e095e9f694
release: 2023.10.7
2024-01-29 17:44:48 +01:00
10e311534f
security: fix CVE-2024-23647 (cherry-pick #8345 ) ( #8347 )
...
security: fix CVE-2024-23647 (#8345 )
* security: fix CVE-2024-23647
* add tests
* add website
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2024-01-29 17:42:04 +01:00
46fdb45273
root: fix redis config not being updated to match previous change
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-29 14:02:18 +01:00
6d4125cb90
root: fix listen trusted_proxy_cidrs config loading from environment ( #8075 )
...
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# go.mod
# go.sum
# internal/config/struct.go
2024-01-25 14:51:25 +01:00
bc83176962
stages/authenticator_validate: use friendly_name for stage selector when enrolling (cherry-pick #8255 ) ( #8256 )
...
stages/authenticator_validate: use friendly_name for stage selector when enrolling (#8255 )
* stages/authenticator_validate: use friendly_name for stage selector when enrolling
* fix tests
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2024-01-22 16:27:46 +01:00
0fa8432b72
rbac: fix invitations listing with restricted permissions (cherry-pick #8227 ) ( #8229 )
...
rbac: fix invitations listing with restricted permissions (#8227 )
* rbac: fix missing permission definition for list
* core: fix users's system_permissions not including role permissions
* core: don't require permissions for users/me/
* web/admin: catch error when listing stages on invitation page fails
* Revert "rbac: fix missing permission definition for list"
This reverts commit fd7572e6999df0dbda8a
2024-01-18 23:24:58 +01:00
bb9a524b53
sources/oauth: fix URLs being overwritten by OIDC urls (cherry-pick #8147 ) ( #8156 )
...
sources/oauth: fix URLs being overwritten by OIDC urls (#8147 )
* sources/oauth: fix URLs being overwritten by OIDC urls
* fix tests
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2024-01-13 16:37:47 +01:00
d31c05625b
sources/oauth: fix azure_ad user_id and add test and fallback (cherry-pick #8146 ) ( #8152 )
2024-01-12 21:01:24 +01:00
399223b770
web/flows: fix icon for generic oauth source with dark theme (cherry-pick #8148 ) ( #8151 )
2024-01-12 21:01:11 +01:00
19197d3f9b
sources/oauth: revert azure_ad profile URL change (cherry-pick #8139 ) ( #8141 )
...
sources/oauth: revert azure_ad profile URL change (#8139 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2024-01-12 16:21:59 +01:00
1cd000dfe2
release: 2023.10.6
2024-01-09 18:50:48 +01:00
00ae97944a
providers/oauth2: fix CVE-2024-21637 (cherry-pick #8104 ) ( #8105 )
...
* providers/oauth2: fix CVE-2024-21637 (#8104 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update changelog
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2024-01-09 18:32:03 +01:00
9f3ccfb7c7
web/flows: fix device picker incorrect foreground color (cherry-pick #8067 ) ( #8069 )
...
web/flows: fix device picker incorrect foreground color (#8067 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2024-01-05 15:31:08 +01:00
9ed9c39ac8
rbac: fix error when looking up permissions for now uninstalled apps (cherry-pick #8068 ) ( #8070 )
...
rbac: fix error when looking up permissions for now uninstalled apps (#8068 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2024-01-05 15:30:59 +01:00
30b6eeee9f
outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (cherry-pick #8021 ) ( #8024 )
...
outposts: disable deployment and secret reconciler for embedded outpost in code instead of in config (#8021 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-30 21:40:54 +01:00
afe2621783
providers/proxy: use access token (cherry-pick #8022 ) ( #8023 )
...
providers/proxy: use access token (#8022 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-30 18:30:42 +01:00
8b12c6a01a
outposts: fix Outpost reconcile not re-assigning managed attribute (cherry-pick #8014 ) ( #8020 )
...
outposts: fix Outpost reconcile not re-assigning managed attribute (#8014 )
* outposts: fix Outpost reconcile not re-assigning managed attribute
* rework reconcile to find both name and managed outpost
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-30 15:37:36 +01:00
f63adfed96
core: fix PropertyMapping context not being available in request context
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-23 03:05:29 +01:00
9c8fec21cf
providers/oauth2: remember session_id from initial token (cherry-pick #7976 ) ( #7977 )
...
providers/oauth2: remember session_id from initial token (#7976 )
* providers/oauth2: remember session_id original token was created with for future access/refresh tokens
* providers/proxy: use hashed session as `sid`
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-23 01:20:48 +01:00
4776d2bcc5
sources/oauth: fix missing get_user_id for OIDC-like sources (Azure AD) ( #7970 )
...
* lib: add debug requests session that shows all sent requests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sources/oauth: fix missing get_user_id for OIDC-like OAuth Sources
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# authentik/lib/utils/http.py
2023-12-22 00:13:42 +01:00
a15a040362
release: 2023.10.5
2023-12-21 14:18:36 +01:00
fcd6dc1d60
events: fix lint ( #7700 )
...
* events: fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* test without explicit poetry env use?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* delete previous poetry env
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* prevent invalid cached poetry envs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* run test-from-stable as matrix and make required
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing postgres version
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* idk
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# .github/actions/setup/action.yml
# .github/workflows/ci-main.yml
2023-12-19 18:40:14 +01:00
acc3b59869
events: add better fallback for sanitize_item to ensure everything can be saved as JSON (cherry-pick #7694 ) ( #7937 )
...
events: add better fallback for sanitize_item to ensure everything can be saved as JSON (#7694 )
* events: fix events sanitizing not handling all types
* remove some leftover prints
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-19 18:31:20 +01:00
d9d5ac10e6
events: include user agent in events (cherry-pick #7693 ) ( #7938 )
...
events: include user agent in events (#7693 )
* events: include user agent in events
* fix tests
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-19 18:31:06 +01:00
750669dcab
stages/email: improve error handling for incorrect template syntax (cherry-pick #7758 ) ( #7936 )
...
stages/email: improve error handling for incorrect template syntax (#7758 )
* stages/email: improve error handling for incorrect template syntax
* add tests
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-19 18:30:56 +01:00
88a3eed67e
root: don't show warning when app has no URLs to import (cherry-pick #7765 ) ( #7935 )
...
root: don't show warning when app has no URLs to import (#7765 )
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-19 18:30:49 +01:00
6c214fffc4
blueprints: improve file change handler (cherry-pick #7813 ) ( #7934 )
...
blueprints: improve file change handler (#7813 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-19 18:30:37 +01:00
70100fc105
web/user: fix search not updating app (cherry-pick #7825 ) ( #7933 )
...
web/user: fix search not updating app (#7825 )
web/user: fix app not updating
so when using two classes in a classMap directive, the update fails (basically saying that each class must be separated), however this error only shows when directly calling requestUpdate and is swallowed somewhere when relying on the default render cycle
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-19 18:30:23 +01:00
3c1163fabd
root: Fix cache related image build issues (cherry-pick #7831 ) ( #7932 )
...
Fix cache related image build issues
Co-authored-by: Philipp Kolberg <philipp.kolberg@t-online.de>
2023-12-19 18:30:15 +01:00
539e8242ff
web: fix overflow glitch on ak-page-header (cherry-pick #7883 ) ( #7931 )
...
web: fix overflow glitch on ak-page-header (#7883 )
By adding 'grow' but not 'shrink' to the header section, the page was allowed to allocate
as much width as was available when the window opened, but not allowed to resize the width
if it was pushed closed by zoom, page resize, or summon sidebar.
This commit adds 'shrink' to the capabilities of the header.
Co-authored-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>
2023-12-19 18:30:04 +01:00
2648333590
providers/scim: change familyName default (cherry-pick #7904 ) ( #7930 )
...
providers/scim: change familyName default (#7904 )
* Update providers-scim.yaml
* fix: add formatted to match the givenName & familyName
* fix, update tests
---------
Signed-off-by: Antoine <antoine+github@jiveoff.fr>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
Co-authored-by: Antoine <antoine+github@jiveoff.fr>
2023-12-19 18:29:55 +01:00
fe828ef993
tests: fix flaky tests (cherry-pick #7676 ) ( #7939 )
...
tests: fix flaky tests (#7676 )
* tests: fix flaky tests
* make test-from-stable use actual latest version
* fix checkout
* remove hardcoded seed
* ignore tests for now i guess idk
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-12-19 18:29:44 +01:00
29a6530742
web: dark/light theme fixes ( #7872 )
...
* web: fix css for user tree-view
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix unrelated things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix header button colors
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix missing fallback not showing default slant
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move global theme-dark css to only use for SSR rendered pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# .github/workflows/ci-main.yml
# web/xliff/fr.xlf
2023-12-19 18:18:19 +01:00
a6b9274c4f
web/admin: always show oidc well-known URL fields when they're set ( #7560 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# web/xliff/de.xlf
# web/xliff/en.xlf
# web/xliff/es.xlf
# web/xliff/fr.xlf
# web/xliff/pl.xlf
# web/xliff/pseudo-LOCALE.xlf
# web/xliff/tr.xlf
# web/xliff/zh-Hans.xlf
# web/xliff/zh-Hant.xlf
# web/xliff/zh_TW.xlf
2023-12-19 18:10:40 +01:00
a2a67161ac
release: 2023.10.4
2023-11-21 18:38:24 +01:00
2e8263a99b
web: fix locale
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-11-21 18:20:41 +01:00
6b9afed21f
security: fix CVE-2023-48228 (cherry-pick #7666 ) ( #7668 )
...
security: fix CVE-2023-48228 (#7666 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-21 18:13:54 +01:00
1eb1f4e0b8
web/admin: fix admins not able to delete MFA devices ( #7660 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# web/xliff/zh-Hans.xlf
2023-11-21 15:24:37 +01:00
7c3d60ec3a
events: don't update internal service accounts unless needed (cherry-pick #7611 ) ( #7640 )
...
events: stop spam (#7611 )
* events: don't log updates to internal service accounts
* dont log reputation updates
* don't actually ignore things, stop updating outpost user when not required
* prevent updating internal service account users
* fix setattr call
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-20 19:43:30 +01:00
a494c6b6e8
root: specify node and python versions in respective config files, deduplicate in CI ( #7620 )
...
* root: specify node and python versions in respective config files, deduplicate in CI
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix engines missing for wdio
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* bump setup python version
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* actually don't bump a bunch of things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# poetry.lock
# website/package.json
2023-11-19 00:35:55 +01:00
6604d3577f
core: bump golang from 1.21.3-bookworm to 1.21.4-bookworm (cherry-pick #7483 ) ( #7622 )
...
core: bump golang from 1.21.3-bookworm to 1.21.4-bookworm
Bumps golang from 1.21.3-bookworm to 1.21.4-bookworm.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-19 00:33:07 +01:00
f8bfa7e16a
ci: fix permissions for release pipeline to publish binaries (cherry-pick #7512 ) ( #7621 )
...
ci: fix permissions for release pipeline to publish binaries (#7512 )
ci: fix permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-19 00:31:20 +01:00
ea6cf6eabf
events: fix missing model_* events when not directly authenticated (cherry-pick #7588 ) ( #7597 )
...
events: fix missing model_* events when not directly authenticated (#7588 )
* events: fix missing model_* events when not directly authenticated
* defer accessing database
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-16 12:59:41 +01:00
769ce3ce7b
providers/scim: fix missing schemas attribute for User and Group (cherry-pick #7477 ) ( #7596 )
...
providers/scim: fix missing schemas attribute for User and Group (#7477 )
* providers/scim: fix missing schemas attribute for User and Group
* make things actually work
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-16 12:06:01 +01:00
3891fb3fa8
events: sanitize functions (cherry-pick #7587 ) ( #7589 )
...
events: sanitize functions (#7587 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-15 23:24:13 +01:00
41eb965350
stages/email: use uuid for email confirmation token instead of username (cherry-pick #7581 ) ( #7584 )
...
stages/email: use uuid for email confirmation token instead of username (#7581 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-15 21:57:05 +01:00
8d95612287
providers/proxy: Fix duplicate cookies when using file system store. (cherry-pick #7541 ) ( #7544 )
...
providers/proxy: Fix duplicate cookies when using file system store. (#7541 )
Fix duplicate cookies when using file system store.
Co-authored-by: thijs_a <thijs@thijsalders.nl>
2023-11-13 16:02:35 +01:00
82b5274b15
release: 2023.10.3
2023-11-09 18:37:22 +01:00
af56ce3d78
core: fix worker beat toggle inverted (cherry-pick #7508 ) ( #7509 )
...
core: fix worker beat toggle inverted (#7508 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
2023-11-09 18:36:56 +01:00
f5c6e7aeb0
Web: bugfix: broken backchannel selector (cherry-pick #7480 ) ( #7507 )
...
Web: bugfix: broken backchannel selector (#7480 )
* web: break circular dependency between AKElement & Interface.
This commit changes the way the root node of the web application shell is
discovered by child components, such that the base class shared by both
no longer results in a circular dependency between the two models.
I've run this in isolation and have seen no failures of discovery; the identity
token exists as soon as the Interface is constructed and is found by every item
on the page.
* web: fix broken typescript references
This built... and then it didn't? Anyway, the current fix is to
provide type information the AkInterface for the data that consumers
require.
* web: rollback dependabot's upgrade of context
The most frustrating part of this is that I RAN THIS, dammit, with the updated
context and the current Wizard, and it finished the End-to-End tests without
complaint.
* web: bugfix: broken backchannel selector
There were two bugs here, both of them introduced by me because I didn't understand the
system well enough the first time through, and because I didn't test thoroughly enough.
The first is that I was calling the wrong confirmation code; the resulting syntax survived
because `confirm()` is actually a legitimate function call in the context of the DOM Window,
a legacy survivor similar to `alert()` but with a yes/no return value. Bleah.
The second is that the confirm code doesn't appear to pass back a dictionary with the
`{ items: Array<Provider> }` list, it passes back just the `items` as an Array.
Co-authored-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>
2023-11-09 17:58:38 +01:00
Jens Langhammer
gcp-cherry-pick-bot[bot]
Marc 'risson' Schmitt