mirror of
https://github.com/goauthentik/authentik
synced 2026-04-25 17:15:26 +02:00
web: CodeSpell -> CSpell migration (#20188)
* web: Flesh out CSpell. * Fix remaining linter warnings. * Add comments, common names. * Fix common prefixes. * Omit trailing commas in jsonc files. * Format. * Update command. * Install before run. * trim empty lines Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont npm ci there Signed-off-by: Jens Langhammer <jens@goauthentik.io> * setup node in web and root Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Format. * Rename. * Install root deps. --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
16
.github/actions/setup/action.yml
vendored
16
.github/actions/setup/action.yml
vendored
@@ -34,14 +34,26 @@ runs:
|
||||
if: ${{ contains(inputs.dependencies, 'python') }}
|
||||
shell: bash
|
||||
run: uv sync --all-extras --dev --frozen
|
||||
- name: Setup node
|
||||
- name: Setup node (web)
|
||||
if: ${{ contains(inputs.dependencies, 'node') }}
|
||||
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v4
|
||||
with:
|
||||
node-version-file: web/package.json
|
||||
cache: "npm"
|
||||
cache-dependency-path: web/package-lock.json
|
||||
registry-url: 'https://registry.npmjs.org'
|
||||
registry-url: "https://registry.npmjs.org"
|
||||
- name: Setup node (root)
|
||||
if: ${{ contains(inputs.dependencies, 'node') }}
|
||||
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v4
|
||||
with:
|
||||
node-version-file: package.json
|
||||
cache: "npm"
|
||||
cache-dependency-path: package-lock.json
|
||||
registry-url: "https://registry.npmjs.org"
|
||||
- name: Install Node deps
|
||||
if: ${{ contains(inputs.dependencies, 'node') }}
|
||||
shell: bash
|
||||
run: npm ci
|
||||
- name: Setup go
|
||||
if: ${{ contains(inputs.dependencies, 'go') }}
|
||||
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5
|
||||
|
||||
1
.github/codespell-dictionary.txt
vendored
1
.github/codespell-dictionary.txt
vendored
@@ -1 +0,0 @@
|
||||
authentic->authentik
|
||||
32
.github/codespell-words.txt
vendored
32
.github/codespell-words.txt
vendored
@@ -1,32 +0,0 @@
|
||||
akadmin
|
||||
asgi
|
||||
assertIn
|
||||
authentik
|
||||
authn
|
||||
crate
|
||||
docstrings
|
||||
entra
|
||||
goauthentik
|
||||
gunicorn
|
||||
hass
|
||||
jwe
|
||||
jwks
|
||||
keypair
|
||||
keypairs
|
||||
kubernetes
|
||||
oidc
|
||||
ontext
|
||||
openid
|
||||
passwordless
|
||||
plex
|
||||
saml
|
||||
scim
|
||||
singed
|
||||
slo
|
||||
sso
|
||||
totp
|
||||
traefik
|
||||
# https://github.com/codespell-project/codespell/issues/1224
|
||||
upToDate
|
||||
warmup
|
||||
webauthn
|
||||
2
.github/workflows/ci-main.yml
vendored
2
.github/workflows/ci-main.yml
vendored
@@ -31,7 +31,7 @@ jobs:
|
||||
job:
|
||||
- bandit
|
||||
- black
|
||||
- codespell
|
||||
- spellcheck
|
||||
- pending-migrations
|
||||
- ruff
|
||||
- mypy
|
||||
|
||||
3
.gitignore
vendored
3
.gitignore
vendored
@@ -15,6 +15,9 @@ media
|
||||
|
||||
node_modules
|
||||
|
||||
.cspellcache
|
||||
cspell-report.*
|
||||
|
||||
# If your build process includes running collectstatic, then you probably don't need or want to include staticfiles/
|
||||
# in your Git repository. Update and uncomment the following line accordingly.
|
||||
# <django-project-name>/staticfiles/
|
||||
|
||||
12
.vscode/settings.json
vendored
12
.vscode/settings.json
vendored
@@ -14,6 +14,10 @@
|
||||
"[xml]": {
|
||||
"editor.minimap.markSectionHeaderRegex": "<!--\\s*#\\bregion\\s*(?<separator>-?)\\s*(?<label>.*)\\s*-->"
|
||||
},
|
||||
"files.associations": {
|
||||
// The built-in "ignore" language gives us enough syntax highlighting to make these files readable.
|
||||
"**/dictionaries/*.txt": "ignore"
|
||||
},
|
||||
"todo-tree.tree.showCountsInTree": true,
|
||||
"todo-tree.tree.showBadges": true,
|
||||
"yaml.customTags": [
|
||||
@@ -49,13 +53,9 @@
|
||||
"ignoreCase": false
|
||||
}
|
||||
],
|
||||
"go.testFlags": [
|
||||
"-count=1"
|
||||
],
|
||||
"go.testFlags": ["-count=1"],
|
||||
"go.testEnvVars": {
|
||||
"WORKSPACE_DIR": "${workspaceFolder}"
|
||||
},
|
||||
"github-actions.workflows.pinned.workflows": [
|
||||
".github/workflows/ci-main.yml"
|
||||
]
|
||||
"github-actions.workflows.pinned.workflows": [".github/workflows/ci-main.yml"]
|
||||
}
|
||||
|
||||
12
Makefile
12
Makefile
@@ -77,12 +77,12 @@ test: ## Run the server tests and produce a coverage report (locally)
|
||||
$(UV) run coverage html
|
||||
$(UV) run coverage report
|
||||
|
||||
lint-fix: lint-codespell ## Lint and automatically fix errors in the python source code. Reports spelling errors.
|
||||
lint-fix: lint-spellcheck ## Lint and automatically fix errors in the python source code. Reports spelling errors.
|
||||
$(UV) run black $(PY_SOURCES)
|
||||
$(UV) run ruff check --fix $(PY_SOURCES)
|
||||
|
||||
lint-codespell: ## Reports spelling errors.
|
||||
$(UV) run codespell -w
|
||||
lint-spellcheck: ## Reports spelling errors.
|
||||
npm run lint:spellcheck
|
||||
|
||||
lint: ci-bandit ci-mypy ## Lint the python and golang sources
|
||||
golangci-lint run -v
|
||||
@@ -286,7 +286,7 @@ docs: docs-lint-fix docs-build ## Automatically fix formatting issues in the Au
|
||||
docs-install:
|
||||
npm ci --prefix website
|
||||
|
||||
docs-lint-fix: lint-codespell
|
||||
docs-lint-fix: lint-spellcheck
|
||||
npm run --prefix website prettier
|
||||
|
||||
docs-build:
|
||||
@@ -343,8 +343,8 @@ ci-black: ci--meta-debug
|
||||
ci-ruff: ci--meta-debug
|
||||
$(UV) run ruff check $(PY_SOURCES)
|
||||
|
||||
ci-codespell: ci--meta-debug
|
||||
$(UV) run codespell -s
|
||||
ci-spellcheck: ci--meta-debug
|
||||
npm run lint:spellcheck
|
||||
|
||||
ci-bandit: ci--meta-debug
|
||||
$(UV) run bandit -c pyproject.toml -r $(PY_SOURCES) -iii
|
||||
|
||||
289
cspell.config.jsonc
Normal file
289
cspell.config.jsonc
Normal file
@@ -0,0 +1,289 @@
|
||||
{
|
||||
"$schema": "https://raw.githubusercontent.com/streetsidesoftware/cspell/refs/heads/main/cspell.schema.json",
|
||||
"name": "authentik-cspell",
|
||||
"description": "authentik's monorepo spell checker configuration",
|
||||
"version": "0.2",
|
||||
"readonly": true,
|
||||
"language": "en-US",
|
||||
"cache": {
|
||||
"useCache": true,
|
||||
"cacheLocation": "./.cspellcache",
|
||||
"cacheStrategy": "content"
|
||||
},
|
||||
"reporters": [
|
||||
"default",
|
||||
["@cspell/cspell-json-reporter", { "outFile": "./cspell-report.json" }]
|
||||
],
|
||||
"dictionaryDefinitions": [
|
||||
{
|
||||
"name": "en-x-authentik-software-terms",
|
||||
"path": "./locale/en/dictionaries/software-terms.txt",
|
||||
"description": "English software-related terms",
|
||||
"addWords": true
|
||||
},
|
||||
{
|
||||
"name": "en-x-authentik-idp",
|
||||
"path": "./locale/en/dictionaries/idp.txt",
|
||||
"description": "English IdP words",
|
||||
"addWords": true
|
||||
},
|
||||
{
|
||||
"name": "en-x-authentik-python",
|
||||
"path": "./locale/en/dictionaries/python.txt",
|
||||
"addWords": true
|
||||
},
|
||||
{
|
||||
"name": "en-x-authentik-golang",
|
||||
"path": "./locale/en/dictionaries/golang.txt",
|
||||
"addWords": true
|
||||
},
|
||||
|
||||
{
|
||||
"name": "en-x-authentik-people",
|
||||
"path": "./locale/en/dictionaries/people.txt",
|
||||
"description": "People names relevant to authentik",
|
||||
"addWords": true
|
||||
},
|
||||
{
|
||||
"name": "en-x-authentik-integrations",
|
||||
"path": "./locale/en/dictionaries/integrations.txt",
|
||||
"description": "English integration names",
|
||||
"addWords": true
|
||||
},
|
||||
{
|
||||
"name": "en-x-authentik-ignore",
|
||||
"path": "./locale/en/dictionaries/ignore.txt",
|
||||
"description": "English ignore list for authentik",
|
||||
"addWords": true,
|
||||
"noSuggest": true
|
||||
}
|
||||
],
|
||||
"dictionaries": [
|
||||
"en-x-authentik-software-terms",
|
||||
"en-x-authentik-idp",
|
||||
"en-x-authentik-ignore",
|
||||
"en-x-authentik-people",
|
||||
"en-x-authentik-integrations",
|
||||
"node",
|
||||
"softwareTerms",
|
||||
"software-tools",
|
||||
"computing-acronyms",
|
||||
"companies",
|
||||
"cpp-compound-words"
|
||||
],
|
||||
"allowCompoundWords": true,
|
||||
"patterns": [
|
||||
{
|
||||
"name": "EncodedURI",
|
||||
"description": "Encoded URIs, which are common in authentik's codebase and often contain many false positives.",
|
||||
"pattern": "[a-zA-Z]+%3A%2F%2F.+"
|
||||
},
|
||||
{
|
||||
"name": "ConfSuffix",
|
||||
"description": "Variables with `conf` or `config` suffix",
|
||||
"pattern": ["\\w+(conf|config)\\b", "\\b(conf|config)\\w+"]
|
||||
}
|
||||
],
|
||||
"ignoreRegExpList": [
|
||||
// DB Migrations
|
||||
"authentik_c_\\w+_[0-9a-fA-F]+_idx",
|
||||
// Google Analytics
|
||||
"/G-[0-9A-Z]+/",
|
||||
// Github Usernames
|
||||
"@[a-zA-Z0-9_-]+",
|
||||
// GitHub repositories
|
||||
"github\\.com/[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]+",
|
||||
// Docker images
|
||||
"docker\\.io/[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]+",
|
||||
// Suffix "change", which is common in migration files
|
||||
"\\w+change\\b",
|
||||
// Prefix "on", which is common in event handlers
|
||||
"\\bon\\w+\\b",
|
||||
// Prefix "pg", which is common in PostgreSQL-related code
|
||||
"\\bpg\\w+\\b",
|
||||
// Prefix "pf", which is common in PatternFly-related code
|
||||
"\\bpf\\w+\\b",
|
||||
// Prefix "ws", which is common in WebSocket-related code
|
||||
"\\bws\\w+\\b",
|
||||
// Suffix "propertymapping"
|
||||
"\\w+propertymapping\\b",
|
||||
// Words that end with "source", "provider", "user", "group", or "connection",
|
||||
// which are common in authentik's codebase and often contain many false positives.
|
||||
"\\w+(source|provider)(user|group|connection)\\b",
|
||||
"\\w+(source|provider)(user|group|connection)",
|
||||
// Basic auth header
|
||||
"Basic [a-zA-Z0-9+/=]+",
|
||||
// "ify" suffix, e.g. "stringify", "classify".
|
||||
"\\w+l?ify\\b",
|
||||
// "ified" suffix, e.g. "stringified", "classified".
|
||||
"\\w+l?ified\\b",
|
||||
// "ifying" suffix, e.g. "stringifying", "classifying".
|
||||
"\\w+l?ifying\\b",
|
||||
|
||||
"SpellCheckerIgnoreInDocSetting",
|
||||
"EncodedURI",
|
||||
"Urls",
|
||||
"href",
|
||||
"Base64",
|
||||
"PublicKey",
|
||||
"RsaCert",
|
||||
"SshRsa",
|
||||
"UnicodeRef",
|
||||
"Email",
|
||||
"HashStrings"
|
||||
],
|
||||
"languageSettings": [
|
||||
{
|
||||
"languageId": "markdown,mdx",
|
||||
"dictionaries": ["en-x-authentik-python", "en-x-authentik-golang"],
|
||||
"ignoreRegExpList": [
|
||||
// Fenced code blocks
|
||||
"/^\\s*```[\\s\\S]*?^\\s*```/gm",
|
||||
// Markdown inline codeblocks
|
||||
"`[^`\\s]+`",
|
||||
"`\\w+[^`]*?\\w+`"
|
||||
]
|
||||
},
|
||||
{
|
||||
"languageId": "typescript,javascript,typescriptreact,javascriptreact,mdx,astro",
|
||||
|
||||
"ignoreRegExpList": [
|
||||
// Event handlers e.g. onClick, onmouseover
|
||||
"\\bon\\w+\\b",
|
||||
// Custom web component tags e.g. <ak-button>, <ak-toggle-group>
|
||||
"</?ak-[a-z0-9-]+",
|
||||
// Scoped import paths, e.g. @webcomponents/webcomponentsjs
|
||||
"@[a-z0-9-]+/[a-z0-9-]+",
|
||||
// Import paths that end with "js", which are often false positives
|
||||
// and not worth the effort of creating a custom dictionary for.
|
||||
"[a-z0-9-]+js",
|
||||
"ConfSuffix",
|
||||
"js-hex-escape",
|
||||
"js-unicode-escape",
|
||||
"js-regexp-flags",
|
||||
"js-hex-number"
|
||||
]
|
||||
},
|
||||
{
|
||||
"languageId": "python",
|
||||
"dictionaries": ["en-x-authentik-python"],
|
||||
"includeRegExpList": ["comments"]
|
||||
},
|
||||
{
|
||||
"languageId": "go",
|
||||
"dictionaries": ["en-x-authentik-golang"]
|
||||
},
|
||||
{
|
||||
"languageId": "makefile",
|
||||
"dictionaries": ["en-x-authentik-python", "en-x-authentik-golang"]
|
||||
},
|
||||
|
||||
{
|
||||
"languageId": "css,scss",
|
||||
"ignoreRegExpList": [
|
||||
// data URIs, which are common in CSS and often contain many false positives.
|
||||
"data:.+"
|
||||
]
|
||||
}
|
||||
],
|
||||
"ignorePaths": [
|
||||
//#region i18n
|
||||
|
||||
"{cspell.*,cSpell.*,.cspell.*,cspell.config.*}", // CSpell configuration files
|
||||
"cspell-report.{json,html,txt}", // CSpell report files
|
||||
"dictionaries", // Custom dictionary files
|
||||
"ignore.txt", // Custom ignore list files
|
||||
|
||||
"./locale", // Locale files (Django, CSpell)
|
||||
"web/xliff", // XLIFF translation files
|
||||
"web/src/locales", // Generated TypeScript locale
|
||||
|
||||
//#endregion
|
||||
|
||||
//#region Monorepo
|
||||
|
||||
"CODEOWNERS", // GitHub code owners file
|
||||
"LICENSE", // License file
|
||||
".gitignore", // Git ignore file
|
||||
".gitattributes", // Git attributes file
|
||||
"*-lock.{json,yaml}", // Lock files (NPM, Yarn, Pip, Cargo)
|
||||
"CHANGELOG*.md", // Changelog files
|
||||
".vscode/**", // VSCode configuration
|
||||
"out", // TypeScript type-checking output
|
||||
"dist", // Distributed build output
|
||||
"coverage/**", // Coverage output
|
||||
".env", // Environment files
|
||||
"package-lock.json", // NPM package lock
|
||||
"schema.yml", // OpenAPI schema
|
||||
"./blueprints/schema.json", // Generated blueprint schema
|
||||
"custom-elements.json", // TypeScript custom element definitions
|
||||
"./gen-*-api", // Generated API Client
|
||||
"./schemas/**", // XML Schemas
|
||||
"./authentik/sources/**/schemas", // Source schemas
|
||||
"**vendored**", // Vendored files
|
||||
"fixtures", // Test fixtures
|
||||
"tests/e2e/**/*.php", // PHP fixtures
|
||||
"compose.yml", // Docker Compose files
|
||||
|
||||
//#region JavaScript/TypeScript
|
||||
|
||||
".eslintignore", // ESLint ignore file
|
||||
".prettierignore", // Prettier ignore file
|
||||
".yarn", // Yarn cache and configuration
|
||||
"node_modules", // Node modules
|
||||
"playwright-report", // Playwright test output
|
||||
"package.json", // Package manifest file
|
||||
"storybook-static", // Storybook build output
|
||||
"sampleData.{js,ts}", // Storybook sample data files
|
||||
"*.stories.{ts,tsx}", // Storybook stories
|
||||
"*.min.{js,css}", // Minified JS and CSS files
|
||||
"*.min.{js,css}.map", // Source maps for minified files
|
||||
//#region Python
|
||||
|
||||
"pyproject.toml",
|
||||
"unittest.xml", // Pytest output
|
||||
".venv", // Python virtual environment
|
||||
"venv", // Python virtual environment
|
||||
"./lifecycle",
|
||||
"blueprints",
|
||||
"mds",
|
||||
//#endregion
|
||||
|
||||
//#region Rust
|
||||
|
||||
"./target", // Rust compilation artifacts
|
||||
|
||||
//#endregion
|
||||
|
||||
//#region Docusaurus
|
||||
|
||||
"*.api.mdx", // Generated API docs
|
||||
".docusaurus/**", // Cache
|
||||
"./{docs,website}/build", // Topic docs build output
|
||||
"./{docs,website}/**/build", // Workspaces output
|
||||
|
||||
//#endregion
|
||||
|
||||
//#region Golang
|
||||
|
||||
"go.mod", // Go module file
|
||||
"go.sum", // Go module file
|
||||
"htmlcov", // Coverage HTML output
|
||||
"coverage.txt", // Coverage text output
|
||||
|
||||
//#endregion
|
||||
|
||||
//#region Media
|
||||
|
||||
"./data", // Media files
|
||||
"./media", // Legacy media files
|
||||
"*.{png,jpg,pdf,svg}" // Binary files
|
||||
|
||||
//#endregion
|
||||
],
|
||||
"useGitignore": true,
|
||||
"features": {
|
||||
"weighted-suggestions": true
|
||||
}
|
||||
// "failFast": true,
|
||||
}
|
||||
20
locale/en/dictionaries/golang.txt
Normal file
20
locale/en/dictionaries/golang.txt
Normal file
@@ -0,0 +1,20 @@
|
||||
# Golang-specific terms
|
||||
gounicorn
|
||||
pems
|
||||
connm
|
||||
Debugf
|
||||
Infof
|
||||
Warnf
|
||||
layeh
|
||||
Warningf
|
||||
goldap
|
||||
goauthentikio
|
||||
singlevg
|
||||
accsp
|
||||
uapisp
|
||||
GORMDB
|
||||
golangci
|
||||
gorm
|
||||
gorm
|
||||
gorm*
|
||||
logger
|
||||
6
locale/en/dictionaries/idp.txt
Normal file
6
locale/en/dictionaries/idp.txt
Normal file
@@ -0,0 +1,6 @@
|
||||
# IdP-specific terms
|
||||
authentik
|
||||
Yubi
|
||||
Yubikey
|
||||
Yubikeys
|
||||
mycorp
|
||||
26
locale/en/dictionaries/ignore.txt
Normal file
26
locale/en/dictionaries/ignore.txt
Normal file
@@ -0,0 +1,26 @@
|
||||
# Ignored terms that should not be suggested by the spell checker.
|
||||
aaguids
|
||||
ASGI
|
||||
asgi
|
||||
azuread
|
||||
Azuread
|
||||
buildx
|
||||
goauthentik
|
||||
lxml
|
||||
pässwörd
|
||||
phlebotinum
|
||||
qewr
|
||||
quox
|
||||
recategorize
|
||||
reinject
|
||||
tmpfs
|
||||
trixie
|
||||
XFCC
|
||||
xghcr
|
||||
xoxb
|
||||
xoxe
|
||||
xoxp
|
||||
foo
|
||||
bar
|
||||
baz
|
||||
qux
|
||||
67
locale/en/dictionaries/integrations.txt
Normal file
67
locale/en/dictionaries/integrations.txt
Normal file
@@ -0,0 +1,67 @@
|
||||
# Integrations
|
||||
appflowy
|
||||
Ascensio
|
||||
Authy
|
||||
Beszel
|
||||
Bitnami
|
||||
Budibase
|
||||
Doki
|
||||
Doku
|
||||
dokuwiki
|
||||
Engomo
|
||||
Espo
|
||||
espocrm
|
||||
ezBookkeeping
|
||||
fleetdm
|
||||
Flowy
|
||||
Forgejo
|
||||
Forti
|
||||
Fortigate
|
||||
Gatus
|
||||
Gestionnaire
|
||||
Gitea
|
||||
Gravitee
|
||||
Homarr
|
||||
Informatique
|
||||
Kimai
|
||||
Knoc
|
||||
Knocknoc
|
||||
Komodo
|
||||
Kubeconfig
|
||||
Mautic
|
||||
Mobilizon
|
||||
Observium
|
||||
Ofair
|
||||
Ollama
|
||||
Omada
|
||||
omniauth
|
||||
openwebui
|
||||
OPNsense
|
||||
Orchesta
|
||||
Organizr
|
||||
Packagify
|
||||
Palo
|
||||
Papra
|
||||
pfSense
|
||||
phpipam
|
||||
Planka
|
||||
Plesk
|
||||
proftpd
|
||||
Qube
|
||||
Relatedly
|
||||
Sidero
|
||||
snipeit
|
||||
sonarqube
|
||||
Terrakube
|
||||
Ueberauth
|
||||
Veeam
|
||||
Vikunja
|
||||
Wazuh
|
||||
Wdio
|
||||
Weixin
|
||||
Kiota
|
||||
Wekan
|
||||
Xcreds
|
||||
Zammad
|
||||
Zenko
|
||||
Zulip
|
||||
13
locale/en/dictionaries/people.txt
Normal file
13
locale/en/dictionaries/people.txt
Normal file
@@ -0,0 +1,13 @@
|
||||
# People names.
|
||||
Bery
|
||||
Beryju
|
||||
Teffen
|
||||
GirlBossRush
|
||||
Gergo
|
||||
Marc
|
||||
Dewi
|
||||
Zwanenburg
|
||||
Naur
|
||||
Wärting
|
||||
Aadit
|
||||
Kilby
|
||||
13
locale/en/dictionaries/python.txt
Normal file
13
locale/en/dictionaries/python.txt
Normal file
@@ -0,0 +1,13 @@
|
||||
debugpy
|
||||
dramatiq
|
||||
kwargs
|
||||
pgtrigger
|
||||
psycopg
|
||||
pyrad
|
||||
uvicorn
|
||||
pglock
|
||||
dicted
|
||||
mypy
|
||||
klass
|
||||
pgactivity
|
||||
kinit
|
||||
166
locale/en/dictionaries/software-terms.txt
Normal file
166
locale/en/dictionaries/software-terms.txt
Normal file
@@ -0,0 +1,166 @@
|
||||
# Software-specific terms
|
||||
*_c_name_*
|
||||
*_c_slug_*
|
||||
*ecdsa*
|
||||
*entra*
|
||||
*id*
|
||||
*identities
|
||||
*identity
|
||||
*ids*
|
||||
*idx*
|
||||
*mapping*
|
||||
*name*
|
||||
*named*
|
||||
*names*
|
||||
*namespace*
|
||||
*namespaces
|
||||
*plex*
|
||||
*provider
|
||||
+Xmldsig+
|
||||
ADFS
|
||||
AKMDX
|
||||
ASVS
|
||||
Algs
|
||||
CASB
|
||||
CLDR
|
||||
DOTADIW
|
||||
Docsmg
|
||||
GDTC
|
||||
GHES
|
||||
GHSA
|
||||
GLPI
|
||||
Guac
|
||||
Guacd
|
||||
Gunicorn
|
||||
HIBP
|
||||
HOTP
|
||||
Hackathon
|
||||
ISPM
|
||||
ITDR
|
||||
Kadmin
|
||||
LDAPCP
|
||||
LSPATH
|
||||
Liskov
|
||||
MDSCIM
|
||||
MYNIS
|
||||
Moreecdsa
|
||||
NGFW
|
||||
OCAK
|
||||
OCNS
|
||||
PEAP
|
||||
PKCE
|
||||
PSSO
|
||||
Pooler
|
||||
Pyroscope
|
||||
QNAP
|
||||
RAC
|
||||
RHAAP
|
||||
SCIM
|
||||
SDKJS
|
||||
SMTPD
|
||||
SNPEGO
|
||||
SPSSO
|
||||
SVGOMG
|
||||
Sfdc
|
||||
TOTP
|
||||
Transifex
|
||||
Unenrollment
|
||||
Unmigrate
|
||||
Wsfed
|
||||
Xen
|
||||
Xmldsig
|
||||
XmldsigMore
|
||||
ZTNA
|
||||
aaguid
|
||||
adsi
|
||||
akflow
|
||||
akprox
|
||||
asns
|
||||
cbor
|
||||
copylefted
|
||||
cves
|
||||
describedby
|
||||
dialector
|
||||
docsmg
|
||||
doseq
|
||||
dsa
|
||||
dsquery
|
||||
ellipsized
|
||||
esbuild
|
||||
falsey
|
||||
frie
|
||||
gcsp
|
||||
geoip
|
||||
glpi
|
||||
grecaptcha
|
||||
guac
|
||||
guacd
|
||||
gunicorn
|
||||
hackathon
|
||||
haveibeenpwned
|
||||
hcaptcha
|
||||
hibp
|
||||
hotp
|
||||
hres
|
||||
kadmin
|
||||
kiprop
|
||||
kubeadm
|
||||
labelledby
|
||||
mcomplete
|
||||
mermaidjs
|
||||
microsoft
|
||||
mmdb
|
||||
noopener
|
||||
noreferrer
|
||||
openidc
|
||||
ouia
|
||||
ouid
|
||||
peap
|
||||
pkce
|
||||
plex
|
||||
postgresstore
|
||||
proxyv
|
||||
psso
|
||||
pydantic
|
||||
pyroscope
|
||||
rapi
|
||||
rasterizes
|
||||
rbcervilla
|
||||
recws
|
||||
retag
|
||||
rnds
|
||||
rsa
|
||||
RSTR
|
||||
sbdocs
|
||||
schedulable
|
||||
scim
|
||||
scsp
|
||||
sha
|
||||
source
|
||||
stringly
|
||||
sysd
|
||||
tdialector
|
||||
templatize
|
||||
tgcsp
|
||||
tguacd
|
||||
tgunicorn
|
||||
totp
|
||||
tscsp
|
||||
ttotp
|
||||
tuisp
|
||||
uisp
|
||||
unenrollment
|
||||
unhashed
|
||||
unmigrate
|
||||
unskippable
|
||||
uperm
|
||||
uwsgi
|
||||
wireit
|
||||
wsfed
|
||||
wtrealm
|
||||
xen+
|
||||
xenc
|
||||
yamltags
|
||||
zxcvbn
|
||||
~uuid
|
||||
~uuids
|
||||
1009
package-lock.json
generated
1009
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -6,7 +6,7 @@
|
||||
"lint": "run-s lint:spellcheck lint:lockfile",
|
||||
"lint:lockfile": "echo 'Skipping lockfile linting'",
|
||||
"lint:node": "echo 'Skipping node linting'",
|
||||
"lint:spellcheck": "echo 'Skipping spellcheck linting'"
|
||||
"lint:spellcheck": "cspell . --config cspell.config.jsonc"
|
||||
},
|
||||
"type": "module",
|
||||
"imports": {
|
||||
@@ -20,6 +20,7 @@
|
||||
"@goauthentik/tsconfig": "./packages/tsconfig",
|
||||
"@typescript-eslint/eslint-plugin": "^8.56.1",
|
||||
"@typescript-eslint/parser": "^8.56.1",
|
||||
"cspell": "^9.6.4",
|
||||
"eslint": "^9.39.3",
|
||||
"npm-run-all": "^4.1.5",
|
||||
"pino": "^10.3.1",
|
||||
|
||||
@@ -36,7 +36,7 @@ const overrides = [
|
||||
},
|
||||
},
|
||||
{
|
||||
files: "tsconfig.json",
|
||||
files: ["tsconfig.json", "*.jsonc"],
|
||||
options: {
|
||||
trailingComma: "none",
|
||||
},
|
||||
|
||||
@@ -80,7 +80,6 @@ dev = [
|
||||
"bandit==1.9.4",
|
||||
"black==26.3.0",
|
||||
"bpython==0.26",
|
||||
"codespell==2.4.1",
|
||||
"colorama==0.4.6",
|
||||
"constructs==10.5.1",
|
||||
"coverage[toml]==7.13.4",
|
||||
@@ -149,42 +148,6 @@ build-backend = "hatchling.build"
|
||||
[tool.bandit]
|
||||
exclude_dirs = ["**/node_modules/**"]
|
||||
|
||||
[tool.codespell]
|
||||
skip = [
|
||||
"**/.env", # Environment files
|
||||
"**/.venv", # Python virtual environment
|
||||
"**/node_modules", # Node modules
|
||||
"**/package-lock.json", # NPM package lock
|
||||
"schema.yml", # OpenAPI schema
|
||||
"./blueprints/schema.json", # Generated blueprint schema
|
||||
"go.sum", # Go module file
|
||||
"locale", # Django locale files
|
||||
"**/web/src/locales", # Generated TypeScript locale
|
||||
"**/web/xliff", # XLIFF translation files
|
||||
"**/custom-elements.json", # TypeScript custom element definitions
|
||||
"**/storybook-static", # Storybook build output
|
||||
"**/playwright-report", # Playwright test output
|
||||
"unittest.xml", # Pytest output
|
||||
"./htmlcov", # Coverage HTML output
|
||||
"**/out", # TypeScript type-checking output
|
||||
"**/dist", # Distributed build output
|
||||
"./website/build", # TODO: Remove this after moving website to docs
|
||||
"./website/**/build", # TODO: Remove this after moving website to docs
|
||||
"./docs/build", # Docusaurus Topic docs build output
|
||||
"./docs/**/build", # Docusaurus workspaces output
|
||||
"*.api.mdx", # Generated API docs
|
||||
"./gen-ts-api", # Generated TypeScript API
|
||||
"./gen-py-api", # Generated Python API
|
||||
"./gen-go-api", # Generated Go API
|
||||
"./data", # Media files
|
||||
"./media", # Legacy media files
|
||||
"./schemas/**", # XML Schemas
|
||||
"./target", # Rust compilation artifacts
|
||||
"**vendored**", # Vendored files
|
||||
]
|
||||
dictionary = ".github/codespell-dictionary.txt,-"
|
||||
ignore-words = ".github/codespell-words.txt"
|
||||
|
||||
[tool.black]
|
||||
line-length = 100
|
||||
target-version = ['py314']
|
||||
|
||||
11
uv.lock
generated
11
uv.lock
generated
@@ -281,7 +281,6 @@ dev = [
|
||||
{ name = "bandit" },
|
||||
{ name = "black" },
|
||||
{ name = "bpython" },
|
||||
{ name = "codespell" },
|
||||
{ name = "colorama" },
|
||||
{ name = "constructs" },
|
||||
{ name = "coverage" },
|
||||
@@ -390,7 +389,6 @@ dev = [
|
||||
{ name = "bandit", specifier = "==1.9.4" },
|
||||
{ name = "black", specifier = "==26.3.0" },
|
||||
{ name = "bpython", specifier = "==0.26" },
|
||||
{ name = "codespell", specifier = "==2.4.1" },
|
||||
{ name = "colorama", specifier = "==0.4.6" },
|
||||
{ name = "constructs", specifier = "==10.5.1" },
|
||||
{ name = "coverage", extras = ["toml"], specifier = "==7.13.4" },
|
||||
@@ -818,15 +816,6 @@ wheels = [
|
||||
{ url = "https://files.pythonhosted.org/packages/98/78/01c019cdb5d6498122777c1a43056ebb3ebfeef2076d9d026bfe15583b2b/click-8.3.1-py3-none-any.whl", hash = "sha256:981153a64e25f12d547d3426c367a4857371575ee7ad18df2a6183ab0545b2a6", size = 108274, upload-time = "2025-11-15T20:45:41.139Z" },
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "codespell"
|
||||
version = "2.4.1"
|
||||
source = { registry = "https://pypi.org/simple" }
|
||||
sdist = { url = "https://files.pythonhosted.org/packages/15/e0/709453393c0ea77d007d907dd436b3ee262e28b30995ea1aa36c6ffbccaf/codespell-2.4.1.tar.gz", hash = "sha256:299fcdcb09d23e81e35a671bbe746d5ad7e8385972e65dbb833a2eaac33c01e5", size = 344740, upload-time = "2025-01-28T18:52:39.411Z" }
|
||||
wheels = [
|
||||
{ url = "https://files.pythonhosted.org/packages/20/01/b394922252051e97aab231d416c86da3d8a6d781eeadcdca1082867de64e/codespell-2.4.1-py3-none-any.whl", hash = "sha256:3dadafa67df7e4a3dbf51e0d7315061b80d265f9552ebd699b3dd6834b47e425", size = 344501, upload-time = "2025-01-28T18:52:37.057Z" },
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "colorama"
|
||||
version = "0.4.6"
|
||||
|
||||
@@ -46,7 +46,7 @@ export type StageEntry =
|
||||
* function, following the examples already provided.
|
||||
*
|
||||
* Variants and Tags have a single strong differentiator: Tags refer to web components and so must
|
||||
* always have a dash, whereas wariants are from a limited supply of names and do not have a dash.
|
||||
* always have a dash, whereas variants are from a limited supply of names and do not have a dash.
|
||||
* The StageFactory will not get confused. If you get confused, the type-checker will explain it.
|
||||
*
|
||||
* The resolution of the web component tag name is: tag supplied, tag received with import, tag
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
|
||||
html[lang="ja"],
|
||||
html[lang^="ja-"] {
|
||||
/* cSpell:disable */
|
||||
/* spellchecker:disable */
|
||||
|
||||
--ak-font-family-sans-serif:
|
||||
"M PLUS 2", "Noto Sans JP", "Hiragino Kaku Gothic Pro", "ヒラギノ角ゴ Pro W3", メイリオ,
|
||||
@@ -12,7 +12,7 @@ html[lang^="ja-"] {
|
||||
|
||||
--ak-font-family-serif: "Noto Serif JP", var(--ak-generic-serif);
|
||||
|
||||
/* cSpell:enable */
|
||||
/* spellchecker:enable */
|
||||
|
||||
--ak-font-family-heading: var(--ak-font-family-sans-serif);
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
*/
|
||||
|
||||
html[lang^="zh"] {
|
||||
/* cSpell:disable */
|
||||
/* spellchecker:disable */
|
||||
|
||||
--ak-font-family-sans-serif:
|
||||
"Noto Sans SC", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei",
|
||||
@@ -15,7 +15,7 @@ html[lang^="zh"] {
|
||||
"Noto Sans SC", "PingFang SC", "Hiragino Sans GB", "Microsoft YaHei", "WenQuanYi Micro Hei",
|
||||
sans-serif;
|
||||
|
||||
/* cSpell:enable */
|
||||
/* spellchecker:enable */
|
||||
|
||||
--pf-c-content--h1--FontWeight: 500;
|
||||
|
||||
|
||||
4
web/types/rapi-doc/index.d.ts
vendored
4
web/types/rapi-doc/index.d.ts
vendored
@@ -2,7 +2,7 @@ declare module "rapidoc" {
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
type Booleanish = "true" | "false";
|
||||
|
||||
// cSpell:disable
|
||||
// spellchecker:disable
|
||||
/**
|
||||
* Web Component based Swagger & OpenAPI Spec Viewer
|
||||
*
|
||||
@@ -73,7 +73,7 @@ declare module "rapidoc" {
|
||||
* @attr {string} api-key-value - Value of the API key (can be overwritten from UI).
|
||||
* @attr {"omit" | "same-origin" | "include"} fetch-credentials - Credentials mode for cross-domain calls.
|
||||
*/
|
||||
// cSpell:enable
|
||||
// spellchecker:enable
|
||||
class RapiDoc extends HTMLElement {
|
||||
/**
|
||||
* Programmatically load a spec.
|
||||
|
||||
2
website/api/types/api-plugin.d.ts
vendored
2
website/api/types/api-plugin.d.ts
vendored
@@ -1,7 +1,7 @@
|
||||
/// <reference types="docusaurus-theme-openapi-docs" />
|
||||
/// <reference types="docusaurus-plugin-openapi-docs" />
|
||||
|
||||
// cspell:ignore persistence
|
||||
// spellchecker:ignore persistance
|
||||
|
||||
declare module "@docusaurus/plugin-content-docs/src/sidebars/types" {
|
||||
export * from "@docusaurus/plugin-content-docs/src/sidebars/types.ts";
|
||||
|
||||
@@ -17,10 +17,10 @@ Note that we only support the SAML2 token type within WS-Federation providers, a
|
||||
|
||||
The following URL request parameters are supported in the authentik WS-Federation provider:
|
||||
|
||||
- **wa**: This is a required parameter that represents the action being requested, typically wsignin1.0 for signing in. The parameter's value tells the Security Token Service (STS) which operation to execute.
|
||||
- **wtrealm**: The unique identifier (realm) of the Relying Party (RP) or application requesting the security token, for example, urn:my-app:rp. It defines the trust relationship between the RP and the Identity Provider (IdP) and indicates which application is initiating the WS-Federation request. This is a required query parameter that tells the Security Token Service (STS) which relying party the token is intended for.
|
||||
- **wreply**: The target URL to which the Identity Provider (IdP) sends the WS-Federation response containing the security token. This URL is supplied by the Service Provider (SP). authentik verifies that the received `wreply` parameter matches the URL configured by the administrator and stored in the database.
|
||||
- **wctx**: A context value that is used to maintain state between the Relying Party (RP) and the Identity Provider (IdP) across redirects. It serves the same purpose as the `RelayState` parameter in SAML. The RP includes this value in the authentication request, and the IdP returns it unchanged in the response, allowing the RP to validate and restore the original session or request context.
|
||||
- **`wa`**: This is a required parameter that represents the action being requested, typically `wsignin1.0` for signing in. The parameter's value tells the Security Token Service (STS) which operation to execute.
|
||||
- **`wtrealm`**: The unique identifier (realm) of the Relying Party (RP) or application requesting the security token, for example, urn:my-app:rp. It defines the trust relationship between the RP and the Identity Provider (IdP) and indicates which application is initiating the WS-Federation request. This is a required query parameter that tells the Security Token Service (STS) which relying party the token is intended for.
|
||||
- **`wreply`**: The target URL to which the Identity Provider (IdP) sends the WS-Federation response containing the security token. This URL is supplied by the Service Provider (SP). authentik verifies that the received `wreply` parameter matches the URL configured by the administrator and stored in the database.
|
||||
- **`wctx`**: A context value that is used to maintain state between the Relying Party (RP) and the Identity Provider (IdP) across redirects. It serves the same purpose as the `RelayState` parameter in SAML. The RP includes this value in the authentication request, and the IdP returns it unchanged in the response, allowing the RP to validate and restore the original session or request context.
|
||||
|
||||
## WS-Federation bindings and endpoints
|
||||
|
||||
|
||||
@@ -3,6 +3,8 @@ title: Release 2026.2
|
||||
slug: "/releases/2026.2"
|
||||
---
|
||||
|
||||
<!-- spellchecker:ignore πthon -->
|
||||
|
||||
## Highlights
|
||||
|
||||
- **Object Lifecycle Management**: :ak-enterprise :ak-preview Admins can now automatically schedule periodic reviews of authentik objects (applications, groups, roles) for compliance and auditing purposes.
|
||||
@@ -146,7 +148,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2026.2
|
||||
- enterprise/audit: Expanded Diff (#19726)
|
||||
- enterprise/lifecycle: implement Object Lifecycle Management (#20015)
|
||||
- enterprise/providers: WS-Federation (#19583)
|
||||
- enterprise/providers: WSFed configurable realm, default wreply (#19996)
|
||||
- enterprise/providers: WSFed configurable realm, default `wreply` (#19996)
|
||||
- enterprise/reports: improve export list, confirmation (#18981)
|
||||
- enterprise/search: add static autocomplete structure (#19008)
|
||||
- events: notifications live update (#18980)
|
||||
@@ -201,7 +203,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2026.2
|
||||
- security: CVE-2026-25922 (#20232)
|
||||
- sources/kerberos: update to new python-kadmin-rs (#19491)
|
||||
- sources/oauth: add fallback for id_token when profile URL is not available (#19311)
|
||||
- sources/oauth: Fix an issue where wechat may crash duing login. (#18973)
|
||||
- sources/oauth: Fix an issue where wechat may crash during login. (#18973)
|
||||
- sources/oauth: Fix InvalidAudienceError in id_token fallback (#20096)
|
||||
- sources/saml: Add testcases for PR #19593 (#19647)
|
||||
- sources/saml: Fix signature verification order to accommodate encrypted assertions (#19593)
|
||||
|
||||
Reference in New Issue
Block a user