mirror of
https://github.com/goauthentik/authentik
synced 2026-04-27 09:57:31 +02:00
7e9e0a87f7
* enterprise: add users and events export (reports app) * enterprise/reports: replace assert with AsertionError so that the assumption check is not lost when compiling to optimised byte code * enterprise/reports: use ConditionalInheritance with ExportMixin to make reduce coupling of enterprise with the rest of authentik * enterprise/reports: use custom iterative File to save data export instead of accessing default_storage directly, so all the FileField.save logic can run correctly (e.g. creating directories) * enterprise/reports: change app label to simply "authentik_reports" * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update for new file api Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Apply suggestions from code review Signed-off-by: Dominic R <dominic@sdko.org> * wip * sources/oauth: save returned oauth refresh tokens and add slack provider (#18501) * sources/oauth: save returned oauth refresh tokens * Update authentik/sources/oauth/models.py Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * lint * add tests * fix proper id setting * update id test --------- Signed-off-by: Connor Peshek <connor@connorpeshek.me> Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net> Co-authored-by: Jens L. <jens@goauthentik.io> Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local> * core: custom avatar url improvements (#10525) Co-authored-by: Dominic R <dominic@sdko.org> * website/integrations: add salesforce (#18516) Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local> Co-authored-by: dewi-tik <dewi@goauthentik.io> Co-authored-by: Dominic R <dominic@sdko.org> * endpoints: implement endpoint stage (#18468) * endpoints: implement endpoint stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix mismatched label Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix url in mdm config Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rephrase Signed-off-by: Jens Langhammer <jens@goauthentik.io> * and API & UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add deprecated support and deprecate gdtc Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add stage mode Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework stage slightly, add frontend Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include jwks, add iat and exp Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set kid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include device details in event list Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement device summary Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add remaining tables Signed-off-by: Jens Langhammer <jens@goauthentik.io> * revert sanitize Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix uuid format issues Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> * web/flows: update default background image (#18540) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * website/integrations: add hoop.dev (#17868) Co-authored-by: iops <iops@syneforge.com> Co-authored-by: Dominic R <dominic@sdko.org> * website: Docusaurus 3.9.2 (#18506) * endpoints/stage: v2, better error handling, more settings (#18545) * add options, idle fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> * delete other device tokens during enroll Signed-off-by: Jens Langhammer <jens@goauthentik.io> * better error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> * website: Glossary (#16007) * website: Glossary fix minor issues wip Apply suggestion from @dominic-r Signed-off-by: Dominic R <dominic@sdko.org> anchor to param wip wip at least the lockfile changes now sure a-z first as tana asked idk why i switched in the first place wip wip lock lockfiles are hard wip please work no have? Revert "no have?" This reverts commit 743dbc1bc2900eedcc2c93af248e6afdec3688a3. * changed to sentence-case capitalization --------- Co-authored-by: Tana M Berry <tana@goauthentik.io> * web/i18n: Locale Context Merge Branch (#18426) * web: Update fonts to Patternfly 5 variants. * Fix order of heading override. * web: Flesh out locale context. * Fix Han pattern. * Remove comment. * Add additional regional codes. * Clarify comment. * Fix typos. * web/i18n: Add locale-specific font overrides. * Fix stale session in locale lifecycle. * core, web: Fix Han language codes. * Fix warnings about invalid BCP language code. * Build translations. * Add locale relative labels. * Add locale translations for Finnish and Portuguese. * Fix XLIFF errors. * Clean up labels. * Tidy regions. * Match region comment. * Update extracted values. * Fix locale switch not triggering on source language. * Split labels. * Clean up labels. * providers/scim: cache ServiceProviderConfig (#18047) * Update authentik/enterprise/reports/api/reports.py Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * enterprise/reports: got rid of unnecessary method-level import * enterprise/reports: celan up code duplication in data export generation (invoke viewset.filter_queryset directly instead of replicating it) * enterprise/reports: add check for app label when switching on content types * enterprise/reports: make hyperlink field on Notification larger so it can fit the security token in the export file URL * enterprise/reports: add is_superuser back in users export * enterprise/reports: split tests into multiple files * Apply suggestions from code review Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Fixed prettier issue * Update web/src/admin/events/DataExportListPage.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update web/src/admin/events/DataExportListPage.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update web/src/admin/events/EventListPage.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update web/src/admin/reports/ExportButton.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update web/src/admin/reports/ExportButton.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update web/src/admin/users/UserListPage.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update web/src/elements/notifications/NotificationDrawer.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * Update web/src/elements/sidebar/SidebarItem.css Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> * enterprise/reports: resolve code review merge errors * enterprise/reports: remove the export button from the dom flow (by settings display:none) when there's no license * enterprise/reports: improve docs * include notification link in email Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * enterprise/reports: remove assignment assertion in ExportButton.ts * cleanup tests after perm update Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Dominic R <dominic@sdko.org> Signed-off-by: Connor Peshek <connor@connorpeshek.me> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Alexander Tereshkin <96586+atereshkin@users.noreply.github.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: Dominic R <dominic@sdko.org> Co-authored-by: Connor Peshek <connor@connorpeshek.me> Co-authored-by: connor peshek <connorpeshek@unknown1641287c8f5d.attlocal.net> Co-authored-by: Jens L. <jens@goauthentik.io> Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local> Co-authored-by: Konrad Mösch <konrad@moesch.org> Co-authored-by: dewi-tik <dewi@goauthentik.io> Co-authored-by: shcherbak <ju.shcherbak@gmail.com> Co-authored-by: iops <iops@syneforge.com> Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Co-authored-by: Tana M Berry <tana@goauthentik.io> Co-authored-by: Jens L. <jens@beryju.org>
7.1 KiB
7.1 KiB
title
| title |
|---|
| Event actions |
Whenever any of the following actions occur, an event is created. Actions are used to define Notification Rules.
login
A user logs in (including the source, if available).
Example
{
"pk": "f00f54e7-2b38-421f-bc78-e61f950048d6",
"user": {
"pk": 1,
"email": "root@localhost",
"username": "akadmin"
},
"action": "login",
"app": "authentik.events.signals",
"context": {
"auth_method": "password",
"http_request": {
"args": {
"query": "next=%2F"
},
"path": "/api/v3/flows/executor/default-authentication-flow/",
"method": "GET"
},
"auth_method_args": {}
},
"client_ip": "::1",
"created": "2023-02-15T15:33:42.771091Z",
"expires": "2024-02-15T15:33:42.770425Z",
"brand": {
"pk": "fcba828076b94dedb2d5a6b4c5556fa1",
"app": "authentik_brands",
"name": "Default brand",
"model_name": "brand"
}
}
login_failed
A failed login attempt.
Example
{
"pk": "2779b173-eb2a-4c2b-a1a4-8283eda308d7",
"user": {
"pk": 2,
"email": "",
"username": "AnonymousUser"
},
"action": "login_failed",
"app": "authentik.events.signals",
"context": {
"stage": {
"pk": "7e88f4a991c442c1a1335d80f0827d7f",
"app": "authentik_stages_password",
"name": "default-authentication-password",
"model_name": "passwordstage"
},
"password": "********************",
"username": "akadmin",
"http_request": {
"args": {
"query": "next=%2F"
},
"path": "/api/v3/flows/executor/default-authentication-flow/",
"method": "POST"
}
},
"client_ip": "::1",
"created": "2023-02-15T15:32:55.319608Z",
"expires": "2024-02-15T15:32:55.314581Z",
"brand": {
"pk": "fcba828076b94dedb2d5a6b4c5556fa1",
"app": "authentik_brands",
"name": "Default brand",
"model_name": "brand"
}
}
logout
A user logs out.
Example
{
"pk": "474ffb6b-77e3-401c-b681-7d618962440f",
"user": {
"pk": 1,
"email": "root@localhost",
"username": "akadmin"
},
"action": "logout",
"app": "authentik.events.signals",
"context": {
"http_request": {
"args": {
"query": ""
},
"path": "/api/v3/flows/executor/default-invalidation-flow/",
"method": "GET"
}
},
"client_ip": "::1",
"created": "2023-02-15T15:39:55.976243Z",
"expires": "2024-02-15T15:39:55.975535Z",
"brand": {
"pk": "fcba828076b94dedb2d5a6b4c5556fa1",
"app": "authentik_brands",
"name": "Default brand",
"model_name": "brand"
}
}
user_write
A user is written to during a flow execution.
Example
{
"pk": "d012e8af-cb94-4fa2-9e92-961e4eebc060",
"user": {
"pk": 1,
"email": "root@localhost",
"username": "akadmin"
},
"action": "user_write",
"app": "authentik.events.signals",
"context": {
"name": "authentik Default Admin",
"email": "root@localhost",
"created": false,
"username": "akadmin",
"attributes": {
"settings": {
"locale": ""
}
},
"http_request": {
"args": {
"query": ""
},
"path": "/api/v3/flows/executor/default-user-settings-flow/",
"method": "GET"
}
},
"client_ip": "::1",
"created": "2023-02-15T15:41:18.411017Z",
"expires": "2024-02-15T15:41:18.410276Z",
"brand": {
"pk": "fcba828076b94dedb2d5a6b4c5556fa1",
"app": "authentik_brands",
"name": "Default brand",
"model_name": "brand"
}
}
suspicious_request
A suspicious request has been received (for example, a revoked token was used).
password_set
A user sets their password.
secret_view
A user views a token's/certificate's data.
secret_rotate
A token was rotated automatically by authentik.
invitation_used
An invitation is used.
authorize_application
A user authorizes an application.
Example
{
"pk": "f52f9eb9-dc2a-4f1e-afea-ad5af90bf680",
"user": {
"pk": 1,
"email": "root@localhost",
"username": "akadmin"
},
"action": "authorize_application",
"app": "authentik.providers.oauth2.views.authorize",
"context": {
"asn": {
"asn": 6805,
"as_org": "Telefonica Germany",
"network": "5.4.0.0/14"
},
"geo": {
"lat": 42.0,
"city": "placeholder",
"long": 42.0,
"country": "placeholder",
"continent": "placeholder"
},
"flow": "53287faa8a644b6cb124cb602a84282f",
"scopes": "ak_proxy profile openid email",
"http_request": {
"args": {
"query": "[...]"
},
"path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/",
"method": "GET"
},
"authorized_application": {
"pk": "bed6a2495fdc4b2e8c3f93cb2ed7e021",
"app": "authentik_core",
"name": "Alertmanager",
"model_name": "application"
}
},
"client_ip": "::1",
"created": "2023-02-15T10:02:48.615499Z",
"expires": "2023-04-26T10:02:48.612809Z",
"brand": {
"pk": "10800be643d44842ab9d97cb5f898ce9",
"app": "authentik_brands",
"name": "Default brand",
"model_name": "brand"
}
}
source_linked
A user links a source to their account.
impersonation_started / impersonation_ended
A user starts/ends impersonation, including the user that was impersonated.
policy_execution
A policy is executed (when a policy has "Execution Logging" enabled).
policy_exception / property_mapping_exception
A policy or property mapping causes an exception.
system_task_exception
An exception occurred in a system task.
system_exception
A general exception in authentik occurred.
configuration_error
A configuration error occurs, for example during the authorization of an application.
model_created / model_updated / model_deleted
Logged when any model is created/updated/deleted, including the user that sent the request.
:::info Starting with authentik 2024.2, when a valid enterprise license is installed, these entries will contain additional audit data, including which fields were changed with this event, their previous values and their new values. :::
email_sent
An email has been sent. Included is the email that was sent.
update_available
An update is available.
export_ready
A data export has been generated.