_model("contenttypes", "ContentType")
ContentType.objects.using(db_alias).filter(model="oldauthenticatedsession").delete()
class Migration(migrations.Migration):
dependencies = [
("authentik_core", "0047_delete_oldauthenticatedsession"),
]
operations = [
migrations.RunPython(
code=migrate_authenticated_session_permissions,
reverse_code=migrations.RunPython.noop,
),
migrations.RunPython(
code=remove_old_authenticated_session_content_type,
reverse_code=migrations.RunPython.noop,
),
]

View File

@ -1,6 +1,7 @@
"""authentik core models""" """authentik core models"""
from datetime import datetime from datetime import datetime
from enum import StrEnum
from hashlib import sha256 from hashlib import sha256
from typing import Any, Optional, Self from typing import Any, Optional, Self
from uuid import uuid4 from uuid import uuid4
@ -9,6 +10,7 @@ from deepmerge import always_merger
from django.contrib.auth.hashers import check_password from django.contrib.auth.hashers import check_password
from django.contrib.auth.models import AbstractUser from django.contrib.auth.models import AbstractUser
from django.contrib.auth.models import UserManager as DjangoUserManager from django.contrib.auth.models import UserManager as DjangoUserManager
from django.contrib.sessions.base_session import AbstractBaseSession
from django.db import models from django.db import models
from django.db.models import Q, QuerySet, options from django.db.models import Q, QuerySet, options
from django.db.models.constants import LOOKUP_SEP from django.db.models.constants import LOOKUP_SEP
@ -16,7 +18,7 @@ from django.http import HttpRequest
from django.utils.functional import SimpleLazyObject, cached_property from django.utils.functional import SimpleLazyObject, cached_property
from django.utils.timezone import now from django.utils.timezone import now
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from django_cte import CTEQuerySet, With from django_cte import CTE, with_cte
from guardian.conf import settings from guardian.conf import settings
from guardian.mixins import GuardianUserMixin from guardian.mixins import GuardianUserMixin
from model_utils.managers import InheritanceManager from model_utils.managers import InheritanceManager
@ -134,7 +136,7 @@ class AttributesMixin(models.Model):
return instance, False return instance, False
class GroupQuerySet(CTEQuerySet): class GroupQuerySet(QuerySet):
def with_children_recursive(self): def with_children_recursive(self):
"""Recursively get all groups that have the current queryset as parents """Recursively get all groups that have the current queryset as parents
or are indirectly related.""" or are indirectly related."""
@ -163,9 +165,9 @@ class GroupQuerySet(CTEQuerySet):
) )
# Build the recursive query, see above # Build the recursive query, see above
cte = With.recursive(make_cte) cte = CTE.recursive(make_cte)
# Return the result, as a usable queryset for Group. # Return the result, as a usable queryset for Group.
return cte.join(Group, group_uuid=cte.col.group_uuid).with_cte(cte) return with_cte(cte, select=cte.join(Group, group_uuid=cte.col.group_uuid))
class Group(SerializerModel, AttributesMixin): class Group(SerializerModel, AttributesMixin):
@ -646,19 +648,30 @@ class SourceUserMatchingModes(models.TextChoices):
"""Different modes a source can handle new/returning users""" """Different modes a source can handle new/returning users"""
IDENTIFIER = "identifier", _("Use the source-specific identifier") IDENTIFIER = "identifier", _("Use the source-specific identifier")
EMAIL_LINK = "email_link", _( EMAIL_LINK = (
"Link to a user with identical email address. Can have security implications " "email_link",
"when a source doesn't validate email addresses." _(
"Link to a user with identical email address. Can have security implications "
"when a source doesn't validate email addresses."
),
) )
EMAIL_DENY = "email_deny", _( EMAIL_DENY = (
"Use the user's email address, but deny enrollment when the email address already exists." "email_deny",
_(
"Use the user's email address, but deny enrollment when the email address already "
"exists."
),
) )
USERNAME_LINK = "username_link", _( USERNAME_LINK = (
"Link to a user with identical username. Can have security implications " "username_link",
"when a username is used with another source." _(
"Link to a user with identical username. Can have security implications "
"when a username is used with another source."
),
) )
USERNAME_DENY = "username_deny", _( USERNAME_DENY = (
"Use the user's username, but deny enrollment when the username already exists." "username_deny",
_("Use the user's username, but deny enrollment when the username already exists."),
) )
@ -666,18 +679,24 @@ class SourceGroupMatchingModes(models.TextChoices):
"""Different modes a source can handle new/returning groups""" """Different modes a source can handle new/returning groups"""
IDENTIFIER = "identifier", _("Use the source-specific identifier") IDENTIFIER = "identifier", _("Use the source-specific identifier")
NAME_LINK = "name_link", _( NAME_LINK = (
"Link to a group with identical name. Can have security implications " "name_link",
"when a group name is used with another source." _(
"Link to a group with identical name. Can have security implications "
"when a group name is used with another source."
),
) )
NAME_DENY = "name_deny", _( NAME_DENY = (
"Use the group name, but deny enrollment when the name already exists." "name_deny",
_("Use the group name, but deny enrollment when the name already exists."),
) )
class Source(ManagedModel, SerializerModel, PolicyBindingModel): class Source(ManagedModel, SerializerModel, PolicyBindingModel):
"""Base Authentication source, i.e. an OAuth Provider, SAML Remote or LDAP Server""" """Base Authentication source, i.e. an OAuth Provider, SAML Remote or LDAP Server"""
MANAGED_INBUILT = "goauthentik.io/sources/inbuilt"
name = models.TextField(help_text=_("Source's display Name.")) name = models.TextField(help_text=_("Source's display Name."))
slug = models.SlugField(help_text=_("Internal source name, used in URLs."), unique=True) slug = models.SlugField(help_text=_("Internal source name, used in URLs."), unique=True)
@ -728,8 +747,7 @@ class Source(ManagedModel, SerializerModel, PolicyBindingModel):
choices=SourceGroupMatchingModes.choices, choices=SourceGroupMatchingModes.choices,
default=SourceGroupMatchingModes.IDENTIFIER, default=SourceGroupMatchingModes.IDENTIFIER,
help_text=_( help_text=_(
"How the source determines if an existing group should be used or " "How the source determines if an existing group should be used or a new group created."
"a new group created."
), ),
) )
@ -759,11 +777,17 @@ class Source(ManagedModel, SerializerModel, PolicyBindingModel):
@property @property
def component(self) -> str: def component(self) -> str:
"""Return component used to edit this object""" """Return component used to edit this object"""
if self.managed == self.MANAGED_INBUILT:
return ""
raise NotImplementedError raise NotImplementedError
@property @property
def property_mapping_type(self) -> "type[PropertyMapping]": def property_mapping_type(self) -> "type[PropertyMapping]":
"""Return property mapping type used by this object""" """Return property mapping type used by this object"""
if self.managed == self.MANAGED_INBUILT:
from authentik.core.models import PropertyMapping
return PropertyMapping
raise NotImplementedError raise NotImplementedError
def ui_login_button(self, request: HttpRequest) -> UILoginButton | None: def ui_login_button(self, request: HttpRequest) -> UILoginButton | None:
@ -778,10 +802,14 @@ class Source(ManagedModel, SerializerModel, PolicyBindingModel):
def get_base_user_properties(self, **kwargs) -> dict[str, Any | dict[str, Any]]: def get_base_user_properties(self, **kwargs) -> dict[str, Any | dict[str, Any]]:
"""Get base properties for a user to build final properties upon.""" """Get base properties for a user to build final properties upon."""
if self.managed == self.MANAGED_INBUILT:
return {}
raise NotImplementedError raise NotImplementedError
def get_base_group_properties(self, **kwargs) -> dict[str, Any | dict[str, Any]]: def get_base_group_properties(self, **kwargs) -> dict[str, Any | dict[str, Any]]:
"""Get base properties for a group to build final properties upon.""" """Get base properties for a group to build final properties upon."""
if self.managed == self.MANAGED_INBUILT:
return {}
raise NotImplementedError raise NotImplementedError
def __str__(self): def __str__(self):
@ -812,6 +840,7 @@ class UserSourceConnection(SerializerModel, CreatedUpdatedModel):
user = models.ForeignKey(User, on_delete=models.CASCADE) user = models.ForeignKey(User, on_delete=models.CASCADE)
source = models.ForeignKey(Source, on_delete=models.CASCADE) source = models.ForeignKey(Source, on_delete=models.CASCADE)
identifier = models.TextField()
objects = InheritanceManager() objects = InheritanceManager()
@ -825,6 +854,10 @@ class UserSourceConnection(SerializerModel, CreatedUpdatedModel):
class Meta: class Meta:
unique_together = (("user", "source"),) unique_together = (("user", "source"),)
indexes = (
models.Index(fields=("identifier",)),
models.Index(fields=("source", "identifier")),
)
class GroupSourceConnection(SerializerModel, CreatedUpdatedModel): class GroupSourceConnection(SerializerModel, CreatedUpdatedModel):
@ -995,45 +1028,81 @@ class PropertyMapping(SerializerModel, ManagedModel):
verbose_name_plural = _("Property Mappings") verbose_name_plural = _("Property Mappings")
class AuthenticatedSession(ExpiringModel): class Session(ExpiringModel, AbstractBaseSession):
"""Additional session class for authenticated users. Augments the standard django session """User session with extra fields for fast access"""
to achieve the following:
- Make it queryable by user
- Have a direct connection to user objects
- Allow users to view their own sessions and terminate them
- Save structured and well-defined information.
"""
uuid = models.UUIDField(default=uuid4, primary_key=True) # Remove upstream field because we're using our own ExpiringModel
expire_date = None
session_data = models.BinaryField(_("session data"))
session_key = models.CharField(max_length=40) # Keep in sync with Session.Keys
user = models.ForeignKey(User, on_delete=models.CASCADE) last_ip = models.GenericIPAddressField()
last_ip = models.TextField()
last_user_agent = models.TextField(blank=True) last_user_agent = models.TextField(blank=True)
last_used = models.DateTimeField(auto_now=True) last_used = models.DateTimeField(auto_now=True)
class Meta:
verbose_name = _("Session")
verbose_name_plural = _("Sessions")
indexes = ExpiringModel.Meta.indexes + [
models.Index(fields=["expires", "session_key"]),
]
default_permissions = []
def __str__(self):
return self.session_key
class Keys(StrEnum):
"""
Keys to be set with the session interface for the fields above to be updated.
If a field is added here that needs to be initialized when the session is initialized,
it must also be reflected in authentik.root.middleware.SessionMiddleware.process_request
and in authentik.core.sessions.SessionStore.__init__
"""
LAST_IP = "last_ip"
LAST_USER_AGENT = "last_user_agent"
LAST_USED = "last_used"
@classmethod
def get_session_store_class(cls):
from authentik.core.sessions import SessionStore
return SessionStore
def get_decoded(self):
raise NotImplementedError
class AuthenticatedSession(SerializerModel):
session = models.OneToOneField(Session, on_delete=models.CASCADE, primary_key=True)
# We use the session as primary key, but we need the API to be able to reference
# this object uniquely without exposing the session key
uuid = models.UUIDField(default=uuid4, unique=True)
user = models.ForeignKey(User, on_delete=models.CASCADE)
@property
def serializer(self) -> type[Serializer]:
from authentik.core.api.authenticated_sessions import AuthenticatedSessionSerializer
return AuthenticatedSessionSerializer
class Meta: class Meta:
verbose_name = _("Authenticated Session") verbose_name = _("Authenticated Session")
verbose_name_plural = _("Authenticated Sessions") verbose_name_plural = _("Authenticated Sessions")
indexes = ExpiringModel.Meta.indexes + [
models.Index(fields=["session_key"]),
]
def __str__(self) -> str: def __str__(self) -> str:
return f"Authenticated Session {self.session_key[:10]}" return f"Authenticated Session {str(self.pk)[:10]}"
@staticmethod @staticmethod
def from_request(request: HttpRequest, user: User) -> Optional["AuthenticatedSession"]: def from_request(request: HttpRequest, user: User) -> Optional["AuthenticatedSession"]:
"""Create a new session from a http request""" """Create a new session from a http request"""
from authentik.root.middleware import ClientIPMiddleware if not hasattr(request, "session") or not request.session.exists(
request.session.session_key
if not hasattr(request, "session") or not request.session.session_key: ):
return None return None
return AuthenticatedSession( return AuthenticatedSession(
session_key=request.session.session_key, session=Session.objects.filter(session_key=request.session.session_key).first(),
user=user, user=user,
last_ip=ClientIPMiddleware.get_client_ip(request),
last_user_agent=request.META.get("HTTP_USER_AGENT", ""),
expires=request.session.get_expiry_date(),
) )

168
authentik/core/sessions.py Normal file
View File

@ -0,0 +1,168 @@
"""authentik sessions engine"""
import pickle # nosec
from django.contrib.auth import BACKEND_SESSION_KEY, HASH_SESSION_KEY, SESSION_KEY
from django.contrib.sessions.backends.db import SessionStore as SessionBase
from django.core.exceptions import SuspiciousOperation
from django.utils import timezone
from django.utils.functional import cached_property
from structlog.stdlib import get_logger
from authentik.root.middleware import ClientIPMiddleware
LOGGER = get_logger()
class SessionStore(SessionBase):
def __init__(self, session_key=None, last_ip=None, last_user_agent=""):
super().__init__(session_key)
self._create_kwargs = {
"last_ip": last_ip or ClientIPMiddleware.default_ip,
"last_user_agent": last_user_agent,
}
@classmethod
def get_model_class(cls):
from authentik.core.models import Session
return Session
@cached_property
def model_fields(self):
return [k.value for k in self.model.Keys]
def _get_session_from_db(self):
try:
return (
self.model.objects.select_related(
"authenticatedsession",
"authenticatedsession__user",
)
.prefetch_related(
"authenticatedsession__user__groups",
"authenticatedsession__user__user_permissions",
)
.get(
session_key=self.session_key,
expires__gt=timezone.now(),
)
)
except (self.model.DoesNotExist, SuspiciousOperation) as exc:
if isinstance(exc, SuspiciousOperation):
LOGGER.warning(str(exc))
self._session_key = None
async def _aget_session_from_db(self):
try:
return (
await self.model.objects.select_related(
"authenticatedsession",
"authenticatedsession__user",
)
.prefetch_related(
"authenticatedsession__user__groups",
"authenticatedsession__user__user_permissions",
)
.aget(
session_key=self.session_key,
expires__gt=timezone.now(),
)
)
except (self.model.DoesNotExist, SuspiciousOperation) as exc:
if isinstance(exc, SuspiciousOperation):
LOGGER.warning(str(exc))
self._session_key = None
def encode(self, session_dict):
return pickle.dumps(session_dict, protocol=pickle.HIGHEST_PROTOCOL)
def decode(self, session_data):
try:
return pickle.loads(session_data) # nosec
except pickle.PickleError:
# ValueError, unpickling exceptions. If any of these happen, just return an empty
# dictionary (an empty session)
pass
return {}
def load(self):
s = self._get_session_from_db()
if s:
return {
"authenticatedsession": getattr(s, "authenticatedsession", None),
**{k: getattr(s, k) for k in self.model_fields},
**self.decode(s.session_data),
}
else:
return {}
async def aload(self):
s = await self._aget_session_from_db()
if s:
return {
"authenticatedsession": getattr(s, "authenticatedsession", None),
**{k: getattr(s, k) for k in self.model_fields},
**self.decode(s.session_data),
}
else:
return {}
def create_model_instance(self, data):
args = {
"session_key": self._get_or_create_session_key(),
"expires": self.get_expiry_date(),
"session_data": {},
**self._create_kwargs,
}
for k, v in data.items():
# Don't save:
# - unused auth data
# - related models
if k in [SESSION_KEY, BACKEND_SESSION_KEY, HASH_SESSION_KEY, "authenticatedsession"]:
pass
elif k in self.model_fields:
args[k] = v
else:
args["session_data"][k] = v
args["session_data"] = self.encode(args["session_data"])
return self.model(**args)
async def acreate_model_instance(self, data):
args = {
"session_key": await self._aget_or_create_session_key(),
"expires": await self.aget_expiry_date(),
"session_data": {},
**self._create_kwargs,
}
for k, v in data.items():
# Don't save:
# - unused auth data
# - related models
if k in [SESSION_KEY, BACKEND_SESSION_KEY, HASH_SESSION_KEY, "authenticatedsession"]:
pass
elif k in self.model_fields:
args[k] = v
else:
args["session_data"][k] = v
args["session_data"] = self.encode(args["session_data"])
return self.model(**args)
@classmethod
def clear_expired(cls):
cls.get_model_class().objects.filter(expires__lt=timezone.now()).delete()
@classmethod
async def aclear_expired(cls):
await cls.get_model_class().objects.filter(expires__lt=timezone.now()).adelete()
def cycle_key(self):
data = self._session
key = self.session_key
self.create()
self._session_cache = data
if key:
self.delete(key)
if (authenticated_session := data.get("authenticatedsession")) is not None:
authenticated_session.session_id = self.session_key
authenticated_session.save(force_insert=True)

View File

@ -1,11 +1,10 @@
"""authentik core signals""" """authentik core signals"""
from django.contrib.auth.signals import user_logged_in, user_logged_out from django.contrib.auth.signals import user_logged_in
from django.contrib.sessions.backends.cache import KEY_PREFIX
from django.core.cache import cache from django.core.cache import cache
from django.core.signals import Signal from django.core.signals import Signal
from django.db.models import Model from django.db.models import Model
from django.db.models.signals import post_save, pre_delete, pre_save from django.db.models.signals import post_delete, post_save, pre_save
from django.dispatch import receiver from django.dispatch import receiver
from django.http.request import HttpRequest from django.http.request import HttpRequest
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
@ -15,6 +14,7 @@ from authentik.core.models import (
AuthenticatedSession, AuthenticatedSession,
BackchannelProvider, BackchannelProvider,
ExpiringModel, ExpiringModel,
Session,
User, User,
default_token_duration, default_token_duration,
) )
@ -49,19 +49,10 @@ def user_logged_in_session(sender, request: HttpRequest, user: User, **_):
session.save() session.save()
@receiver(user_logged_out) @receiver(post_delete, sender=AuthenticatedSession)
def user_logged_out_session(sender, request: HttpRequest, user: User, **_):
"""Delete AuthenticatedSession if it exists"""
if not request.session or not request.session.session_key:
return
AuthenticatedSession.objects.filter(session_key=request.session.session_key).delete()
@receiver(pre_delete, sender=AuthenticatedSession)
def authenticated_session_delete(sender: type[Model], instance: "AuthenticatedSession", **_): def authenticated_session_delete(sender: type[Model], instance: "AuthenticatedSession", **_):
"""Delete session when authenticated session is deleted""" """Delete session when authenticated session is deleted"""
cache_key = f"{KEY_PREFIX}{instance.session_key}" Session.objects.filter(session_key=instance.pk).delete()
cache.delete(cache_key)
@receiver(pre_save) @receiver(pre_save)

View File

@ -48,6 +48,7 @@ LOGGER = get_logger()
PLAN_CONTEXT_SOURCE_GROUPS = "source_groups" PLAN_CONTEXT_SOURCE_GROUPS = "source_groups"
SESSION_KEY_SOURCE_FLOW_STAGES = "authentik/flows/source_flow_stages" SESSION_KEY_SOURCE_FLOW_STAGES = "authentik/flows/source_flow_stages"
SESSION_KEY_SOURCE_FLOW_CONTEXT = "authentik/flows/source_flow_context"
SESSION_KEY_OVERRIDE_FLOW_TOKEN = "authentik/flows/source_override_flow_token" # nosec SESSION_KEY_OVERRIDE_FLOW_TOKEN = "authentik/flows/source_override_flow_token" # nosec
@ -261,6 +262,7 @@ class SourceFlowManager:
plan.append_stage(stage) plan.append_stage(stage)
for stage in self.request.session.get(SESSION_KEY_SOURCE_FLOW_STAGES, []): for stage in self.request.session.get(SESSION_KEY_SOURCE_FLOW_STAGES, []):
plan.append_stage(stage) plan.append_stage(stage)
plan.context.update(self.request.session.get(SESSION_KEY_SOURCE_FLOW_CONTEXT, {}))
return plan.to_redirect(self.request, flow) return plan.to_redirect(self.request, flow)
def handle_auth( def handle_auth(

View File

@ -2,22 +2,16 @@
from datetime import datetime, timedelta from datetime import datetime, timedelta
from django.conf import ImproperlyConfigured
from django.contrib.sessions.backends.cache import KEY_PREFIX
from django.contrib.sessions.backends.db import SessionStore as DBSessionStore
from django.core.cache import cache
from django.utils.timezone import now from django.utils.timezone import now
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.core.models import ( from authentik.core.models import (
USER_ATTRIBUTE_EXPIRES, USER_ATTRIBUTE_EXPIRES,
USER_ATTRIBUTE_GENERATED, USER_ATTRIBUTE_GENERATED,
AuthenticatedSession,
ExpiringModel, ExpiringModel,
User, User,
) )
from authentik.events.system_tasks import SystemTask, TaskStatus, prefill_task from authentik.events.system_tasks import SystemTask, TaskStatus, prefill_task
from authentik.lib.config import CONFIG
from authentik.root.celery import CELERY_APP from authentik.root.celery import CELERY_APP
LOGGER = get_logger() LOGGER = get_logger()
@ -38,40 +32,6 @@ def clean_expired_models(self: SystemTask):
obj.expire_action() obj.expire_action()
LOGGER.debug("Expired models", model=cls, amount=amount) LOGGER.debug("Expired models", model=cls, amount=amount)
messages.append(f"Expired {amount} {cls._meta.verbose_name_plural}") messages.append(f"Expired {amount} {cls._meta.verbose_name_plural}")
# Special case
amount = 0
for session in AuthenticatedSession.objects.all():
match CONFIG.get("session_storage", "cache"):
case "cache":
cache_key = f"{KEY_PREFIX}{session.session_key}"
value = None
try:
value = cache.get(cache_key)
except Exception as exc:
LOGGER.debug("Failed to get session from cache", exc=exc)
if not value:
session.delete()
amount += 1
case "db":
if not (
DBSessionStore.get_model_class()
.objects.filter(session_key=session.session_key, expire_date__gt=now())
.exists()
):
session.delete()
amount += 1
case _:
# Should never happen, as we check for other values in authentik/root/settings.py
raise ImproperlyConfigured(
"Invalid session_storage setting, allowed values are db and cache"
)
if CONFIG.get("session_storage", "cache") == "db":
DBSessionStore.clear_expired()
LOGGER.debug("Expired sessions", model=AuthenticatedSession, amount=amount)
messages.append(f"Expired {amount} {AuthenticatedSession._meta.verbose_name_plural}")
self.set_status(TaskStatus.SUCCESSFUL, *messages) self.set_status(TaskStatus.SUCCESSFUL, *messages)

View File

@ -11,6 +11,7 @@
build: "{{ build }}", build: "{{ build }}",
api: { api: {
base: "{{ base_url }}", base: "{{ base_url }}",
relBase: "{{ base_url_rel }}",
}, },
}; };
window.addEventListener("DOMContentLoaded", function () { window.addEventListener("DOMContentLoaded", function () {

View File

@ -16,12 +16,14 @@
{% block head_before %} {% block head_before %}
{% endblock %} {% endblock %}
<link rel="stylesheet" type="text/css" href="{% static 'dist/authentik.css' %}"> <link rel="stylesheet" type="text/css" href="{% static 'dist/authentik.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'dist/custom.css' %}" data-inject> <style>{{ brand_css }}</style>
<script src="{% versioned_script 'dist/poly-%v.js' %}" type="module"></script> <script src="{% versioned_script 'dist/poly-%v.js' %}" type="module"></script>
<script src="{% versioned_script 'dist/standalone/loading/index-%v.js' %}" type="module"></script> <script src="{% versioned_script 'dist/standalone/loading/index-%v.js' %}" type="module"></script>
{% block head %} {% block head %}
{% endblock %} {% endblock %}
<meta name="sentry-trace" content="{{ sentry_trace }}" /> {% for key, value in html_meta.items %}
<meta name="{{key}}" content="{{ value }}" />
{% endfor %}
</head> </head>
<body> <body>
{% block body %} {% block body %}

View File

@ -10,7 +10,7 @@
{% endblock %} {% endblock %}
{% block body %} {% block body %}
<ak-message-container></ak-message-container> <ak-message-container alignment="bottom"></ak-message-container>
<ak-interface-admin> <ak-interface-admin>
<ak-loading></ak-loading> <ak-loading></ak-loading>
</ak-interface-admin> </ak-interface-admin>

View File

@ -4,7 +4,7 @@
{% load i18n %} {% load i18n %}
{% block head_before %} {% block head_before %}
<link rel="prefetch" href="{% static 'dist/assets/images/flow_background.jpg' %}" /> <link rel="prefetch" href="{{ request.brand.branding_default_flow_background_url }}" />
<link rel="stylesheet" type="text/css" href="{% static 'dist/patternfly.min.css' %}"> <link rel="stylesheet" type="text/css" href="{% static 'dist/patternfly.min.css' %}">
<link rel="stylesheet" type="text/css" href="{% static 'dist/theme-dark.css' %}" media="(prefers-color-scheme: dark)"> <link rel="stylesheet" type="text/css" href="{% static 'dist/theme-dark.css' %}" media="(prefers-color-scheme: dark)">
{% include "base/header_js.html" %} {% include "base/header_js.html" %}
@ -13,7 +13,7 @@
{% block head %} {% block head %}
<style> <style>
:root { :root {
--ak-flow-background: url("{% static 'dist/assets/images/flow_background.jpg' %}"); --ak-flow-background: url("{{ request.brand.branding_default_flow_background_url }}");
--pf-c-background-image--BackgroundImage: var(--ak-flow-background); --pf-c-background-image--BackgroundImage: var(--ak-flow-background);
--pf-c-background-image--BackgroundImage-2x: var(--ak-flow-background); --pf-c-background-image--BackgroundImage-2x: var(--ak-flow-background);
--pf-c-background-image--BackgroundImage--sm: var(--ak-flow-background); --pf-c-background-image--BackgroundImage--sm: var(--ak-flow-background);

View File

@ -1,9 +1,17 @@
"""Test API Utils""" """Test API Utils"""
from rest_framework.exceptions import ValidationError from rest_framework.exceptions import ValidationError
from rest_framework.serializers import (
HyperlinkedModelSerializer,
)
from rest_framework.serializers import (
ModelSerializer as BaseModelSerializer,
)
from rest_framework.test import APITestCase from rest_framework.test import APITestCase
from authentik.core.api.utils import ModelSerializer as CustomModelSerializer
from authentik.core.api.utils import is_dict from authentik.core.api.utils import is_dict
from authentik.lib.utils.reflection import all_subclasses
class TestAPIUtils(APITestCase): class TestAPIUtils(APITestCase):
@ -14,3 +22,14 @@ class TestAPIUtils(APITestCase):
self.assertIsNone(is_dict({})) self.assertIsNone(is_dict({}))
with self.assertRaises(ValidationError): with self.assertRaises(ValidationError):
is_dict("foo") is_dict("foo")
def test_all_serializers_descend_from_custom(self):
"""Test that every serializer we define descends from our own ModelSerializer"""
# Weirdly, there's only one serializer in `rest_framework` which descends from
# ModelSerializer: HyperlinkedModelSerializer
expected = {CustomModelSerializer, HyperlinkedModelSerializer}
actual = set(all_subclasses(BaseModelSerializer)) - set(
all_subclasses(CustomModelSerializer)
)
self.assertEqual(expected, actual)

Some files were not shown because too many files have changed in this diff Show More