9bacaf984d
internal/outpost/ldap: remove Printf in MemberForGroup loop ( #22952 )
2026-06-15 16:50:05 +02:00
c3c6508b67
providers/radius: fix panic in log due to type ( #22965 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-06-10 00:12:33 +02:00
5727ae4271
core, internal, packages: fix British spellings flagged by cspell ( #22819 )
...
* core, internal, packages: fix British spellings flagged by cspell
Apply American spellings in Python docstrings/comments, Go log messages, a Rust doc comment, and a template comment (behaviour->behavior, initialise->initialize, finalise->finalize, etc.). Part of enabling cspell's British-spelling rule; the rule itself lands in a separate PR once all areas are clean.
Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com >
* gen
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-06-08 14:55:31 +02:00
0e4af73baf
providers/radius: fix eap debug logging ( #22551 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-05-22 14:16:36 +02:00
78f5d85a8b
internal: Automated internal backport: GHSA-5wcc-hf24-rf5h.sec.patch to authentik-main ( #22304 )
...
Automated internal backport of patch GHSA-5wcc-hf24-rf5h.sec.patch to authentik-main
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-05-12 19:37:42 +02:00
311954f920
providers/radius: fix message authenticator validation ( #21824 )
...
* providers/radius: fix message authenticator validation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix panic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* send message auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-25 20:53:29 +02:00
79473341d6
internal/outpost: serialize websocket writes to prevent panic ( #21728 )
...
The outpost API controller shares a single *websocket.Conn across
multiple goroutines: the event-handler loop, the 10s health ticker
(SendEventHello), the shutdown path (WriteMessage close), initEvent
writing the hello frame on (re)connect, and RAC session handlers that
also invoke SendEventHello. gorilla/websocket explicitly documents that
concurrent WriteMessage/WriteJSON calls are unsafe and will panic with
"concurrent write to websocket connection", which takes the outpost
(and embedded-outpost authentik-server) pod down.
Fix by adding a sync.Mutex on APIController guarding every write path
on eventConn (initEvent hello, Shutdown close message, SendEventHello).
Reads (ReadJSON in startEventHandler) are left unsynchronized as
gorilla permits a single concurrent reader alongside a writer.
Minimal, localized change: no API changes, no behavior changes, writes
are already infrequent so lock contention is negligible.
Refs #11090
Co-authored-by: curiosity <curiosity@somni.dev >
2026-04-23 02:33:10 +02:00
a6775bc61e
tests: refactor test harness to split apart a single file ( #21391 )
...
* re-instate previously flaky test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* break up big file
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move geoip data to subdir
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* i am but a weak man
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ldap disconnect in testing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* account for mismatched uid due to test server process
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-05 22:12:52 +02:00
d5ee53feb2
providers/ldap: inherit adjustable page size for LDAP searchers ( #21377 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-04 22:42:35 +02:00
1ceb46ca15
providers/proxy: fix oidc client not using socket in embedded outpost ( #21280 )
...
* providers/proxy: fix oidc client not using socket in embedded outpost
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* cleanup and switch
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-04-02 16:50:12 +02:00
ba82c97409
core: bump beryju.io/ldap from 0.1.0 to 0.2.1 ( #21235 )
...
* core: bump beryju.io/ldap from 0.1.0 to 0.2.1
Bumps [beryju.io/ldap](https://github.com/beryju/ldap ) from 0.1.0 to 0.2.1.
- [Commits](https://github.com/beryju/ldap/compare/v0.1.0...v0.2.1 )
---
updated-dependencies:
- dependency-name: beryju.io/ldap
dependency-version: 0.2.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* update code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-04-02 14:37:00 +02:00
189251dc26
proviers/ldap: avoid concurrent header writes in API Client ( #21223 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-03-29 20:52:49 +02:00
2f70351c90
packages/client-go: init ( #21139 )
...
* packages/client-go: init
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove mod/sum
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix translate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* no go replace
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update rust makefile with pwd
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* don't need a version ig?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* exclude go client from cspell
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix main docker build
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-03-25 15:26:50 +01:00
bc0cbdf4b6
internal: remove unix sockets on shutdown ( #21081 )
2026-03-23 13:42:33 +00:00
e3ddc0422a
internal/outpost/ak: fix ws URL on outpost restart ( #21041 )
2026-03-20 14:11:38 +00:00
4dfdf9afa3
root: allow listening on multiple IPs ( #20930 )
2026-03-19 15:46:47 +00:00
ec7efa53cb
providers/proxy: move search path to query instead of runtime parameter ( #20662 )
...
Co-authored-by: Dominic R <dominic@sdko.org >
2026-03-03 17:49:28 +00:00
35e025b25a
outpost/proxyv2: prevent panic in handleSignOut ( #20097 )
...
outpost/proxyv2: use safe claims extraction in handleSignOut to prevent panic
Signed-off-by: Xabier Napal <xabier.napal@dvzr.io >
2026-03-03 18:21:25 +01:00
17ab3a4b73
providers/proxy: preserve URL-encoded path characters in redirect ( #20476 )
...
Use r.URL.EscapedPath() instead of r.URL.Path when building the
redirect URL in redirectToStart(). The decoded Path field converts
%2F to /, which url.JoinPath then collapses via path.Clean, stripping
encoded slashes from the URL. EscapedPath() preserves the original
encoding, fixing 301 redirects that break apps like RabbitMQ which
use %2F in their API paths.
2026-02-23 17:30:47 +01:00
122cee049a
core: bump library/golang from 1.25.5-trixie to 1.26.0-trixie in /lifecycle/container ( #20381 )
...
* core: bump library/golang in /lifecycle/container
Bumps library/golang from 1.25.5-trixie to 1.26.0-trixie.
---
updated-dependencies:
- dependency-name: library/golang
dependency-version: 1.26.0-trixie
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* bump & fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* bump docs too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-02-19 12:35:00 +00:00
3f1a0f83ca
outpost/proxyv2: revalidate auth if session fails to load ( #18063 )
2026-02-05 17:19:28 +00:00
85434710f3
root: update client-go generation ( #19762 )
2026-01-26 19:51:38 +01:00
9cb7c74e1c
internal: fix certificate not refetched if fingerprint changes ( #19761 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-01-26 17:07:35 +01:00
bc3a1f128b
providers/proxy: Fix incorrect comparison of redirect URL and CookieDomain ( #15686 )
...
* Fix incorect comparison of redirect URL and CookieDomain. Fixes #15685
According to docs, URL.Host contains the host and port, while Hostname
returns only the host without the port. CookieDomain obviously does not
contain the port. string.HasSuffix function is used, so if a port is set
in the redirect URL, this check always fails.
* Fixed missing parentheses
---------
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-01-22 17:44:22 +00:00
3873f43ea3
outpost/proxyv2: fix stale session cookie causing 400 error in createState ( #19026 )
2026-01-13 10:52:42 -05:00
a479c79b34
internal/outpost: improve PostgreSQL connection options parsing ( #19118 )
...
* internal: Outpost's conn options should be base64 json
* correctly parse target_session_attrs + tests
* fix port handling to use env provided port
* add multiple port handling abilities to mirror the python config parser
---------
Co-authored-by: Duncan Tasker <tasatree@gmail.com >
2026-01-13 10:52:28 -05:00
1a4ae2f102
outpost/proxyv2: reduce max number of postgres connections ( #19211 )
2026-01-06 18:19:41 +00:00
4ac01724a5
rbac: Add show all to roles tab, add role tab to groups ( #19097 )
...
* improve sort order and inherit visual
* Update web/src/admin/groups/GroupViewPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/users/UserViewPage.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* Update web/src/admin/roles/RelatedRoleList.ts
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
* setup include inherited roles and fix returning nothing
* update api calls
* fix rendering error
* do not use set
* change from exception handling
* go off query param
* fix wording
* fix linting error for new group api structure
---------
Signed-off-by: Connor Peshek <connor@connorpeshek.me >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-01-05 23:14:44 +00:00
9ef7f706e9
internal: don't warn on empty outpost for embedded ( #18786 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-12-14 00:50:58 +01:00
15b93a5e9d
stages/identification: Add WebAuthn conditional UI (passkey autofill) support ( #18377 )
...
* add passkey_login to identification stage
* handle passkey auth in identification stage
* Add passkey settings in identification stage in the admin UI
* Add UI changes for basic passkey conditional login
* Fix linting
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update tests
* update admin form
* allow passing stage to validate_challenge_webauthn
* update flows/tests/test_inspector.py
* update for new field
* Fix linting
* update go solvers for identification challenge
* Refactor tests
* Skip mfa validation if user already authenticated via passkey at identification stage
* Add skip_if_passkey_authenticated option to authenticator validate stage and UI
* Add e2e test for passkey login conditional ui
* add policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Remove skip_if_passkey_authenticated
* fix blueprint
* Set backend so password stage policy knows user is already authenticated
* Set backend so password stage policy knows user is already authenticated
* fix linting
* slight tweaks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify e2e test
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-12-11 11:49:05 -03:00
3353db0d7f
outpost/proxyv2: more tests, fix pg password with spaces, and existing session on restart ( #18211 )
...
* outpost/proxyv2: handle PostgreSQL passwords with spaces and special characters
And modify / add some more tests and a bit of refactoring
* Potential fix for code scanning alert no. 268: Disabled TLS certificate check
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Dominic R <dominic@sdko.org >
* Revert "Potential fix for code scanning alert no. 268: Disabled TLS certificate check"
This reverts commit ead227a272jens@goauthentik.io >
---------
Signed-off-by: Dominic R <dominic@sdko.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-12-11 14:25:41 +00:00
f7e23295ed
core: add digraph group hierarchy ( #17050 )
...
* move imports
* core: add digraph group hierarchy
* move to permissions from Group or User to Role
* set group parents on frontend
* do not serialize `GroupParentageNode` directly
* core: enforce unique group name on database level
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use group parents in LDAP provider
* add user-role relationship control to frontend
* move materialized view to be more discoverable
* add guardian to mypy exceptions
* make `Role` a `ManagedModel`
* fixup! make `Role` a `ManagedModel`
* simplify `get_objects_for_user`
* fix flaky unit test
* rename `django-guardian` fork to `ak-guardian`
* add tests around users/groups/roles
* remove unused guardian config variable
* simplify guardian file structure
* clean up frontend
* initial docs
* remove `mode` from `InitialPermissions`
This is no longer needed, since users no longer directly have permissions.
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* clean up docs for managing permissions
* addendums from docs review
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* tweaks
* dewi and tana edits to docs
* tweak
* truly final tweaks, for now
* relabel Role Permissions table
* clarify button label
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
* merge migrations
* fixup! Merge branch 'main' into core/add-digraph-group-hierarchy
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Tana M Berry <tana@goauthentik.io >
2025-12-08 12:04:04 +01:00
1aff2c2b3a
providers/radius: revert fix inverted message authenticator validation ( #17855 ) ( #17915 )
...
Revert "providers/radius: fix inverted message authenticator validation (#17855 )"
This reverts commit 09e3301c8f
2025-11-03 16:10:41 +01:00
894db1237a
internal: add default go http server timeouts ( #17858 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-01 19:04:13 +01:00
09e3301c8f
providers/radius: fix inverted message authenticator validation ( #17855 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-11-01 17:58:48 +01:00
45d0c7c24b
web/a11y: Isolated Outpost Error Page ( #17683 )
...
* web: Remove external resources from error page.
* web: Remove home link.
2025-10-30 23:00:01 +00:00
ec00a918b3
outposts: update permissions more eagerly ( #17783 )
...
* wip
* wip
* a
* a
Signed-off-by: Dominic R <dominic@sdko.org >
* rm
* this
* rm test files
* cover one more case
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Dominic R <dominic@sdko.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-10-30 18:33:51 +01:00
9b6aa56df2
providers/radius: fix panic when no cert is configured ( #17762 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-28 15:42:11 +01:00
e7235732bb
providers/proxy: fix missing JWT/claims header ( #17759 )
...
* replace interface{} with any
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix raw token not saved to map or json
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also fix proxy claims
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-28 15:14:07 +01:00
e2904d13a9
providers/proxy: add gorm logging ( #17758 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-28 14:39:47 +01:00
e9347e88e1
providers/proxy: drop headers with underscores ( #17650 )
...
drop any headers with underscores that we set in the remote system
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-22 15:19:34 +02:00
9847c3adc8
providers/proxy: fix missing postgres import ( #17582 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-10-21 00:09:54 +02:00
795a025af9
outpost/proxyv2: postgresstore: db/pool/misc cleanup and enhancement ( #17511 )
...
* wip
* Update internal/outpost/proxyv2/application/session_postgres_test.go
Signed-off-by: Dominic R <dominic@sdko.org >
* Update refresh.go
Co-authored-by: Jens L. <jens@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
---------
Signed-off-by: Dominic R <dominic@sdko.org >
Co-authored-by: Jens L. <jens@goauthentik.io >
2025-10-20 16:25:13 +02:00
06bfcf04e3
outpost/proxyv2: postgresstore: credential refresh ( #17414 )
...
* outpost/proxyv2: postgresstore: credential refresh
* wip
* mabye
* mabye fix
2025-10-15 15:22:27 +02:00
23357f45e9
*: remove Redis leftovers ( #17146 )
...
* *: remove Redis leftovers
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* more removal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix leftover
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more removal
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* lint
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* fix broken anchor
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* re-add redis for previous version migrations
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-10-11 01:46:53 +02:00
6dde8bdd4a
outpost: proxyv2: Use Postgres for the Embedded Outpost ( #16628 )
...
* wip
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
* remove testing files
* a
* wip
* pls
* pls2
* a
* Update authentik/providers/proxy/models.py
Co-authored-by: Jens L. <jens@beryju.org >
Signed-off-by: Dominic R <dominic@sdko.org >
* makemigrations
* pls
* pls1000
* dont migrate in go
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set uuid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix more test cases
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set gorm nowfunc (gorm defaults to local time)
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve test db closing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* move expiration to field
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont' manually set table
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor tests more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more refactor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix em
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* postgres cleanup is done by worker
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update expiry and set expiring
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens L. <jens@beryju.org >
2025-10-09 16:59:15 +02:00
68292fede2
enterprise/stages/mtls: Improve Email address extraction ( #17068 )
...
* enterprise/stages/mtls: improve email attribute extraction
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* return error from outpost flow executor correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-09-28 19:28:52 +02:00
4ec785a598
core/api: Better naming for partial user/group serializer, optimise bindings ( #17022 )
...
* core: add index on Group.is_superuser (#17011 )
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update go code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also optimise bindings
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* typo
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-09-26 14:43:39 +02:00
9df7e50b8f
outposts/ldap: add pwdChangeTime attribute ( #17010 )
...
* outposts/ldap: add pwdChangeTime attribute
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* simplify
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-09-25 16:16:08 +02:00
e415d3b667
providers/ldap: add include_children parameter to cached search mode ( #16918 )
2025-09-25 14:41:33 +02:00
Jose D. Gomez R.
Jens L.
Teffen Ellis
authentik-automation[bot]
gp-somni-labs
Marc 'risson' Schmitt
dependabot[bot]
Xabier Napal
Brolywood
Chetan Sarva
Vít Skalický
Dominic R
Connor Peshek
Marcelo Elizeche Landó
Simonyi Gergő
Daniel Adu-Gyan