authentik

mirror of https://github.com/goauthentik/authentik synced 2026-05-10 17:12:08 +02:00

Author	SHA1	Message	Date
Dominic R	3873f43ea3	outpost/proxyv2: fix stale session cookie causing 400 error in createState (#19026 )	2026-01-13 10:52:42 -05:00
Dominic R	a479c79b34	internal/outpost: improve PostgreSQL connection options parsing (#19118 ) * internal: Outpost's conn options should be base64 json * correctly parse target_session_attrs + tests * fix port handling to use env provided port * add multiple port handling abilities to mirror the python config parser --------- Co-authored-by: Duncan Tasker <tasatree@gmail.com>	2026-01-13 10:52:28 -05:00
Jens L.	34547048a1	internal: rework liveness probe and proxy (#19312 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-01-13 15:11:07 +01:00
Marc 'risson' Schmitt	1a4ae2f102	outpost/proxyv2: reduce max number of postgres connections (#19211 )	2026-01-06 18:19:41 +00:00
Dominic R	1a963d27c8	admin/files: support %(theme)s variable in media file paths (#19108 ) * admin/files: support %(theme)s variable in media file paths * wip * Apply suggestion from @rissson Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Dominic R <dominic@sdko.org> --------- Signed-off-by: Dominic R <dominic@sdko.org> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2026-01-06 13:21:11 +00:00
Connor Peshek	4ac01724a5	rbac: Add show all to roles tab, add role tab to groups (#19097 ) * improve sort order and inherit visual * Update web/src/admin/groups/GroupViewPage.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * Update web/src/admin/users/UserViewPage.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * Update web/src/admin/roles/RelatedRoleList.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * Update web/src/admin/roles/RelatedRoleList.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * Update web/src/admin/roles/RelatedRoleList.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * Update web/src/admin/roles/RelatedRoleList.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * setup include inherited roles and fix returning nothing * update api calls * fix rendering error * do not use set * change from exception handling * go off query param * fix wording * fix linting error for new group api structure --------- Signed-off-by: Connor Peshek <connor@connorpeshek.me> Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>	2026-01-05 23:14:44 +00:00
Jens L.	b5848765b2	internal: update TLS Suite (#19076 ) * internal: update TLS Suite Signed-off-by: Jens Langhammer <jens@goauthentik.io> * disable chacha20 due to fips Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-12-28 14:46:27 +01:00
Jens L.	9ef7f706e9	internal: don't warn on empty outpost for embedded (#18786 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-12-14 00:50:58 +01:00
authentik-automation[bot]	fbe8028b08	root: bump version to 2026.2.0-rc1 (#18794 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>	2025-12-12 20:59:47 +00:00
Marcelo Elizeche Landó	15b93a5e9d	stages/identification: Add WebAuthn conditional UI (passkey autofill) support (#18377 ) * add passkey_login to identification stage * handle passkey auth in identification stage * Add passkey settings in identification stage in the admin UI * Add UI changes for basic passkey conditional login * Fix linting * rework Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update tests * update admin form * allow passing stage to validate_challenge_webauthn * update flows/tests/test_inspector.py * update for new field * Fix linting * update go solvers for identification challenge * Refactor tests * Skip mfa validation if user already authenticated via passkey at identification stage * Add skip_if_passkey_authenticated option to authenticator validate stage and UI * Add e2e test for passkey login conditional ui * add policy Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Remove skip_if_passkey_authenticated * fix blueprint * Set backend so password stage policy knows user is already authenticated * Set backend so password stage policy knows user is already authenticated * fix linting * slight tweaks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * simplify e2e test --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Marcelo Elizeche Landó <marcelo@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-12-11 11:49:05 -03:00
Dominic R	3353db0d7f	outpost/proxyv2: more tests, fix pg password with spaces, and existing session on restart (#18211 ) * outpost/proxyv2: handle PostgreSQL passwords with spaces and special characters And modify / add some more tests and a bit of refactoring * Potential fix for code scanning alert no. 268: Disabled TLS certificate check Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Dominic R <dominic@sdko.org> * Revert "Potential fix for code scanning alert no. 268: Disabled TLS certificate check" This reverts commit `ead227a272`. * wip * fix incorrect status code in error response Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Dominic R <dominic@sdko.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-12-11 14:25:41 +00:00
Simonyi Gergő	f7e23295ed	core: add digraph group hierarchy (#17050 ) * move imports * core: add digraph group hierarchy * move to permissions from Group or User to Role * set group parents on frontend * do not serialize `GroupParentageNode` directly * core: enforce unique group name on database level Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use group parents in LDAP provider * add user-role relationship control to frontend * move materialized view to be more discoverable * add guardian to mypy exceptions * make `Role` a `ManagedModel` * fixup! make `Role` a `ManagedModel` * simplify `get_objects_for_user` * fix flaky unit test * rename `django-guardian` fork to `ak-guardian` * add tests around users/groups/roles * remove unused guardian config variable * simplify guardian file structure * clean up frontend * initial docs * remove `mode` from `InitialPermissions` This is no longer needed, since users no longer directly have permissions. * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy * clean up docs for managing permissions * addendums from docs review * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy * tweaks * dewi and tana edits to docs * tweak * truly final tweaks, for now * relabel Role Permissions table * clarify button label * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy * merge migrations * fixup! Merge branch 'main' into core/add-digraph-group-hierarchy --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tana@goauthentik.io>	2025-12-08 12:04:04 +01:00
Marc 'risson' Schmitt	c30d1a478d	files: rework (#17535 ) Co-authored-by: Dominic R <dominic@sdko.org> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tana@goauthentik.io>	2025-12-02 18:01:51 +01:00
Jens L.	1aff2c2b3a	providers/radius: revert fix inverted message authenticator validation (#17855 ) (#17915 ) Revert "providers/radius: fix inverted message authenticator validation (#17855)" This reverts commit `09e3301c8f`.	2025-11-03 16:10:41 +01:00
Jens L.	894db1237a	internal: add default go http server timeouts (#17858 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-11-01 19:04:13 +01:00
Jens L.	09e3301c8f	providers/radius: fix inverted message authenticator validation (#17855 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-11-01 17:58:48 +01:00
Jens L.	f242de17f5	internal: full openssl path (#17856 )	2025-10-31 15:14:43 +01:00
Teffen Ellis	45d0c7c24b	web/a11y: Isolated Outpost Error Page (#17683 ) * web: Remove external resources from error page. * web: Remove home link.	2025-10-30 23:00:01 +00:00
Dominic R	ec00a918b3	outposts: update permissions more eagerly (#17783 ) * wip * wip * a * a Signed-off-by: Dominic R <dominic@sdko.org> * rm * this * rm test files * cover one more case Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Dominic R <dominic@sdko.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-10-30 18:33:51 +01:00
Marc 'risson' Schmitt	1b77e93ecb	internal/web/proxy: fix return status code during startup (#17827 )	2025-10-30 17:12:42 +01:00
Jens L.	9b6aa56df2	providers/radius: fix panic when no cert is configured (#17762 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-10-28 15:42:11 +01:00
Jens L.	e7235732bb	providers/proxy: fix missing JWT/claims header (#17759 ) * replace interface{} with any Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix raw token not saved to map or json Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also fix proxy claims Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix test Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-10-28 15:14:07 +01:00
Jens L.	e2904d13a9	providers/proxy: add gorm logging (#17758 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-10-28 14:39:47 +01:00
Jens L.	e9347e88e1	providers/proxy: drop headers with underscores (#17650 ) drop any headers with underscores that we set in the remote system Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-10-22 15:19:34 +02:00
authentik-automation[bot]	db213a8944	root: bump version to 2025.12.0-rc1 (#17603 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>	2025-10-21 01:10:16 +02:00
Jens L.	9847c3adc8	providers/proxy: fix missing postgres import (#17582 ) Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-10-21 00:09:54 +02:00
Dominic R	795a025af9	outpost/proxyv2: postgresstore: db/pool/misc cleanup and enhancement (#17511 ) * wip * Update internal/outpost/proxyv2/application/session_postgres_test.go Signed-off-by: Dominic R <dominic@sdko.org> * Update refresh.go Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Dominic R <dominic@sdko.org> --------- Signed-off-by: Dominic R <dominic@sdko.org> Co-authored-by: Jens L. <jens@goauthentik.io>	2025-10-20 16:25:13 +02:00
Dominic R	06bfcf04e3	outpost/proxyv2: postgresstore: credential refresh (#17414 ) * outpost/proxyv2: postgresstore: credential refresh * wip * mabye * mabye fix	2025-10-15 15:22:27 +02:00
Marc 'risson' Schmitt	23357f45e9	: remove Redis leftovers (#17146 ) : remove Redis leftovers Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> more removal Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix leftover Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more removal Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix broken anchor Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * re-add redis for previous version migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-10-11 01:46:53 +02:00
Dominic R	6dde8bdd4a	outpost: proxyv2: Use Postgres for the Embedded Outpost (#16628 ) * wip Co-authored-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Dominic R <dominic@sdko.org> * remove testing files * a * wip * pls * pls2 * a * Update authentik/providers/proxy/models.py Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: Dominic R <dominic@sdko.org> * makemigrations * pls * pls1000 * dont migrate in go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set uuid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more test cases Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better logging Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set gorm nowfunc (gorm defaults to local time) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve test db closing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move expiration to field Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont' manually set table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refactor tests more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix em Signed-off-by: Jens Langhammer <jens@goauthentik.io> * postgres cleanup is done by worker Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update expiry and set expiring Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Dominic R <dominic@sdko.org> Co-authored-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@beryju.org>	2025-10-09 16:59:15 +02:00
Jens L.	68292fede2	enterprise/stages/mtls: Improve Email address extraction (#17068 ) * enterprise/stages/mtls: improve email attribute extraction Signed-off-by: Jens Langhammer <jens@goauthentik.io> * return error from outpost flow executor correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-09-28 19:28:52 +02:00
Jens L.	4ec785a598	core/api: Better naming for partial user/group serializer, optimise bindings (#17022 ) * core: add index on Group.is_superuser (#17011) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update go code Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also optimise bindings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * typo Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove unused Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2025-09-26 14:43:39 +02:00
Marc 'risson' Schmitt	e2040dc3ad	lib/config: fix listen settings (#17005 )	2025-09-25 15:31:17 +00:00
Marc 'risson' Schmitt	9df7e50b8f	outposts/ldap: add pwdChangeTime attribute (#17010 ) * outposts/ldap: add pwdChangeTime attribute Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * simplify Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-09-25 16:16:08 +02:00
Daniel Adu-Gyan	e415d3b667	providers/ldap: add include_children parameter to cached search mode (#16918 )	2025-09-25 14:41:33 +02:00
Katsushi Kobayashi	053c639aa8	outposts: fix flow executor when using subpath (#16947 ) * Refer refConfig's URL * Update internal/outpost/flow/executor.go Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: Katsushi Kobayashi <ikob@acm.org> --------- Signed-off-by: Katsushi Kobayashi <ikob@acm.org> Co-authored-by: Jens L. <jens@beryju.org>	2025-09-25 14:34:44 +02:00
Marco Lecheler	df33b4d3e9	website: fix docs links (#16926 ) * fix: add other docker-compose links * fix: update other docs urls	2025-09-24 11:48:33 -04:00
Jens L.	1f81d234cb	enterprise/providers/radius: add EAP-TLS support (#15702 ) * implement with library (backend) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add basic docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add enterprise notice to certificate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clearer enterprise stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * idk Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-09-23 23:54:09 +02:00
Teffen Ellis	04a8357708	web: Automatic reload during server start up. (#16030 ) * web: Automatic reload during server start up. * web: Flesh out reload behavior. * web: Flesh out wave boi.	2025-08-26 15:13:22 +00:00
Dominic R	1c36b361b2	router: fix missing response headers on compressed 404 for static files (#16216 ) * router: only serve dist assets if present; fallback to backend 404 * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-08-18 20:18:28 +01:00
authentik-automation[bot]	130fe4cac7	root: bump version to 2025.10.0-rc1 (#16149 ) Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>	2025-08-12 21:17:14 +00:00
Marc 'risson' Schmitt	a4c7e7ba2e	root: bump version to 2025.8.0-rc1 (#16135 )	2025-08-12 15:24:23 +00:00
Jens L.	a38239509b	root: Better version bump (#14905 ) Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2025-08-12 13:50:12 +00:00
Dominic R	ffe767fe13	outpost: proxy: handle nil HTTP response in attemptBasicAuth function (#13781 ) * outpost: proxy: handle nil HTTP response in attemptBasicAuth function Fixes a nil pointer dereference that occurs when an HTTP request fails in the attemptBasicAuth function. Added additional checks to safely handle cases where the HTTP response or its body is nil. * add defer res.Body.Close() to prevent resource leaks in basic auth * oops * this * Revert "this" This reverts commit `7f7d110291`. * wip * better?	2025-08-12 11:40:18 +01:00
Tom Neuber	7ed3fed5c3	outpost/proxyv2: add session cleanup for filesystem session store (#15798 ) * proxyv2/filesystemstore: add persistent filesystem store to implement a session cleanup job * proxyv2: add session cleanup for filesystem session store	2025-08-09 20:13:39 +01:00
Daniel Adu-Gyan	ab1f87cfd6	core, providers/ldap: add parent/child groups to api and ldap results (#14974 )	2025-08-04 14:29:16 +02:00
Jens L.	c0e62d14cb	revert: web: Font fixes (#15581 ) (#15789 ) Revert "web: Font fixes (#15581)" This reverts commit `f00772faf1`.	2025-07-25 13:54:15 +02:00
Teffen Ellis	f00772faf1	web: Font fixes (#15581 ) * add base element Signed-off-by: Jens Langhammer <jens@goauthentik.io> * web: Rewrite relative CSS asset paths. Update fonts. Update web/bundler/css-assets-plugin/node.js Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2025-07-24 15:40:38 +00:00
Jens L.	6d68844270	root: backport release 2025.6.4 (#15723 ) release: 2025.6.4	2025-07-22 15:38:16 +02:00
Jens L.	4b37829f67	providers/radius: set message authenticator (#15635 ) * core: fix flow planner checking against wrong user when creating recovery link Signed-off-by: Jens Langhammer <jens@goauthentik.io> * validate incoming message authenticator Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2025-07-19 22:08:58 +02:00

1 2 3 4 5 ...

732 Commits