mirror of
https://github.com/goauthentik/authentik
synced 2026-04-26 01:25:02 +02:00
31e7b1dc4b8ae5e922e889292f419dea066072e9
37 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bapuji Koraganti
|
24edee3e78 |
flows: add warning message for expired password reset links (#21395)
* flows: add warning message for expired password reset links Fixes #21306 * Replace token expiry check with REQUIRE_TOKEN authentication requirement Incorporate review comments to move expired/invalid token handling from executor-level check to flow planner authentication requirement. This avoids disclosing whether a token ever existed and handles already-cleaned-up tokens. * The fix was changing gettext_lazy to gettext * remove unneeded migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update form Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Fletcher Heisler
|
03e67aea34 |
web: User Wizard, Modal Revisions Merge Branch (#21336)
* web/elements: rename hasSlotted to findSlotted and refactor host styles Rename the slot-inspection helper on `AKElement` from `hasSlotted` to `findSlotted` and return the first matching element rather than a boolean, so callers can both check for presence and reach the node. Update every call site in the tree (default callers pass no argument instead of `null`). Along the way, tidy `AKElement`'s host-style plumbing: expose `hostStyles` as a getter/setter backed by a `CSSStyleSheet` cache and move the adoption logic into `attachHostStyles` / `detachHostStyles` class methods, so subclasses can share the lifecycle. Drop the now unused `@localized` decorator import. Also add a `findAssignedSlot` helper in `elements/utils/slots.ts` for light-DOM → slot lookups, and give `EmptyState` an explicit `display: block` so empty-state placement doesn't collapse when wrapped. * web/chips: tighten chip group rendering and add placeholder class Make `ChipGroup` generic over its chip value type, expose a `placeholder` property that renders an inline placeholder when the default slot is empty, and intercept clicks that land on child chips so outer handlers can tell "clicked the group" apart from "clicked a chip". Give the host an explicit `display: block` so the group participates in layout correctly. Move the removal tooltip on `Chip` to the right so it doesn't clip at the top of the row. In `base/common.css`, add the `ak-m-placeholder` class used by the new chip-group placeholder and extend `.ak-fade-in` with an opt-in `ak-m-delayed` modifier that animates height alongside the fade via `interpolate-size`, so loading cards can slide in without jank. * web/elements: add scrollbar helpers and polish table styles Introduce `elements/utils/scrollbars.ts` with `measureScrollbarWidth` and `applyScrollbarClass`, and call it from `Interface` so the root document picks up `ak-m-visible-scrollbars` / `ak-m-overlay-scrollbars` depending on the platform. Add an `ak-m-thin-scrollbar` selector to the thin-scrollbar rule in `base/scrollbars.css` so ad-hoc containers can opt in. Refresh `Table.css`: expose `search-form`, `search-input`, `pagination-bottom`, and `table` parts; introduce `--ak-c-table--expandable-overlay--Color` theming for expandable rows (including a nested-table background pass); add an `ak-c-table__actions` helper so per-row action buttons wrap consistently; and teach the host to honor `display-box="contents"` so tables embedded in `display: contents` parents still participate in layout checks. Drop the unused `elements/utils/isVisible.ts`; the only live `isVisible` helpers live beside their callers under SearchSelect. * web/buttons: support split-button Dropdown layout Teach `ak-dropdown` to recognize a PatternFly split-button toggle — look for `.pf-c-dropdown__toggle.pf-m-split-button .pf-c-dropdown__toggle-button:last-child` first and fall back to the single-button selector — so a primary action and a menu trigger can coexist in one dropdown. Drop the workaround that skipped wiring menu-item click handlers: now that dropdowns live inside native dialogs, letting a menu-item click bubble no longer closes the parent modal. Switch the private fields to `protected` so subclasses can reach them, and anchor the AKRefreshEvent and outside-click listeners at `window` explicitly (matching the new `@listen` default). In `@listen`, flip the default target from `window` to `this`. A component's own element is the more intuitive default for a decorator attached to an instance method, and call sites that want the window now opt in explicitly. Extend `Dropdown/dropdown.css` with `--pf-c-dropdown__toggle--*` padding variables so split-button variants get consistent spacing. * web/forms: improve form ARIA scaffolding and tighten group styles Add a sticky `ak-c-form__header` row to `Form.css` with a `form-actions` part so form headers can host an inline title and action cluster without each form reinventing the layout. In `Form/form.css`, add a `.ak-m-content-center` variant for forms that center their body inside a fixed-size container, and introduce a PatternFly-compatible grid-based Radio label so the input and its description align cleanly and the whole row is clickable. Tighten the `FormGroup` summary spacing (use `spacer--sm` inline and `spacer-xs` block) and hoist the high-contrast overrides onto the open group so the details marker stays aligned. Make `AKControlElement` abstract (requiring a `name`), rename `isValid` → `valid`, declare it as implementing the new `FormField<T>` interface, and mark it deprecated in favor of `FormAssociatedElement`. Make `FormField` generic over the JSON value type, extend `HTMLElement`, and drop the `Jsonifiable` runtime import in favor of a type-only import. `HorizontalFormElement` now searches for either legacy control elements or the new `FormField` shape when picking its focus target. * web/elements: migrate modal plumbing to the native <dialog> element Replace the bespoke modal stack with an `<ak-modal>` built on the browser's native `<dialog>`, and collect every piece of the new infrastructure under `#elements/dialogs`: * `ak-modal.ts` / `ak-modal.css` — the element + its PatternFly compatible styles. * `dialog.css` — the global `ak-c-dialog` token and backdrop rules, imported via the new `components/Modal/modal.css` entry point (replacing the old `base/modal.css` import in `base.css` and `interface.global.css`). * `shared.ts` — the `TransclusionChildElement` / `TransclusionChildSymbol` contract plus the parent-side helpers (`isTransclusionParentElement`, `slottedElementUpdatedAt`), so forms and tables hosted inside a modal can signal re-render hints to the dialog wrapper. * `directives.ts` / `invokers.ts` / `utils.ts` — the `modalInvoker`, `renderModal`, and `DialogInit` helpers that declarative call sites use to open a modal from a button without imperatively mounting the element. * `components/` — the ready-made invoker buttons (`ModalInvokerButton`, `IconEditButton`, `IconEditButtonByTagName`, `IconPermissionButton`) and the `components.ts` barrel. * `components/Modal/modal.css` — the short host wrapper that pulls `dialog.css` into the bundled base stylesheet chain. Rewire the existing modal consumers to use the new contract: * `Form` now implements `TransclusionChildElement`, exposes `verboseName`/`verboseNamePlural`/`createLabel`/`submitVerb` statics, tracks visibility via `intersectionObserver`, and forwards `asModalInvoker` / `showModal` through the new `modalInvoker` / `renderModal` helpers. `ModalForm` and `ModelForm` follow the same shape. `ModalButton` drops its own `pf-c-modal-box` padding fix (the dialog handles it). * `Table` implements `TransclusionChildElement`, dispatches refresh via `AKRefreshEvent`, and exposes `display-box="contents"` so tables embedded in dialogs participate in layout checks. `TablePage` / `TableSearch` widen types and surface `search-form` / `search-input` parts for dialog-scoped styling. * `ak-about-modal`, `ObjectPermissionModal`, `RACLaunchEndpointModal`, the command palette, and the admin/user interface roots all move off `#elements/modals` and onto `#elements/dialogs`. * `AdminSettingsForm` / `AdminSettingsPage` render their header / actions through the new `ak-c-form__header` + `form-actions` slots introduced in the prior Form CSS commit, and swap the outermost `<section>` for `<main>` for better landmark semantics. * `elements/utils/render-roots.ts` and `elements/utils/unsafe.ts` gain dialog-aware helpers (notably a directive-based replacement for the old `unsafe` builder). * `base/globals.css` disables overscroll while any dialog is open via `html[data-dialog-count]`; `package.json` adds the `#elements/dialogs` barrel alias. Delete the old `elements/modals/` directory (`ak-modal.ts`, `shared.ts`, `styles.css`, `utils.ts`) and `styles/authentik/base/modal.css` now that nothing imports them. * web/wizards: refactor wizards to dialog-based flow Rebuild the shared Wizard primitives on top of the new <dialog> contract: split CreateWizard/utils out of Wizard, rename admin *Wizard.ts entry points to ak-*-wizard.ts (Policy, Provider, Source, Stage, PropertyMapping, ServiceConnection), and port the Application wizard steps to the new WizardStep base. Adds the user wizard and recovery invoker plus the refreshed Wizard component styles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * web/admin: migrate forms and list pages to dialog-based modals Port every admin form, list page, and RBAC surface to the new TransclusionChildElement / asModalInvoker contract introduced with the native <dialog> migration. Replace the old ModalButton-driven helpers with the new modalInvoker/renderModal flow, add the shared IconCopyButton/IconTokenCopyButton/IconEnrollmentTokenCopyButton components (with .ak-c-button--icon__progress styling), and refresh messages, notifications, flow inspector, and user portal consumers to match. Includes small common/element utility updates picked up along the way. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * web/test: update browser e2e tests for dialog-based flow Adjust application, group, session, and user browser tests to the new wizard and modal selectors introduced by the <dialog> migration and relax a handful of timeouts that were tight against the old ModalButton animation sequence. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix visibility detection. * Fix layout, behavior. * Fix type. * Flesh out test revisions. * Fix type. * Format. * Use plural path. * Fix strict selector in Safari. * Remove unused. * Spellcheck. * Partial type fix. * Fix translation. --------- Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
Jens L.
|
5108be6554 |
api: cleanup enums (#21201)
* api: cleanup choice enums Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework Signed-off-by: Jens Langhammer <jens@goauthentik.io> * gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * try custom template Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sed it instead? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * correct sed Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Jens L.
|
68c7037eea |
flows: add option for flow layout with frame background (#19527)
* flows: add option for flow layout with frame background Signed-off-by: Jens Langhammer <jens@goauthentik.io> fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Tidy variables. Fix mobile and tablet layouts, shadows. * Update web/src/flow/FlowExecutor.ts Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> |
||
|
Teffen Ellis
|
7b0b787ed8 |
web: Form Modal Independence: Part 1 (#19395)
* Flesh out proxy form clean up. * Flesh out StrictUnsafe helper, slotted labels. * Clean up usage of proxy form. * Allow forms to render outside of modals. * Fix linter. |
||
|
Dominic R
|
66d6d88ae7 |
web/forms: fix forms not resetting state when modal closes (#19562)
* web/forms: fix forms not resetting state when modal closes Overview: Forms were not properly resetting their state when closing modals, which caused stale values to persist when reopening forms. This affected all forms with @state() decorated properties. Testing: 1. Create any item (user, token, application, etc.), close modal 2. Click Create again, form should show default/empty values 3. Edit an item, cancel, click Create - form should be empty 4. Edit an item, cancel, edit same item - should show correct data Motivation: Form inputs retained values from previous create/edit operations. * Fix linter errors, types. * Add property accessors, types. --------- Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> |
||
|
Teffen Ellis
|
94ae8b7b80 |
web: Fix switch labels (#18741)
* Fix switch alignment: * Fix ARIA. |
||
|
Marc 'risson' Schmitt
|
c30d1a478d |
files: rework (#17535)
Co-authored-by: Dominic R <dominic@sdko.org> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tana@goauthentik.io> |
||
|
Teffen Ellis
|
5359318650 |
web/a11y: Tables -- labels, input handlers, selection and expanded state (#16207)
* web: Clean up types. * web: Flesh out a11y clean up. * web: Fix text selection. * Flesh out property. * web: Clean up stateful issues. Add labels. * web: Clean up column rendering. * web: Hide icons from screen reader. * web: Fix nesting of region base elements. * web: Add labels to hidden columns. * web: Add aria label to row actions. * web: Use common timestamp component. * web: Fix column text wrapping. * web: Add labels to all rows. * web: Fix icon alignment. * web: Fix mix of method properties, duplicate role assignments. * web: Fix alignment, labeling. * web: Fix `nothing` typing. |
||
|
Teffen Ellis
|
9d7c733024 |
web: a11y -- ak-form-group (#15688)
web: a11y <ak-form-group /> |
||
|
Teffen Ellis
|
198d2a1a8a | web: Clean up file methods. (#15479) | ||
|
Teffen Ellis
|
4335498ac5 |
web: Import organization (#14696)
* web: Clean up locale. * web: Clean ambiguous imports. * web: Clean up entrypoint imports. * web: Format imports. * web: Normalize extensions. * web: Tidy order. * web: Remove TS aliases. |
||
|
Ken Sternberg
|
bc4b07d57b |
web/admin: remove all special cases of slug handling, replace with a "smart slug" component (#14983)
* web: Add InvalidationFlow to Radius Provider dialogues
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* This (temporary) change is needed to prevent the unit tests from failing.
\# What
\# Why
\# How
\# Designs
\# Test Steps
\# Other Notes
* Revert "This (temporary) change is needed to prevent the unit tests from failing."
This reverts commit
|
||
|
Marc 'risson' Schmitt
|
0ce017b77e |
web/admin: show selected policy engine mode on bindings pages, allow setting it on sources (#12963)
* web/admin: show select policy engine mode on bindings pages, allow setting it in sources Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * slight cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Ken Sternberg
|
a01bb551d0 |
web/standards: fix boolean attribute abuse (#14662)
* web: Add InvalidationFlow to Radius Provider dialogues
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* This (temporary) change is needed to prevent the unit tests from failing.
\# What
\# Why
\# How
\# Designs
\# Test Steps
\# Other Notes
* Revert "This (temporary) change is needed to prevent the unit tests from failing."
This reverts commit
|
||
|
Teffen Ellis
|
c28b65a3f2 |
Web: Controllers cleanup (#14616)
* web: Fix issues surrounding availability of controllers during init. web: Fix edgecase where flow does not have brand. * web: Fix import path. * web: Clean up mixin/controller paths. * web: Prepare for consistent import styling. - Prep for Storybook fixes. * web: Update MDX types. * web: Fix issues surrounding async imports, MDX typing, relative paths. * web: Format. Clarify. * web: Group module types. |
||
|
Teffen Ellis
|
b72d0e84c9 | web: (ESLint) Use dot notation. (#14557) | ||
|
Teffen Ellis
|
f70635c295 |
web: Clean up browser-only module imports that crash WebDriverIO. (#14330)
* web: Clean up browser-only module imports that crash WebDriverIO. * web: Clarify slug format output. |
||
|
Teffen Ellis
|
46a968d1dd | web: Improve form input validation and visibility. (#12812) | ||
|
Simonyi Gergő
|
ff504a3b80 |
stages/redirect: create redirect stage (#12275)
* create redirect stage * show "keep context" toggle in Flow mode only * fix typos * add docs Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> * simplify property pass * simplify toggle * remove `print` statements whoops * fix typo * remove default from `RedirectStage.mode` * remove migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * oops Signed-off-by: Jens Langhammer <jens@goauthentik.io> * adjust docs Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Ken Sternberg
|
ee58cf0c1c |
web: add HTMLTagNameElementMaps to everything to activate lit analyzer (#10217)
* web: fix esbuild issue with style sheets
Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).
Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.
In standard mode, the following warning appears on the console when running a Flow:
```
Autofocus processing was blocked because a document already has a focused element.
```
In compatibility mode, the following **error** appears on the console when running a Flow:
```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
at initDomMutationObservers (crawler-inject.js:1106:18)
at crawler-inject.js:1114:24
at Array.forEach (<anonymous>)
at initDomMutationObservers (crawler-inject.js:1114:10)
at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```
Despite this error, nothing seems to be broken and flows work as anticipated.
* web: add more linting
* A reliable test for the extra code needed in analyzer, passing shellcheck
* web: re-enable custom-element-manifest and enable component checking in Typescript
This commit includes a monkeypatch to allow custom-element-manifest (CEM) to work correctly again
despite our rich collection of mixins, reactive controllers, symbol-oriented event handlers, and the
like. With that monkeypatch in place, we can now create the CEM manifest file and then exploit it so
that IDEs and the Typescript compilation pass can tell when a component is being used incorrectly;
when the wrong types are being passed to it, or when a required attribute is not initialized.
* Added building the manifest to the build process, rather than storing it. It is not appreciably slow.
* web: the most boring PR in the universe: Add HTMLTagNameElementMap to everyhing
This commit adds HTMLTagNameElementMap entries to every web component in the front end. Activating
and associating the HTMLTagNamElementMap with its class has enabled
[LitAnalyzer](https://github.com/runem/lit-analyzer/tree/master/packages/lit-analyzer) to reveal a
*lot* of basic problems within the UI, the most popular of which is "missing import." We usually get
away with it because the object being imported was already registered with the browser elsewhere,
but it still surprises me that we haven't gotten any complaints over things like:
```
./src/flow/stages/base.ts
Missing import for <ak-form-static>
96: <ak-form-static
no-missing-import
```
Given how early and fundamental that seems to be in our code, I'd have expected to hear _something_
about it.
I have not enabled most of the possible checks because, well, there are just a ton of warnings when
I do. I'd like to get in and fix those.
Aside from this, I have also _removed_ `customElement` declarations from anything declared as an
`abstract class`. It makes no sense to try and instantiate something that cannot, by definition, be
instantiated. If the class is capable of running on its own, it's not abstract, it just needs to be
overridden in child classes. Before removing the declaration I did check to make sure no other
piece of code was even *trying* to instantiate it, and so far I have detected no failures. Those
elements were:
- elements/forms/Form.ts
- element-/wizard/WizardFormPage.ts
The one that blows my mind, though, is this:
```
src/elements/forms/ProxyForm.ts
6-@customElement("ak-proxy-form")
7:export abstract class ProxyForm extends Form<unknown> {
```
Which, despite being `abstract`, is somehow instantiable?
```
src/admin/outposts/ServiceConnectionListPage.ts: <ak-proxy-form
src/admin/providers/ProviderListPage.ts: <ak-proxy-form
src/admin/sources/SourceWizard.ts: <ak-proxy-form
src/admin/sources/SourceListPage.ts: <ak-proxy-form
src/admin/providers/ProviderWizard.ts: <ak-proxy-form type=${type.component}></ak-proxy-form>
src/admin/stages/StageListPage.ts: <ak-proxy-form
```
I've made a note to investigate.
I've started a new folder where all of my one-off tools for *how* a certain PR was run. It has a
README describing what it's for, and the first tool, `add-htmlelementtagnamemaps-to-everything`, is
its first entry. That tool is also documented internally.
``` Gilbert & Sullivan
I've got a little list,
I've got a little list,
Of all the code that would never be missed,
The duplicate code of cute-and-paste,
The weak abstractions that lead to waste,
The embedded templates-- you get the gist,
There ain't none of 'em that will ever be missed,
And that's why I've got them on my list!
```
|
||
|
Ken Sternberg
|
d555c0db41 |
web: abstract rootInterface()?.config?.capabilities.includes() into .can() (#7737)
* This commit abstracts access to the object `rootInterface()?.config?` into a single accessor,
`authentikConfig`, that can be mixed into any AKElement object that requires access to it.
Since access to `rootInterface()?.config?` is _universally_ used for a single (and repetitive)
boolean check, a separate accessor has been provided that converts all calls of the form:
``` javascript
rootInterface()?.config?.capabilities.includes(CapabilitiesEnum.CanImpersonate)
```
into:
``` javascript
this.can(CapabilitiesEnum.CanImpersonate)
```
It does this via a Mixin, `WithCapabilitiesConfig`, which understands that these calls only make
sense in the context of a running, fully configured authentik instance, and that their purpose is to
inform authentik components of a user’s capabilities. The latter is why I don’t feel uncomfortable
turning a function call into a method; we should make it explicit that this is a relationship
between components.
The mixin has a single single field, `[WCC.capabilitiesConfig]`, where its association with the
upper-level configuration is made. If that syntax looks peculiar to you, good! I’ve used an explict
unique symbol as the field name; it is inaccessable an innumerable in the object list. The debugger
shows it only as:
Symbol(): {
cacheTimeout: 300
cacheTimeoutFlows: 300
cacheTimeoutPolicies: 300
cacheTimeoutReputation: 300
capabilities: (5) ['can_save_media', 'can_geo_ip', 'can_impersonate', 'can_debug', 'is_enterprise']
}
Since you can’t reference it by identity, you can’t write to it. Until every browser supports actual
private fields, this is the best we can do; it does guarantee that field name collisions are
impossible, which is a win.
The mixin takes a second optional boolean; setting this to true will cause any web component using
the mixin to automatically schedule a re-render if the capabilities list changes.
The mixin is also generic; despite the "...into a Lit-Context" in the title, the internals of the
Mixin can be replaced with anything so long as the signature of `.can()` is preserved.
Because this work builds off the work I did to give the Sidebar access to the configuration without
ad-hoc retrieval or prop-drilling, it wasn’t necessary to create a new context for it. That will be
necessary for the following:
TODO:
``` javascript
rootInterface()?.uiConfig;
rootInterface()?.tenant;
me();
```
* web: Added a README with a description of the applications' "mental model," essentially an architectural description.
* web: prettier had opinions about the README
* web: Jens requested that subscription be by default, and it's the right call.
* This commit abstracts access to the object `rootInterface()?.config?` into a single accessor,
`authentikConfig`, that can be mixed into any AKElement object that requires access to it.
Since access to `rootInterface()?.config?` is _universally_ used for a single (and repetitive)
boolean check, a separate accessor has been provided that converts all calls of the form:
``` javascript
rootInterface()?.config?.capabilities.includes(CapabilitiesEnum.CanImpersonate)
```
into:
``` javascript
this.can(CapabilitiesEnum.CanImpersonate)
```
It does this via a Mixin, `WithCapabilitiesConfig`, which understands that these calls only make
sense in the context of a running, fully configured authentik instance, and that their purpose is to
inform authentik components of a user’s capabilities. The latter is why I don’t feel uncomfortable
turning a function call into a method; we should make it explicit that this is a relationship
between components.
The mixin has a single single field, `[WCC.capabilitiesConfig]`, where its association with the
upper-level configuration is made. If that syntax looks peculiar to you, good! I’ve used an explict
unique symbol as the field name; it is inaccessable an innumerable in the object list. The debugger
shows it only as:
Symbol(): {
cacheTimeout: 300
cacheTimeoutFlows: 300
cacheTimeoutPolicies: 300
cacheTimeoutReputation: 300
capabilities: (5) ['can_save_media', 'can_geo_ip', 'can_impersonate', 'can_debug', 'is_enterprise']
}
Since you can’t reference it by identity, you can’t write to it. Until every browser supports actual
private fields, this is the best we can do; it does guarantee that field name collisions are
impossible, which is a win.
The mixin takes a second optional boolean; setting this to true will cause any web component using
the mixin to automatically schedule a re-render if the capabilities list changes.
The mixin is also generic; despite the "...into a Lit-Context" in the title, the internals of the
Mixin can be replaced with anything so long as the signature of `.can()` is preserved.
Because this work builds off the work I did to give the Sidebar access to the configuration without
ad-hoc retrieval or prop-drilling, it wasn’t necessary to create a new context for it. That will be
necessary for the following:
TODO:
``` javascript
rootInterface()?.uiConfig;
rootInterface()?.tenant;
me();
```
* web: Added a README with a description of the applications' "mental model," essentially an architectural description.
* web: prettier had opinions about the README
* web: Jens requested that subscription be by default, and it's the right call.
* web: adjust RAC to point to the (now independent) Interface.
- Also, removed redundant check.
|
||
|
Jens L
|
3e530cf1b5 |
flows: add "require outpost" authentication_requirement (#7921)
* migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Jens L
|
729ef4d786 |
root: bump python deps (django 5) (#7862)
* bump python deps Signed-off-by: Jens Langhammer <jens@goauthentik.io> * vendor pickle serializer for now Signed-off-by: Jens Langhammer <jens@goauthentik.io> #7761 * cleanup some things and re-build api scheme Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web and go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually fix go...? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better annotate json fields Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use jsondictfield wherever Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove all virtualenvs? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * final version bump Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Ken Sternberg
|
b181c551a5 |
web: expressing success (#7830)
* web: expressing success Ever see an idiom that just, I dunno, *annoyed* you? Automated tools for the win. * web: repetition, repetition, repetition! [throws chair] * web: giving the de-duplication treatment to policy mappings. * Created a BaseStageForm with success message and canonical primary key type for for Providers, Sources, and Stages. |
||
|
Jens L
|
b503379319 |
web: fix form default submit handler (#7122)
* web/elements: rename renderInlineForm to renderForm set submit handler to empty function Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix all kinds of forms not using the form inheritance correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Ken Sternberg
|
44a057ed9c |
web: Replace lingui.js with lit-localize (#5761)
* \#\# Details
web: replace lingui with lit/localize
\#\# Changes
This rather massive shift replaces the lingui and `t()` syntax with lit-localize, XLIFF, and the `msg()`
syntax used by lit-localize. 90% of this work was mechanized; simple perl scripts found and replaced
all uses of `t()` with the appropriate corresponding syntax for `msg()` and `msg(str())`.
The XLIFF files were auto-generated from the PO files. They have not been audited, and they should be
checked over by professional translators. The actual _strings_ have not been changed, but as this was
a mechanized change there is always the possibility of mis-translation-- not by the translator, but by
the script.
* web: revise lit/localize: fix two installation issues.
* web: revise localization
TL;DR:
- Replaced all of Lingui's `t()` syntax with `msg()` syntax.
- Mechanically (i.e with a script) converted all of the PO files to XLIFF files
- Refactored the localization code to be a bit smarter:
- the function `getBestMatchLocale` takes the locale lists and a requested locale, and returns the
first match of:
- The locale's code exactly matches the requested locale
- The locale code exactly matches the prefix of the requested locale (i.e the "en" part of "en-US")
- the locale code's prefix exactly matches the prefix of the requested locale
This function is passed to lit-locate's `loadLocale()`.
- `activateLocale()` just calls `loadLocale()` now.
- `autodetectLanguage` searches the following, and picks the first that returns a valid locale
object, before passing it to `loadLocale()`:
- The User's settings
- A `?locale=` component found in `window.location.search`
- The `window.navigator.language` field
- English
The `msg()` only runs when it's run. This seems obvious, but it means that you cannot cache
strings at load time; they must be kept inside functions that are re-run so that the `msg()` engine
can look up the strings in the preferred language of the user at that moment.
You can use thunks-of-strings if you really need them that way.
* Including the 'xliff-converter' in case anyone wants to review it.
* The xliff-converter is tagged as 'xliff-converter', but has been
deleted.
\#\# Details
- Resolves #5171
\#\# Changes
\#\#\# New Features
- Adds a "Add an Application" to the LibraryView if there are no applications and the user is an administrator.
\#\#\# Breaking Changes
- Adds breaking change which causes \<issue\>.
\#\# Checklist
- [ ] Local tests pass (`ak test authentik/`)
- [ ] The code has been formatted (`make lint-fix`)
If an API change has been made
- [ ] The API schema has been updated (`make gen-build`)
If changes to the frontend have been made
- [ ] The code has been formatted (`make web`)
- [ ] The translation files have been updated (`make i18n-extract`)
If applicable
- [ ] The documentation has been updated
- [ ] The documentation has been formatted (`make website`)
* web: fix redundant locales for zh suite.
* web: prettier pass for locale update
* web: localization moderization
Changed the names of the lit-localize commands to make it clear they're
part of the localization effort, and not just "build" and "extract".
* update transifex config
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix package lock?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use build not compile
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* web: conversion to lit-localize
The CI produced a list of problems that I hadn't caught earlier,
due to a typo ("localize build" is correct, "localize compile" is
not) I had left in package.json. They were minor and linty, but
it was still wise to fix them.
* web: replace lingui with lit/locale
This commit fixes some minor linting issues that were hidden by a typo in package.json. The
issues were not apparently problematic from a Javascript point of view, but they pointed
to sloppy thinking in the progression of types through the system, so I cleaned them
up and formalized the types from LocaleModule to AkLocale.
* web: replace lingui with lit/localize
One problem that has repeatedly come up is that localize's templates do not produce
JavaScript that conforms with our shop style. I've replaced `build-locale` with
a two-step that builds the locale *and* ensures that it conforms to the shop style
via `prettier` every time.
* web: replace lingui with lit-locale
This commit applies the most recent bundle of translations to the
new lit-locale aspect component. It also revises the algorithm
for *finding* the correct locale, replacing the complex fall-back
with some rather straightforward regular expressions.
In the case of Chinese, the fallback comes at the end of the
selection list, which may not be, er, politically valuable
(since Taiwan and Hong Kong come before, being exceptions that
need to be tested). If we need a different order for presentation,
that'll be a future feature.
* web: replace lingui with lit/locale
Well, that was embarassing.
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
|
||
|
Jens L
|
3f607ee2c8 |
policies: make policy engine modes consistent with database values (#5462)
* policies: make policy engine modes consistent with database values Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix in ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing case Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Jens L
|
da6e74a353 | web/admin: fix file path setting not saved properly (#5463) | ||
|
Jens L
|
fef841a458 |
web/admin: always override send method instead of assigning (#5426)
Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Jens L
|
cc8f52b502 |
web/admin: fix state issue after clearIcon/Background is used and for… (#5423)
web/admin: fix state issue after clearIcon/Background is used and form is re-used Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Jens L
|
948b83a2b2 |
web: fix build (#5327)
Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Jens L
|
14f0034a0a |
web/elements: only render form once instance is loaded (#5049)
* web/elements: only render form once instance is loaded Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use radio for transport Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only wait for instance to be loaded if set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add hook to load additional data in form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make send an abstract function instead of attribute Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure form is updated after data is loaded Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove until for select and multi-selects in forms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't use until for file uploads Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove last until from form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove deprecated import Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prevent form double load, add error handling for PreventFormSubmit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix double creation of inner element in proxy form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make PreventFormSubmit work correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Jens L
|
ddbd8153e2 |
web: migrate checkbox to switch (#4409)
* start migrating to switch Signed-off-by: Jens Langhammer <jens@goauthentik.io> * general cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove broken Create provider Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate all Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate table selectors, fix dark theme Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io> |
||
|
Jens L
|
ba5cd6e719 |
web/admin: add Radio control, search-select fixes (#4333)
* move search select to forms folder Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add radio, migrate smaller lists Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move dropdown when scrolling, hide when container out of frame Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> |
||
|
Jens L
|
db95dfe38d |
security: fix CVE 2022 46145 (#4140)
* add flow authentication requirement Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add website for cve Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: handle FlowNonApplicableException without policy result Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> |
||
|
Jens L
|
4a91a7d2e2 |
web: re-organise frontend and cleanup common code (#3572)
* fix repo in api client Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: re-organise files to match their interface Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: include version in script tags Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * cleanup maybe broken Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * revert rename Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: get rid of Client.ts Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move more to common Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more moving Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * format Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * unfuck files that vscode fucked, thanks Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * finish moving (maybe) Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ok more moving Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix more stuff that vs code destroyed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * get rid "web" prefix for virtual package Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix locales Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * use custom base element Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix css file Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't run autoDetectLanguage when importing locale Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix circular dependencies Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix build Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> |