205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity
22,497 Commits 384 Branches 449 Tags
rust-proxy
Commit Graph

347 Commits

Author SHA1 Message Date
dependabot[bot] a7a8ad8880 core: bump axllent/mailpit from v1.30.1 to v1.30.2 in /tests/e2e (#23154) 
Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-17 13:54:36 +02:00
Jens L. f4ed90fcaf tests/e2e: bump selenium and ak-agent to fix endpoint tests (#22942) 2026-06-09 01:37:58 +02:00
dependabot[bot] 835d2e5a37 core: bump goauthentik/selenium from 148.0-ak-0.43.1 to 148.0-ak-0.43.2 in /tests/e2e (#22835) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 148.0-ak-0.43.1 to 148.0-ak-0.43.2.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 148.0-ak-0.43.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-04 15:06:47 +02:00
dependabot[bot] bd1901f4ca core: bump axllent/mailpit from v1.30.0 to v1.30.1 in /tests/e2e (#22747) 
Bumps axllent/mailpit from v1.30.0 to v1.30.1.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.30.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-02 19:07:38 +02:00
Jens L. 9508ac62ce tests/e2e: fix proxy tests failing due to in-use port (#22785) 
* tests/e2e: fix proxxy tests failing due to in-use port

* correctly update providers once container is created

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix connectivity test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* idk man

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* hmm

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix duplicate port?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Revert "fix connectivity test"

This reverts commit e531c650ad.

* Revert "correctly update providers once container is created"

This reverts commit cda9684db7.

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	tests/e2e/test_provider_proxy.py

* Revert "tests/e2e: fix proxxy tests failing due to in-use port"

This reverts commit d224b54f52.

* remove debug

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-06-02 14:09:47 +02:00
Jens L. 9e03bb3b26 tests/e2e: bump endpoints version in e2e test container (#22704) 
this fixes the failing CI on endpoints, oops

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-05-28 00:07:45 +02:00
dependabot[bot] 19aedc8e1b core: bump goauthentik/selenium from 147.0-ak-0.43.0 to 148.0-ak-0.43.0 in /tests/e2e (#22664) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 147.0-ak-0.43.0 to 148.0-ak-0.43.0.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 148.0-ak-0.43.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-26 22:05:30 +02:00
dependabot[bot] c09742e98e core: bump goauthentik/selenium from 145.0-ak-0.40.5 to 147.0-ak-0.43.0 in /tests/e2e (#22617) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 145.0-ak-0.40.5 to 147.0-ak-0.43.0.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 147.0-ak-0.43.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-26 11:34:10 +02:00
dependabot[bot] 966ec0b435 core: bump axllent/mailpit from v1.29.6 to v1.30.0 in /tests/e2e (#22577) 
Bumps axllent/mailpit from v1.29.6 to v1.30.0.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.30.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-26 11:32:28 +02:00
Dominic R f6024a23ef web: fix identification stage OUIA attributes (#22049) 
* web: fix identification stage OUIA attributes

* tests/e2e: update OUIA selectors for identification stage

Match the rename of ouiaId to data-ouia-component-id in
IdentificationStage.ts so the enroll and recovery flow tests can
locate the links again.
 2026-05-06 02:31:17 +02:00
Connor Peshek a2ca19d718 providers/saml: generate issuer url when provider is set on app (#18022) 
* providers/saml: generate issuer url in saml processors unless overridded

* remove issuer

* remove duplicate

* Generate url when assertion is created and save to session

* cleanup

* Fix front-end rendering of issuer

* Update web/src/admin/providers/saml/SAMLProviderViewPage.ts

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update authentik/providers/saml/models.py

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* Update authentik/providers/saml/models.py

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Connor Peshek <connor@connorpeshek.me>

* use reverse for urls and update tests

* update issuer description

* Don't absorb sp entity id

* rename issuer_url to issuer_override

* fix migration file to rename to override

* fix migration file order

* lint, fix tests

* fix tests

* fix once again not importing the sp issuer

* build

* use const for default issuer

---------

Signed-off-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-04-28 17:31:12 -05:00
Jens L. 8f1bdc01b6 providers/oauth2: Configure allowed grant types (#20363) 
* naming cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* adjust defaults, start adding tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix proxy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt to fix e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* allow refresh token for conformance

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-27 13:36:57 +02:00
Jens L. 311954f920 providers/radius: fix message authenticator validation (#21824) 
* providers/radius: fix message authenticator validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix panic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* send message auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-25 20:53:29 +02:00
dependabot[bot] 37c6359fdf core: bump axllent/mailpit from v1.29.5 to v1.29.6 in /tests/e2e (#21398) 
Bumps axllent/mailpit from v1.29.5 to v1.29.6.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-06 10:07:55 +01:00
Jens L. a6775bc61e tests: refactor test harness to split apart a single file (#21391) 
* re-instate previously flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* break up big file

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move geoip data to subdir

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* i am but a weak man

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ldap disconnect in testing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* account for mismatched uid due to test server process

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-05 22:12:52 +02:00
Jens L. dc320df3a3 providers/rac: add e2e tests (#21390) 
* add test_runner option to not capture stdout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix exception for container failing to start not being raised

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* maybe use channels server for testing?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simplify and patch enterprise

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* simplify waiting for outpost

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add rac SSH tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix rac missing in CI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* retry on container failure

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump healthcheck tries

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* patch email port always

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix guardian cache

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only build webui when using selenium

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only use channels when needed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix coverage and combine

based on https://github.com/django/channels/issues/2063#issuecomment-2067722400

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dont even cache

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test with delete_token_on_disconnect

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-04-05 19:07:31 +02:00
dependabot[bot] a62c6c92a8 core: bump axllent/mailpit from v1.29.4 to v1.29.5 in /tests/e2e (#21226) 
Bumps axllent/mailpit from v1.29.4 to v1.29.5.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-29 20:12:26 +01:00
Jens L. 253f5d3fcf ci: only run selenium for E2E tests when needed (#21217) 
* ci: less selenium

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* oidc needs selenium

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-28 22:31:29 +01:00
dependabot[bot] dd4237a2e3 core: bump axllent/mailpit from v1.29.3 to v1.29.4 in /tests/e2e (#21061) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 13:09:22 +00:00
Jens L. db9081e7dc policies: remove BufferedPolicyAccessView (#20521) 
* policies: remove BufferedPolicyAccessView

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	authentik/policies/views.py
#	authentik/providers/oauth2/views/authorize.py
#	schema.yml
#	tests/e2e/test_provider_saml.py

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-16 18:19:15 +01:00
Jens L. 3d964ddd2e endpoints: fix tasks failing (#20904) 
* endpoints: fix tasks failing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-03-15 01:47:02 +01:00
dependabot[bot] a04571b8d8 core: bump axllent/mailpit from v1.29.2 to v1.29.3 in /tests/e2e (#20811) 
Bumps axllent/mailpit from v1.29.2 to v1.29.3.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-10 08:41:09 +00:00
dependabot[bot] ea8086be69 core: bump goauthentik/selenium from 145.0-ak-0.40.3 to 145.0-ak-0.40.5 in /tests/e2e (#20790) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 145.0-ak-0.40.3 to 145.0-ak-0.40.5.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 145.0-ak-0.40.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-09 11:27:12 +01:00
dependabot[bot] 58e4fb004b core: bump goauthentik/selenium from 145.0-ak-0.40.2 to 145.0-ak-0.40.3 in /tests/e2e (#20726) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-05 13:44:14 +01:00
dependabot[bot] 80ca1ab954 core: bump goauthentik/selenium from 145.0-ak-0.40.1 to 145.0-ak-0.40.2 in /tests/e2e (#20650) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 145.0-ak-0.40.1 to 145.0-ak-0.40.2.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 145.0-ak-0.40.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-02 12:50:33 +01:00
dependabot[bot] af0fc47939 core: bump goauthentik/selenium from 145.0-ak-0.40.0 to 145.0-ak-0.40.1 in /tests/e2e (#20585) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-27 18:49:53 +01:00
dependabot[bot] 223a8ffbb6 core: bump axllent/mailpit from v1.29.1 to v1.29.2 in /tests/e2e (#20553) 
Bumps axllent/mailpit from v1.29.1 to v1.29.2.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-25 14:43:39 +01:00
dependabot[bot] 4831497369 core: bump goauthentik/selenium from 144.0-ak-0.40.0 to 145.0-ak-0.40.0 in /tests/e2e (#20554) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 144.0-ak-0.40.0 to 145.0-ak-0.40.0.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 145.0-ak-0.40.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-25 14:43:31 +01:00
Ken Sternberg 254bfd2a60 web/maintenance: no unknown attributes part 2 (#19014) 
* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* This (temporary) change is needed to prevent the unit tests from failing.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

* Revert "This (temporary) change is needed to prevent the unit tests from failing."

This reverts commit dddde09be5.

* website: fix bad escaping of URLs in release notes

## What

Fixes bad escaping of URLs in the release notes that resulted in mangled output.

v2024.6.4 had entries that looked like this:

```
##### `GET` /providers/google_workspace/{#123;id}#125;/
```

v2025.4.md had entries that looked like this:

```
##### `GET` /policies/unique_password/{#125;#123;policy_uuid}/
```

A couple of straightforward search-and-replaces has fixed the issue.

## Notes

Two of the release notes had bad escaping of URLs. I'm not sure how the error was made or got past,
but it was obvious when visiting the page.

@Beryju suggested that the bug is due to our using `{...}` to symbolize parameters in a URL while
Docusaurus wants to interpret `{...}` as an internal template instruction, resulting in odd
behavior. In either case, docusarus interpreted the hashtagged entries as links to unrelated issues
in Github (the same two issues, which were "bump version of pylint" and "bump version of sentry"),
which could be very confusing.

The inconsistencies between the two releases, and the working releases, suggests that the error was
introduced manually.

* web/maintenance/no-unknown-attributes-1

# What

This commit is a collection of fixes and adaptations discovered while running lit-analyzer in a stricter role than usual. These fixes are to 9 of the existing issues; there are 16 more that will be addressed in the next two pull requests.

The following issues were uncovered.

- `ak-slug-input` does not take `autocomplete`.
- `ak-wizard-page-type-create` does not take, or use, the `name` attribute. It also has no `value` of its own, so it is not processed as a form object.
- `ak-endpoints-device-access-groups-form` does not take a `pk` attribute. It takes an `.instancePk` property.
- `ak-provider-oauth2-redirect-uri` is only used in one place, and that place uses the term `input-id` for the key. The component was expected `inputId`. Since it is a string and therefore an attribute, kebab-case is the appropriate fix here.
- `input-mode` is not a valid attribute. The attribute is `inputmode`, and the property is `inputMode`. It may not be undefined. If it is defined, the default is `text`. I have fixed this in the attribute and in the two Forms that used it.
- `form-associated-element` had both `name` and `type` as readonly. Since they are native attributes, they can be attributes or they can be readonly. They can’t be both. I have made them read-write.
- `user-source-settings-page` is only used in one place, and that place uses the term `input-id` for the key. The component was expected `inputId`. Since it is a string and therefore an attribute, kebab-case is the appropriate fix here.

These guideposts will be placed on the PR.

* Update web/src/admin/providers/oauth2/OAuth2ProviderRedirectURI.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>

* Update web/src/components/ak-text-input.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>

* web/maintenance/no-unknown-attributes-2

# What

This commit is a collection of fixes and adaptations discovered while running lit-analyzer in a stricter role than usual.

- `src/admin/endpoints/connectors/agent/AgentConnectorSetup.ts`

After talking to @beryju, we determined that these labels aren’t shown and aren’t used.

- `src/admin/admin-overview/AdminOverviewPage.ts`
- `src/admin/admin-overview/DashboardUserPage.ts`
- `src/elements/cards/AggregatePromiseCard.ts`
- `src/elements/cards/stories/AggregatePromiseCard.stories.ts`

The `Promise` version of our card is not used by any client code. The Dashboard pages that were importing it want the vanilla `AggregateCard` instead.

- `./src/flow/stages/identification/IdentificationStage.ts`

Anchors do not have a `name` attribute, I cannot find any code using the name attributes as lookups, nor any CSS that might use the name attributes as guides. `ak-flow-password-input` is always required; the flag is unsupported and unnecessary.

- `./src/flow/stages/password/PasswordStage.ts`

Anchors do not have a `name` attribute, I cannot find any code using the name attributes as lookups, nor any CSS that might use the name attributes as guides. `ak-flow-password-input` is always required; the flag is unsupported and unnecessary.

- `src/user/user-settings/UserSettingsPage.ts`

This change to the `UserSettingsPage`:

``` diff
-                                userId=${ifPresent(currentUser?.pk)}
+                                user-id=${ifPresent(currentUser?.pk)}
```

… corresponds correctly with:

``` typescript
    @property({ type: Number, attribute: "user-id" })
    public userId?: number;
```

I find it odd (and remarkable) that nobody has complained about this yet. I even went so far as to [confirm my understanding](https://codepen.io/kensternberg-authentik/pen/raLNBwO) and, yes:

- when an attribute is truthy, property syntax does not set the field
- when an attribute is deliberately given a kebab-case name, using the camelCase variant does not set the field

However, when the attribute is truthy, attribute names are case-insensitive: ‘user-id’ and ‘User-Id’ in client code would work just fine.

## Note

A large enough number of warnings remain. Some of those are due to `lit-analyzer` not being updated to recognize newly Baseline global DOM properties like `inert` or `popover`. The rest are from RapiDoc and QrCode, which do not supply sufficient documentation or metadata for Lit-anaylzer to read correctly.

* web/bug/hidden-secrets-not-propagating

# What

This commit updates ak-secret-text-input, adding the `name` attribute to all valid input fields and updating the value writer to match those of known-working components, to ensure that either variety of the display is fully and correctly updated with the content of the hidden secret.

# Why

The hidden input field is the one that HorizontalFormElement was expecting to read its value from, but that field never received a `name` because it wasn’t present when the field was first updated.

HorizontalFormElement writes the `name` field to the first `<input>` it finds. That was the “dummy” input field, which has no working value.

Form ignored the input element because the value it read came with an undefined name.

Object-oriented state management sometimes bites.

* Turns out, I was wrong. Someone *does* use the `name` attribute: the tests.  MDN says that `name`
is incorrect, and we should use `id` instead.  I have compromised; I have switched to using the
Open UI Automation ID instead, since that's what we're doing: automated tests.

\# What

\# Why

\# How

\# Designs

\# Test Steps

\# Other Notes

---------

Signed-off-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-02-23 12:55:26 -08:00
dependabot[bot] 7d1f7625e0 core: bump axllent/mailpit from v1.29.0 to v1.29.1 in /tests/e2e (#20310) 
Bumps axllent/mailpit from v1.29.0 to v1.29.1.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-16 13:54:55 +01:00
Jens L. ef74ca01a2 enterprise/providers: WSFed configurable realm, default wreply (#19996) 
* enterprise/providers/wsfed: make realm configurable

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make wreply optional, fallback to configure

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use audience instead of issuer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lookup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-06 00:14:10 +01:00
dependabot[bot] f85c127e82 core: bump axllent/mailpit from v1.28.4 to v1.29.0 in /tests/e2e (#19918) 
Bumps axllent/mailpit from v1.28.4 to v1.29.0.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.29.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-02 13:24:09 +01:00
dependabot[bot] a8e28216ea core: bump goauthentik/selenium from 144.0-ak-0.35.9 to 144.0-ak-0.40.0 in /tests/e2e (#19917) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 144.0-ak-0.35.9 to 144.0-ak-0.40.0.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 144.0-ak-0.40.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-02 13:23:56 +01:00
Jens L. e90c249274 common: introduce common (#19852) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-30 16:27:41 +01:00
Simonyi Gergő 1b9653901c rbac: clean up roles and permissions (#19588) 
* clean up roles and permissions

This was purposefully not included in `2025.12` to split the changes up.

The main content of this patch is in the migrations. Everything else
follows more or less automatically.

* add breaking change warning to release notes

* add `ak_groups` --> `groups` deprecated proxy

* fixup! add `ak_groups` --> `groups` deprecated proxy

* fixup! add `ak_groups` --> `groups` deprecated proxy

* fixup! add `ak_groups` --> `groups` deprecated proxy

* add configuration warning to default notifications blueprint

* add rudimentary tests for User.ak_groups

* remove no longer used permissions

* clarify deprecation

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>

* remove integration changes

These will be included in a separate PR once this is released.

---------

Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-01-29 19:12:38 +01:00
dependabot[bot] f5de9eb6c2 core: bump goauthentik/selenium from 144.0-ak-0.35.8 to 144.0-ak-0.35.9 in /tests/e2e (#19832) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 144.0-ak-0.35.8 to 144.0-ak-0.35.9.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 144.0-ak-0.35.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-29 13:12:55 +01:00
Jens L. d1fb7dde14 enterprise/providers: WS-Federation (#19583) 
* init

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix metadata

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* aight

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* progress

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix timedelta

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start testing metadata

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some more tests and schemas

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test signature

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt to fix signed xml linebreak

https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1258
https://github.com/robrichards/xmlseclibs/issues/28
https://github.com/xmlsec/python-xmlsec/issues/196
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format + gen

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* hmm

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add e2e test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* qol fix in wait_for_url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* acs -> reply url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sign_out

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix some XML typing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove verification_kp as its not used

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix reply url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add ws-fed to tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add logout test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add SAMLSession

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* refactor

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated type fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add backchannel logout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* delete import_metadata in wsfed

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include generated realm

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Update web/src/admin/providers/wsfed/WSFederationProviderViewPage.ts

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Signed-off-by: Jens L. <jens@beryju.org>

* include wtrealm in ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2026-01-28 17:43:16 +01:00
Connor Peshek 25820f063e providers/oauth2: Support login_hint (#19498) 
* clean up code

* simplify skipping logic

* clean up reading flag, fix user submission on identification stage

* do not auto add login_hint if user doesnt exist and pretend_user_exists is off

* rework

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix login_hint conformance test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-27 15:15:24 +01:00
Jens L. cdd3fb7827 web/sfe: downgrade bootstrap, add access denied test (#19763) 
* web/sfe: downgrade bootstrap, add access denied test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-26 16:14:12 +01:00
dependabot[bot] 32f67336a4 core: bump axllent/mailpit from v1.28.3 to v1.28.4 in /tests/e2e (#19748) 
Bumps axllent/mailpit from v1.28.3 to v1.28.4.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.28.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-26 13:43:18 +01:00
dependabot[bot] ed1125af04 core: bump goauthentik/selenium from 144.0-ak-0.35.7 to 144.0-ak-0.35.8 in /tests/e2e (#19747) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 144.0-ak-0.35.7 to 144.0-ak-0.35.8.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 144.0-ak-0.35.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-26 13:42:35 +01:00
dependabot[bot] 4dbdad8beb core: bump goauthentik/selenium from 143.0-ak-0.35.3 to 144.0-ak-0.35.7 in /tests/e2e (#19688) 
core: bump goauthentik/selenium in /tests/e2e

Bumps [goauthentik/selenium](https://github.com/SeleniumHQ/docker-selenium) from 143.0-ak-0.35.3 to 144.0-ak-0.35.7.
- [Release notes](https://github.com/SeleniumHQ/docker-selenium/releases)
- [Commits](https://github.com/SeleniumHQ/docker-selenium/commits)

---
updated-dependencies:
- dependency-name: goauthentik/selenium
  dependency-version: 144.0-ak-0.35.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-23 12:24:57 +01:00
Jens L. 083b61ca7f tests: improve e2e/integration test reliability (#19540) 
* add flakefinder

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show local IP in test header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* attempt to join worker on test finish

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add timeout

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add flush

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* stop -> close

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix rare test issue of this failing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check correctly

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* un-serialize rollback?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* explicitly join before db teardown

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* skip flaky tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* new broker

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* classmethod

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* separate docker helpers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only timeout functions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* type and format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* show detected IP too

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-01-20 02:15:35 +01:00
dependabot[bot] a908efb792 core: bump black from 25.12.0 to 26.1.0 (#19567) 
* core: bump black from 25.12.0 to 26.1.0

Bumps [black](https://github.com/psf/black) from 25.12.0 to 26.1.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/25.12.0...26.1.0)

---
updated-dependencies:
- dependency-name: black
  dependency-version: 26.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-01-20 01:12:31 +01:00
dependabot[bot] 74831d6dcc core: bump axllent/mailpit from v1.28.2 to v1.28.3 in /tests/e2e (#19565) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-19 12:45:27 +00:00
Marcelo Elizeche Landó f56148fc91 tests/e2e: Add delay and serialized rollback to saml e2e test (#18840) 
* Add delay and serialized rollback to saml e2e test

* Apply suggestion from @BeryJu

Signed-off-by: Jens L. <jens@beryju.org>

* trigger build

---------

Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Jens L. <jens@goauthentik.io>
 2026-01-16 17:22:42 -03:00
Jens L. 885f3b68b2 root: Python 3.14 (#17313) 
* root: Python 3.14

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update pydantic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump kadmin

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add krb5 stuff to compile on macos?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-lock

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* trigger build

* lock uv

* bump to 3.14.2

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* output container logs if it failed to start

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* relock

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* target black and ruff to python 3.14

* upgrade pydatic from 2.11.7 to 2.12.5

* revert ruff to python 3.13 ruff checks

* bump docs

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix makefile

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
 2026-01-15 02:08:17 +01:00
dependabot[bot] 3421567a31 core: bump axllent/mailpit from v1.28.1 to v1.28.2 in /tests/e2e (#19329) 
Bumps axllent/mailpit from v1.28.1 to v1.28.2.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.28.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 14:37:09 +01:00
dependabot[bot] 0a78fd21e1 core: bump axllent/mailpit from v1.28.0 to v1.28.1 in /tests/e2e (#19204) 
Bumps axllent/mailpit from v1.28.0 to v1.28.1.

---
updated-dependencies:
- dependency-name: axllent/mailpit
  dependency-version: v1.28.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-06 16:07:45 +01:00
Teffen Ellis 2c813cbe03 web: Merge branch -- Stale notifications, synchronized context objects, rendering fixes (#19141) 
* web: Fix stale notifications.

* Fix overlap of API and notifications drawers.

* Fix issues surrounding duplicate context controller values.

* Clean up drawer events, alignment.

* Export parts. Fix z-index, colors.

* Fix formatting, alignment. repeated renders.

* Fix indent.

* Fix progress bar fade out, positioning, labels.

* Fix clickable area.

* Ignore clickable icons.

* Clean up logging.

* Fix width.

* Move event listeners into decorator.

* Fix double counting of notifications.

* Fix ARIA lables.

* Fix empty state ARIA.

* Fix order of locale updating.

* Fix rebase.

* web: fix notification count update

* Update selector.

* web: Fix CAPTCHA locale.

* Clean up logging.

---------

Co-authored-by: macmoritz <tratarmoritz@gmail.com>
 2026-01-05 15:54:50 -05:00