790ae0c3d8
web: rework storybook for flow components and to make the design consistent ( #15415 )
...
* unrelated: improve schema for authenticator validate device class
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix static for storybook
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix flow interface for storybook
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rework storybooks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix email authenticator icon
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix accidental nested flow card
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix webauthn padding partially
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix autosubmit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make consent stage look good
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* clean
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add password stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start executor stories
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix invalid html
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix frame stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix design for device picker
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix most of the padding
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use footer band for password recoery
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add prompt stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix table persistence
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-07-06 00:26:22 +02:00
d0127d83c9
stages/user_login: unknown device ( #14459 )
...
* unrelated: add tests for session binding
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial implementation
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* also check currently authenticated sessions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow other stages to set known_device, and if set don't override it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add options
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-07-04 21:12:09 +02:00
e87bc94b95
release: backport 2025.6.3 ( #15292 )
...
release: 2025.6.3
2025-06-27 16:21:18 +02:00
d4ca070d76
core: better API validation for JSON fields ( #15236 )
...
* core: better API validation for JSON fields
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-25 15:05:32 +02:00
bf4e8dbedc
core: include more authenticator details when possible ( #15224 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-24 23:52:06 +02:00
53d8f9bd8c
stages/authenticator_webauthn: add option to configure max attempts ( #15041 )
...
* house keeping - migrate to session part 1
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* cleanup v2
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add max_attempts
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* teeny tiny cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-23 01:49:07 +02:00
36c9929e1f
events: add option to send notifications to event user ( #15083 )
...
* events: add option to send notifications to event user
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-18 13:39:56 +02:00
f025d0d1d5
enterprise/search: ability to use more precise search queries ( #7698 )
...
* api: use DjangoQL for searches
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* expand search input and use textarea for multiline
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start implementing autocomplete
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only use ql for events
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make QL search opt in
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make pretend json relation work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make autocomplete l1 work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* use forked js lib with types, separate QL
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* first attempt at making it fit our UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make dark theme somewhat work, fix search
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make more parts work
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make auto complete box be under cursor
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: ripplefcl <github@ripple.contact >
* remove django autocomplete for now
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-add event filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix search when no ql is enabled
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make meta+enter submit, fix colour
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make dark theme
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* formatting
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* enterprise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Update authentik/enterprise/search/apps.py
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens L. <jens@beryju.org >
* add json element autocomplete
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: ripplefcl <github@ripple.contact >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix query
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix search reset
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix dark theme
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Jens L. <jens@beryju.org >
Co-authored-by: ripplefcl <github@ripple.contact >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-06-18 12:23:00 +02:00
da6d4ede51
root: backport version bump 2025.6.2 ( #15078 )
...
release: 2025.6.2
2025-06-17 00:21:39 +02:00
734db4dee6
events: rework metrics endpoint ( #14934 )
...
* rework event volume
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* the rest of the owl
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* client-side data padding
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* I love deleting code
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix clamping
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* chunk it
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add event-to-color map
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* sync colours
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* switch colours
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* heatmap?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Revert "heatmap?"
This reverts commit c1f549a18b6d6175b96b3717903f12jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-06-10 02:36:09 +02:00
c60a145f95
root: backport 2025.6.1 bump ( #14970 )
...
release: 2025.6.1
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-06-09 04:15:33 +02:00
7a8c2e7ad9
root: backport version bump 2025.6.0 ( #14904 )
...
* release: 2025.6.0-rc1
* release: 2025.6.0
2025-06-04 18:28:52 +02:00
59e686c8b9
sources/ldap: add user_membership_attribute ( #14784 )
2025-05-30 18:34:13 +02:00
c4bb19051d
sources/ldap: add forward deletion option ( #14718 )
...
* sources/ldap: add forward deletion option
* remove unnecessary `blank=True`
* clarify `validated_by` `help_text`
* add indices to `validated_by`
* factor out `get_identifier` everywhere and `get_attributes`
I don't know what that additional `in` check is for, but I'm not about
to find out.
* add tests for known good user and group
* fixup! add tests for known good user and group
* fixup! add tests for known good user and group
2025-05-28 13:22:59 +02:00
65517f3b7f
enterprise/stages: Add MTLS stage ( #14296 )
...
* prepare client auth with inbuilt server
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* introduce better IPC auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only allow trusted proxies to set MTLS headers
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more stage progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont fail if ipc_key doesn't exist
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* actually install app
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update API
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unquote
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix int serial number not jsonable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* init ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add UI
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* unrelated: fix git pull in makefile
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix parse helper
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add test for outpost
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more tests and improvements
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve labels
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs on brand
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for multiple CAs to MTLS stage
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont log ipcuser secret views
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix go mod
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-05-19 22:48:17 +02:00
75a0ac9588
release: 2025.4.1 ( #14527 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
# Conflicts:
# package.json
2025-05-15 20:12:41 +02:00
e76d388ce4
release: 2025.4.0 ( #14299 )
...
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-04-30 13:15:38 +00:00
723dccdae3
enterprise/policies: Add Password Uniqueness History Policy ( #13453 )
...
Co-authored-by: David Gunter <david@davidgunter.ca >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-04-22 14:39:07 +02:00
5e6874cc1f
web: add remember me feature to IdentificationStage ( #10397 )
...
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-04-17 10:37:49 +00:00
155a31fd70
sources/oauth: introduce authorization code auth method ( #14034 )
...
Co-authored-by: Rsgm <rsgm123@gmail.com >
2025-04-16 13:00:08 +00:00
03d5dad867
rbac: add InitialPermissions ( #13795 )
...
* add `InitialPermissions` model to RBAC
This is a powerful construct between Permission and Role to set initial
permissions for newly created objects.
* use safer `request.user`
* fixup! use safer `request.user`
* force all self-defined serializers to descend from our custom one
See https://github.com/goauthentik/authentik/pull/10139
* reorganize initial permission assignment
* fixup! reorganize initial permission assignment
2025-04-14 17:55:49 +02:00
edf3300944
policies/reputation: limit reputation score ( #14008 )
...
* add limits to reputation score
* limit reputation score limits
Upper to non-negative, Lower to non-positive
* simplify tests
* "fix" bandit false-positives
* move magic numbers to constants
Is it too much to ask for a world in which I can just import these
straight from Python?
2025-04-14 14:18:59 +00:00
7fd35b1dfc
sources/ldap: add source connections ( #13796 )
2025-04-11 12:07:18 +00:00
395ad722b7
core: migrate all sessions to the database ( #9736 )
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-04-11 09:10:55 +02:00
5d2685341d
sources/ldap: lookup group memberships from user attribute ( #12661 )
...
* sources/ldap: add support for group lookups from user
* sources/ldap: implement working membership lookups
* sources/ldap: add schema changes
* sources/ldap: add group membership toggle ui element
* sources/ldap: lint changed files
* website/docs: add note about lookups to AD docs
* Update website/docs/users-sources/sources/directory-sync/active-directory/index.md
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Amélie Krejčí <amelie@krejci.vip >
* website/docs: simplify wording of attribute documentation
Follows suggestions from @jorhett
* sources/ldap: add missing spaces in docstrings
Follows suggestions from @jorhett
* Add a test for memberof attribute
* sources/ldap: implement test
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-migrate
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* revert website changes in favor of #13966
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* update frontend help text
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
---------
Signed-off-by: Amélie Krejčí <amelie@krejci.vip >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Shawn Weeks <sweeks@weeksconsulting.us >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Co-authored-by: Jo Rhett <geek@jorhett.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-04-10 14:37:38 +02:00
e4d2a53ccc
release: 2025.2.4 ( #13830 )
...
* release: 2025.2.4
* bump version in uv.lock
2025-04-08 19:16:00 +00:00
41dc23b3c2
core: users API: add date_joined ( #13817 )
2025-04-08 13:26:11 +00:00
3ad7f4dc24
sources: move identifier to parent model ( #13797 )
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-04-07 18:01:41 +02:00
a8c9b3a8ba
sources/kerberos, saml: allow creation of connections from the API ( #13794 )
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
2025-04-07 14:35:52 +00:00
46261a4f42
*/saml: allow for domainless SAML URLs ( #13737 )
2025-04-01 01:41:18 +02:00
bcfd6fefa7
release: 2025.2.3 ( #13705 )
...
* release: 2025.2.3
* fix uv lock not being bumped
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-28 17:08:57 +01:00
ce23209ae8
events: add configurable headers to webhooks ( #13602 )
...
* events: add configurable headers to webhooks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it a full thing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-21 19:37:15 +00:00
27856ec301
brands: add option to set global default flow background ( #13079 )
...
* brands: add option to set global default flow background
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-20 01:07:05 +00:00
f37e1ca642
brands: migrate custom CSS to brands ( #13172 )
...
* brands: migrate custom CSS to brands
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing default
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simpler migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add css to brand form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-19 22:52:38 +00:00
c93d85731c
providers/saml: configurable AuthnContextClassRef ( #13566 )
...
* providers/saml: make AuthnContextClassRef configurable
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* providers/saml: fix incorrect AuthInstant
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-19 14:42:55 +00:00
bb20576d84
providers/scim: save attributes returned from remote system like google workspace and entra ID ( #13459 )
...
providers/scim: save attributes returned from remote system like google workspace and entra
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-18 13:35:56 +00:00
2e3624ea82
release: 2025.2.2 ( #13554 )
2025-03-17 22:10:22 +01:00
c47fb2612a
providers/scim: add compatibility mode for AWS & Slack ( #13342 )
...
* providers/scim: override AWS patch support
AWS /ServiceProviderConfig query responds that it supports patch,
but they only support patching a single group property.
resolves #12321
* introduce compatibility mode for scim provider instead of hack
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
* add option for slack
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-03-12 16:56:30 +00:00
b0671e26c8
stages/email: token_expiry format ( #13394 )
...
* Change token_expiry type from integer to text in Email Stage to unify with timedelta_string_validator
* Add migration file for token_expiry format, change from number to text field in the UI
* Fix token_expiry new format in stage.py in Email Stage
* fix linting
* Update web/src/admin/stages/email/EmailStageForm.ts
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
* Use db_alias and using() for the queries
* Make valid_delta more readable
* use <ak-utils-time-delta-help> in the UI
* fix missing import
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-03-11 17:22:30 +01:00
b5a8957720
lib/sync/outgoing: add dry run ( #13244 )
...
* lib/sync/outgoing: add dry run
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add option to temporarily override dry run
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* web a
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* web b
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add some test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add more tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add dry run label
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add support for entra too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add entra test and improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-03-01 19:44:17 +00:00
989d39b154
release: 2025.2.1 ( #13278 )
2025-02-27 10:55:18 +00:00
2b39748c84
root: Backport version 2025.2 ( #13225 )
...
* release: 2025.2.0-rc1
* release: 2025.2.0-rc2
* release: 2025.2.0-rc3
* release: 2025.2.0
2025-02-24 18:35:13 +01:00
2128e7f45f
providers/rac: move to open source ( #13015 )
...
* move RAC to open source
* move web out of enterprise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove enterprise license requirements from RAC
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-02-19 12:48:11 +01:00
ab8f5a2ac4
policies/geoip: distance + impossible travel ( #12541 )
...
* add history distance checks
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start impossible travel
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* optimise
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ui start
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix and add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix ui, fix missing api
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-02-17 18:47:25 +01:00
4ba360e7af
stages/authenticator_email: Email OTP ( #12630 )
...
* stages/authenticator_email: Add basic structure for stages/authenticator_email
* stages/authenticator_email: Add stages/authenticator_email django app to settings.py
* stages/authenticator_email: Fix imports due changes introduced in #12598
* stages/authenticator_email: fix linting
* stages/authenticator_email: Add tests for token verification
* Add UI structure for authenticator_email
* Add autheticator_email to AuthenticatorValidateStageForm.ts and create AuthenticatorEmailStageForm.ts
* Add serializer property to emaildevice
* Add DeviceClasses.EMAIL to DeviceClasses
* Add migration file for DeviceClasses change (added email)
* Add new schema.yml and blueprints/schema.json to refelct email authenticator
* Fix UI to show the Email Authenticator
* Add support for email templates for the email authenticator
* Add templates
* Add DeviceClasses.EMAIL option to authenticator_validate/stage.py
* Fix logic for sending emails in stage.py and use the proper class AuthenticatorEmailStage in tasks.py
* Fix token expiration display in the email templates
* Fix authenticator email stage set up
* Add template and email to api response for Authenticator Email stage
* Fix Authenticator Email stage set up form
* Use different flow if the user has an email configured or not for Authenticator Email stage UI
* Use the correct field for the token in AuthenticatorEmailStage.ts
* Fix linting and code style
* Use the correct assertions in tests
* Fix mask email helper
* Add missing cases for Email Authenticator in the UI
* Fix email sending, add _compose_email() method to EmailDevice
* Fix cosmetic changes
* Add support for email device challenge validation in validate_selected_challenge
* Fix tests
* Add from_address to email template
* Refactor tests
* Update API Schema
* Refactor AuthenticatorEmailStage UI for cleaner code
* Fix saving token_expiry in the stage configuration
* Remove debug statements
* Add email connection settings to the Email authenticator stage configuration UI
* Remove unused field activate_on_success from AuthenticatorEmailStage
* Add tests for duplicate email, token expiration and template error
* cosmetic/styling changes
* Use authentik's GroupMemberSerializer and ManagedAppConfig in api and apps for email authenticathor
* stages/authenticator_email: Fix typos, styling and unused fields
* stages/authenticator_email: remove unused field responseStatus
* stages/authenticator_email: regen migrations
* Fix linting issues
* Fix app label issue, typos, missing user field
* Add a trailing space in email_otp.txt RFC 3676 sec. 4.3
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
* Move mask_email method to a helper function in authentik.lib.utils.email
* Remove unused function
* Use authentik.stages.email.tasks instead of authentik.stages.authenticator_email.tasks, delete authentik.stages.authenticator_email.tasks
* Fix use global settings not using the global setting if there's a default
* Revert "Fix use global settings not using the global setting if there's a default"
This reverts commit 3825248bb4marce@melizeche.com >
* Change Email Authenticator Setup Stage name for consistency with other authenticators
* Add tests to test properties and methods of EmailDevice and AuthenticatorEmailStage, add test for email tasks
* Add tests for email challenge in authenticator_validate
* Update migration to reflect new verbose name for AuthenticatorEmailStage
* Update schema.yml to reflect new verbose name for AuthenticatorEmailStage
* Add default email subject in Email Authenticator Setup Stage configuration
* Remove from_address from email template to ensure global settings use if use global settings is on
* Add flow-default-authenticator-email-setup.yaml blueprint
* Move email authenticator blueprint to the examples folder
* Update authentik/stages/authenticator_email/models.py
Signed-off-by: Jens L. <jens@beryju.org >
* Change self.user_pk to self.user_id because user_pk doesn't exists here
* Remove unused logger import
* Remove more unused logger import
* Add error handling to authentik.lib.utils.email.mask_email
* fix linting
* don't catch Exception
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update icons
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com >
Signed-off-by: Jens L. <jens@beryju.org >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space >
Co-authored-by: Jens L. <jens@beryju.org >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-02-17 15:16:58 +01:00
1614f3174f
web/admin: fix source selection for identification stage ( #13007 )
...
closes #12995
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-02-13 13:30:04 +01:00
1f79b5acb7
core: show last password change date ( #12958 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-02-10 16:13:04 +01:00
6549b303d5
enterprise/providers: SSF ( #12327 )
...
* init
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix some other stuff
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix missing format
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make it work, send verification event
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more progress
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* save iss
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add signals for MFA devices
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* refactor more
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* re-work auth
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add API to list ssf streams
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start rbac
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add ssf icon
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix web
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix bugs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* make events expire, rewrite sending logic
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add oidc token test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add stream list
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add jwks tests and fixes
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update web ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix configuration endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* replace port number correctly
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* better log what went wrong
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* linter has opinions
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix messages
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix set status
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* more debug logging
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix issuer here too
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove port :443...removal
apparently apple's HTTP logic is wrong and includes the port in the Host header even if the default port is used (80 or 443), which then fails as the URL doesn't exactly match what the admin configured...so instead of trying to add magic about this we'll add it in the docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix error when no request in context
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add signal for admin session revoke
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* set txn based on request id
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* validate method and endpoint url
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix request ID detection
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add timestamp
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* temp migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add signal tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* the final commit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ok actually the last commit
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-02-05 17:52:14 +01:00
8cad66536c
release: 2024.12.3 ( #12883 )
...
* release: 2024.12.3
* ci: fix permissions for release-publish pipeline
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ci: fix missing dockerhub login
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2025-01-29 23:35:06 +01:00
1ce3dfd17f
sources: allow uuid or slug to be used for retrieving a source ( #12780 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2025-01-23 12:26:58 +01:00
Jens L.
Simonyi Gergő
Marcelo Elizeche Landó
Ken Sternberg
Marc 'risson' Schmitt
Amélie Lilith Krejčí
Jo Rhett
Marcelo Elizeche Landó