eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-05-10 00:52:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
21,675 Commits 347 Branches 440 Tags
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
Commit Graph

21675 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
c04c7ab64d web: bump the storybook group across 1 directory with 5 updates (#20035) 
Bumps the storybook group with 4 updates in the /web directory: [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/docs), [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links), [@storybook/web-components](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/web-components) and [@storybook/web-components-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/frameworks/web-components-vite).


Updates `@storybook/addon-docs` from 10.2.4 to 10.2.6
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.6/code/addons/docs)

Updates `@storybook/addon-links` from 10.2.4 to 10.2.6
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.6/code/addons/links)

Updates `@storybook/web-components` from 10.2.4 to 10.2.6
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.6/code/renderers/web-components)

Updates `@storybook/web-components-vite` from 10.2.4 to 10.2.6
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.6/code/frameworks/web-components-vite)

Updates `storybook` from 10.2.4 to 10.2.6
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.6/code/core)

---
updated-dependencies:
- dependency-name: "@storybook/addon-docs"
  dependency-version: 10.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
- dependency-name: "@storybook/addon-links"
  dependency-version: 10.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
- dependency-name: "@storybook/web-components"
  dependency-version: 10.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
- dependency-name: "@storybook/web-components-vite"
  dependency-version: 10.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
- dependency-name: storybook
  dependency-version: 10.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-05 12:14:29 +01:00
dependabot[bot]
5ec14ee0ae core: bump library/nginx from 9dd2888 to b17697e in /website (#20036) 
Bumps library/nginx from `9dd2888` to `b17697e`.

---
updated-dependencies:
- dependency-name: library/nginx
  dependency-version: 1.29-trixie
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-05 12:13:52 +01:00
dependabot[bot]
995a710c10 web: bump @types/react from 19.2.10 to 19.2.11 in /web in the react group across 1 directory (#20038) 
web: bump @types/react in /web in the react group across 1 directory

Bumps the react group with 1 update in the /web directory: [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react).


Updates `@types/react` from 19.2.10 to 19.2.11
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

---
updated-dependencies:
- dependency-name: "@types/react"
  dependency-version: 19.2.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: react
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-05 12:13:17 +01:00
Jens L.
efb709992c lib: add helper for creating events in migration (#20044) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-05 12:11:13 +01:00
dependabot[bot]
c6f3c715ba ci: bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 (#20037) 
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 5.1.1 to 6.0.0.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](61815dcd50...8df5847569)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-05 12:04:50 +01:00
Jens L.
fe97c45d63 web/flows: revisit agent stage fallback delay (#20028) 
* web/flows: revisit agent stage fallback delay

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix delay not being converted to seconds

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make type checker happy

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-05 00:46:49 +01:00
Dewi Roberts
a7de5ed482 website/docs: endpoint devices: specify name and slug (#20016) 
* specify name and slug

* Update configuration.md

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
 2026-02-04 21:59:04 +00:00
Jens L.
f18c3c23fe website/docs: dont throw exception for outdated version badges (#20024) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-04 22:45:28 +01:00
authentik-automation[bot]
7e359a9a58 web: bump API Client version (#20017) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2026-02-04 20:51:21 +01:00
Jens L.
68c7037eea flows: add option for flow layout with frame background (#19527) 
* flows: add option for flow layout with frame background

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Tidy variables. Fix mobile and tablet layouts, shadows.

* Update web/src/flow/FlowExecutor.ts

Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2026-02-04 17:39:01 +01:00
Dewi Roberts
30d41ded81 website/docs: endpoint devices: more updates (#19971) 
* Add notes about headless servers

* Edits

* Spacing

* WIP

* WIP

* WIP

* Fix link

* Reporting issues

* Apply suggestions from code review

Co-authored-by: Dominic R <dominic@sdko.org>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/endpoint-devices/device-authentication/ssh-authentication.mdx

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
 2026-02-04 16:19:18 +00:00
Tana M Berry
3fd278e16d website/docs: add a new page to help people get started after install is complete (#19217) 
* new first steps docs

* moved email config up to match Docker

* first draft

* moved sections and retitled some

* more content, tweaks

* dewis edits

* added Dewi ideas, more content, tweaks

* more content, green tips, other fixes

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* conflicts?

* dominic's eedits, more content

* another fine Dominic edit

* more dewi and dominic edits, links

* a bunch of things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* tweaks

* thanks Teffen

* new styles, more content

* few more dominic edits, tweaks

* formatting fights on tips

* fix some alignments

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* changes from Jens

* work on bindings docs that was needed for the first steps docs

* links, more tweaks

* more edits, more TODOs done

* add mermaid diagram, more links, more content

* fix sidebar, tweaks

* tweak

* more link fixing

* fix heading size

* more dewi and dominic edits

* more dewi and dominic edits

* teffen enhancements yay and more bindings rearchitecting

* added note about stage bindings being the only type of binding that you can bind to yeehaw

---------

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-04 15:31:46 +01:00
Kolega.dev
a90870437e brands: fix Domain Matching in Brand Resolution (#19976) 
security: add dot-boundary check in brand domain matching

The domain matching used iendswithout boundary checking, allowing
'fake-example.com' to match a brand configured for 'example.com'.
Added explicit check for either exact match or subdomain match with
dot boundary to prevent partial domain suffix attacks.

Co-authored-by: kolega.dev <faizan@kolega.ai>
 2026-02-04 15:18:29 +01:00
dependabot[bot]
8fe584b473 core: bump ruff from 0.14.14 to 0.15.0 (#20001) 
* core: bump ruff from 0.14.14 to 0.15.0

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.14.14 to 0.15.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.14.14...0.15.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-02-04 15:18:22 +01:00
authentik-automation[bot]
d6dc91fbe7 core: bump goauthentik.io/api/v3 to 3.2026.2.0-rc1-1770134534 (#19980) 
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2026-02-04 14:00:10 +00:00
dependabot[bot]
c8c0c79106 core: bump library/node from 25.5.0-trixie to 25.6.0-trixie in /website (#20007) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-04 13:50:52 +00:00
dependabot[bot]
aea05b88c0 core: bump djangorestframework-stubs[compatible-mypy] from 3.16.7 to 3.16.8 (#20005) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-04 14:31:12 +01:00
dependabot[bot]
1d6e040974 core: bump google-api-python-client from 2.188.0 to 2.189.0 (#20004) 
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.188.0 to 2.189.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.188.0...v2.189.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-version: 2.189.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-04 14:28:32 +01:00
dependabot[bot]
097a1c94b1 core: bump aws-cdk-lib from 2.237.0 to 2.237.1 (#20003) 
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.237.0 to 2.237.1.
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/compare/v2.237.0...v2.237.1)

---
updated-dependencies:
- dependency-name: aws-cdk-lib
  dependency-version: 2.237.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-04 14:28:22 +01:00
dependabot[bot]
fc5c8ecbc1 core: bump coverage[toml] from 7.13.2 to 7.13.3 (#20002) 
Bumps [coverage[toml]](https://github.com/coveragepy/coveragepy) from 7.13.2 to 7.13.3.
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](https://github.com/coveragepy/coveragepy/compare/7.13.2...7.13.3)

---
updated-dependencies:
- dependency-name: coverage[toml]
  dependency-version: 7.13.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-04 14:28:14 +01:00
dependabot[bot]
ab660c6f44 core: bump library/nginx from 7fe5dda to 9dd2888 in /website (#20006) 
Bumps library/nginx from `7fe5dda` to `9dd2888`.

---
updated-dependencies:
- dependency-name: library/nginx
  dependency-version: 1.29-trixie
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-04 13:56:38 +01:00
dependabot[bot]
8caceee8fa ci: bump calibreapp/image-actions from 420075c115b26f8785e293c5bd5bef0911c506e5 to d9c8ee5c3dc52ae4622c82ead88d658f4b16b65f (#20008) 
ci: bump calibreapp/image-actions

Bumps [calibreapp/image-actions](https://github.com/calibreapp/image-actions) from 420075c115b26f8785e293c5bd5bef0911c506e5 to d9c8ee5c3dc52ae4622c82ead88d658f4b16b65f.
- [Release notes](https://github.com/calibreapp/image-actions/releases)
- [Commits](420075c115...d9c8ee5c3d)

---
updated-dependencies:
- dependency-name: calibreapp/image-actions
  dependency-version: d9c8ee5c3dc52ae4622c82ead88d658f4b16b65f
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-04 13:56:07 +01:00
Dominic R
154bc0c38c website/docs: fix typos (#20000) 
* pr 20000

* typo fixes
 2026-02-04 08:11:27 +00:00
authentik-automation[bot]
777c5b74e4 core, web: update translations (#19998) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2026-02-04 07:09:50 +01:00
dependabot[bot]
c52512892f web: bump @goauthentik/api from 2026.2.0-rc1-1769710374 to 2026.2.0-rc1-1770134072 in /web in the goauthentik group across 1 directory (#20009) 
web: bump @goauthentik/api

Bumps the goauthentik group with 1 update in the /web directory: [@goauthentik/api](https://github.com/goauthentik/authentik).


Updates `@goauthentik/api` from 2026.2.0-rc1-1769710374 to 2026.2.0-rc1-1770134072
- [Release notes](https://github.com/goauthentik/authentik/releases)
- [Commits](https://github.com/goauthentik/authentik/commits)

---
updated-dependencies:
- dependency-name: "@goauthentik/api"
  dependency-version: 2026.2.0-rc1-1770134072
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: goauthentik
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-04 07:09:03 +01:00
Kolega.dev
1e354820fd outposts: fix docker_tls created files permission (#19978) 
* security: use restrictive file permissions for TLS certificate files

The write_file() method used plain open() without specifying permissions,
creating files with the default umask (typically 0o644). This made private
keys readable by other users. Added an opener parameter with 0o600 mode
to ensure sensitive cryptographic material is only accessible by the owner.

* reuse

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* revert import change

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: kolega.dev <faizan@kolega.ai>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-03 23:32:50 +01:00
Connor Peshek
838c9853fa providers/saml: auto pull signature algorithm options (#17614) 
Filter signature and digest options to only allow selecting valid options for the user
 2026-02-03 15:52:04 -06:00
dependabot[bot]
5bc84ba01b core, web: bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in /packages/prettier-config (#19990) 
core, web: bump @isaacs/brace-expansion in /packages/prettier-config

Bumps @isaacs/brace-expansion from 5.0.0 to 5.0.1.

---
updated-dependencies:
- dependency-name: "@isaacs/brace-expansion"
  dependency-version: 5.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-03 22:05:01 +01:00
dependabot[bot]
99a76ee370 web: bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in /web (#19989) 
Bumps @isaacs/brace-expansion from 5.0.0 to 5.0.1.

---
updated-dependencies:
- dependency-name: "@isaacs/brace-expansion"
  dependency-version: 5.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-03 22:04:31 +01:00
Jens L.
095ff25e6d stages/authenticator_webauthn: fix double JSON encoding of webauthn options (#19952) 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-03 21:59:48 +01:00
dependabot[bot]
46771748aa core: bump django from 5.2.10 to 5.2.11 (#19988) 
Bumps [django](https://github.com/django/django) from 5.2.10 to 5.2.11.
- [Commits](https://github.com/django/django/compare/5.2.10...5.2.11)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.2.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-03 21:58:59 +01:00
Jens L.
457ea95105 ci: allow setting assignee to fail (#19985) 
ci: allow sett assignee to fail

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-03 20:17:25 +01:00
Jens L.
00e6d76981 root: revert enterprise loading behaviour (#19485) 
* root: revert enterprise loading behaviour

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove enum mapping

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* catch

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
 2026-02-03 18:28:52 +01:00
Jens L.
7cabcf83f4 web/flows: update flow background (#19974) 
* web/flows: update flow background

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* shrink

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-03 17:53:56 +01:00
Kolega.dev
b32f33b6fb providers/oauth2: use compare_digest for client_secret comparison (#19979) 
* security: use constant-time comparison for client secrets

Replace insecure '!=' comparisons with hmac.compare_digest() to prevent
timing attacks on client secret validation. This matches the existing
security pattern used elsewhere in the codebase.

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: kolega.dev <faizan@kolega.ai>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
 2026-02-03 17:38:45 +01:00
Kolega.dev
5c5415b433 recovery: consume token in transaction (#19967) 
security: prevent recovery token reuse via race condition

Token validation, user login, and token deletion were performed as
separate non-atomic operations, allowing concurrent requests to reuse
a single recovery token. Wrapped the operation in transaction.atomic()
with select_for_update() to ensure exclusive access during token use.

Co-authored-by: kolega.dev <faizan@kolega.ai>
 2026-02-03 17:38:32 +01:00
Simonyi Gergő
68f70a0953 core: ask for token duration on recovery link/email by admin (#19875) 
* add translations to `ValidationError`s in user api

* deduplicate recovery buttons

* refactor `recovery_email`

* simplify request.brand call

* ask for token duration on recovery link/email by admin

* use `@validate` decorator for admin recovery

* stylize if/else

* return uniform error message on no `view_` permission

* clarify wording on email success
 2026-02-03 16:48:51 +01:00
dependabot[bot]
ad6ce84e06 core: bump aws-cdk-lib from 2.236.0 to 2.237.0 (#19958) 
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.236.0 to 2.237.0.
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/compare/v2.236.0...v2.237.0)

---
updated-dependencies:
- dependency-name: aws-cdk-lib
  dependency-version: 2.237.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-03 16:43:56 +01:00
dependabot[bot]
239f4a84a1 web: bump the storybook group across 1 directory with 5 updates (#19960) 
Bumps the storybook group with 4 updates in the /web directory: [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/docs), [@storybook/addon-links](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/links), [@storybook/web-components](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/web-components) and [@storybook/web-components-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/frameworks/web-components-vite).


Updates `@storybook/addon-docs` from 10.2.3 to 10.2.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.4/code/addons/docs)

Updates `@storybook/addon-links` from 10.2.3 to 10.2.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.4/code/addons/links)

Updates `@storybook/web-components` from 10.2.3 to 10.2.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.4/code/renderers/web-components)

Updates `@storybook/web-components-vite` from 10.2.3 to 10.2.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.4/code/frameworks/web-components-vite)

Updates `storybook` from 10.2.3 to 10.2.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.4/code/core)

---
updated-dependencies:
- dependency-name: "@storybook/addon-docs"
  dependency-version: 10.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
- dependency-name: "@storybook/addon-links"
  dependency-version: 10.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
- dependency-name: "@storybook/web-components"
  dependency-version: 10.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
- dependency-name: "@storybook/web-components-vite"
  dependency-version: 10.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
- dependency-name: storybook
  dependency-version: 10.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: storybook
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-03 16:43:34 +01:00
dependabot[bot]
83b6112f8d core: bump library/nginx from c881927 to 7fe5dda in /website (#19961) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-03 16:33:51 +01:00
dependabot[bot]
a75c2fa77e core: bump gunicorn from 25.0.0 to 25.0.1 (#19959) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-03 16:33:28 +01:00
Marc 'risson' Schmitt
d76b5d804d core: bump goauthentik.io/api/v3 to 3.2026.2.0-rc1-1770129730 (#19973) 2026-02-03 15:11:51 +00:00
Jens L.
248756363a lifecycle: bump shm size (#19369) 
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2026-02-03 14:39:50 +00:00
Connor Peshek
ff87929dcf crypto: Add ED25519 and ED448 support to the certificate builder (#19465) 
* Add ED25519 and ED448 support to the certificate builder.

* retain cert format for non ed certs.
 2026-02-03 14:29:33 +01:00
Teffen Ellis
742472c60c web/admin: Register stage elements. Fix linter warnings (#19948) 
* Register stage elements.

* Clean up warnings.

* Fix duplicate form actions.

* Normalize attribute casing.

* Fix permissions tab nesting.

* Fix ARIA warnings, click handlers on menus.

* Fix clipboard permissions on Safari.
 2026-02-03 07:53:35 +00:00
dependabot[bot]
3b0fa0b076 web: bump knip from 5.82.1 to 5.83.0 in /web (#19962) 
Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) from 5.82.1 to 5.83.0.
- [Release notes](https://github.com/webpro-nl/knip/releases)
- [Commits](https://github.com/webpro-nl/knip/commits/knip@5.83.0/packages/knip)

---
updated-dependencies:
- dependency-name: knip
  dependency-version: 5.83.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-03 07:23:17 +00:00
authentik-automation[bot]
6d7afa44fe core, web: update translations (#19954) 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
 2026-02-03 07:58:08 +01:00
Dominic R
f1089bded8 web: refactor TOTP clipboard handlers and secret parsing (#19953) 
* web: refactor TOTP clipboard handlers and secret parsing

* Clean up duplicate clipboard write functions. Flesh out labels.

* Fix token form ARIA.

* Skip model loading when form is hidden and viewport check is enabled.

- Fixes runtime error after changing forms which modify their own slug, such as tokens.

* Fix types, labels.

---------

Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
 2026-02-03 07:19:21 +01:00
Simonyi Gergő
6de1affa22 root: fix NPM_VERSION in Makefile (#19844) 
* root: fix NPM_VERSION in Makefile

Some of us only have `python` through `uv` :)

* move NPM_VERSION declaraton to after UV

* correctly assign `NPM_VERSION` in both uv and non-uv environments
 2026-02-03 01:23:56 +01:00
Dominic R
d01dfdf7b3 web: add "Copy Secret" button to TOTP configuration stage (#19863) 
Overview:

Add a dedicated button to copy just the TOTP secret from the configuration screen, in addition to the existing "Copy TOTP Config" button that copies the full otpauth://.

Testing:

Manual MFA creation and testing copy button

Motivation:

Closes: https://github.com/goauthentik/authentik/issues/19298
 2026-02-02 18:47:31 -05:00