Conversation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
✅ Deploy Preview for authentik-docs canceled.
|
✅ Deploy Preview for authentik-storybook canceled.
|
rissson
approved these changes
Jan 8, 2025
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Codecov ReportAttention: Patch coverage is
✅ All tests successful. No failed tests found.
Additional details and impacted files@@ Coverage Diff @@
## main #12598 +/- ##
==========================================
- Coverage 92.76% 92.41% -0.35%
==========================================
Files 770 769 -1
Lines 38873 38789 -84
==========================================
- Hits 36059 35847 -212
- Misses 2814 2942 +128
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2e02de3 to
f4655d0
Compare
Contributor
|
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-f4655d0abfa541042b60009d192e3e987520f2db
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sFor arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-f4655d0abfa541042b60009d192e3e987520f2db-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sAfterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-f4655d0abfa541042b60009d192e3e987520f2dbFor arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-f4655d0abfa541042b60009d192e3e987520f2db-arm64Afterwards, run the upgrade commands from the latest release notes. |
kensternberg-authentik
added a commit
that referenced
this pull request
Jan 8, 2025
* main: lib: add expression helper ak_create_jwt to create JWTs (#12599) api: cleanup owner permissions (#12598) website: bump aws-cdk from 2.174.0 to 2.174.1 in /website (#12593) core: bump aws-cdk-lib from 2.174.0 to 2.174.1 (#12594) website/integrations: portainer: group config steps (#12548) translate: Updates for file web/xliff/en.xlf in fi (#12586) translate: Updates for file locale/en/LC_MESSAGES/django.po in fi (#12584) website/docs: fix Nginx redirection example (#12561)
mahmoudajawad
pushed a commit
to mahmoudajawad/authentik
that referenced
this pull request
Jan 15, 2025
* api: cleanup owner superuser permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove remaining owner filters Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-organise Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix order of filtering Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add legacy behaviour for tokens Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix notifications Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
BeryJu
added a commit
that referenced
this pull request
Feb 17, 2025
* stages/authenticator_email: Add basic structure for stages/authenticator_email * stages/authenticator_email: Add stages/authenticator_email django app to settings.py * stages/authenticator_email: Fix imports due changes introduced in #12598 * stages/authenticator_email: fix linting * stages/authenticator_email: Add tests for token verification * Add UI structure for authenticator_email * Add autheticator_email to AuthenticatorValidateStageForm.ts and create AuthenticatorEmailStageForm.ts * Add serializer property to emaildevice * Add DeviceClasses.EMAIL to DeviceClasses * Add migration file for DeviceClasses change (added email) * Add new schema.yml and blueprints/schema.json to refelct email authenticator * Fix UI to show the Email Authenticator * Add support for email templates for the email authenticator * Add templates * Add DeviceClasses.EMAIL option to authenticator_validate/stage.py * Fix logic for sending emails in stage.py and use the proper class AuthenticatorEmailStage in tasks.py * Fix token expiration display in the email templates * Fix authenticator email stage set up * Add template and email to api response for Authenticator Email stage * Fix Authenticator Email stage set up form * Use different flow if the user has an email configured or not for Authenticator Email stage UI * Use the correct field for the token in AuthenticatorEmailStage.ts * Fix linting and code style * Use the correct assertions in tests * Fix mask email helper * Add missing cases for Email Authenticator in the UI * Fix email sending, add _compose_email() method to EmailDevice * Fix cosmetic changes * Add support for email device challenge validation in validate_selected_challenge * Fix tests * Add from_address to email template * Refactor tests * Update API Schema * Refactor AuthenticatorEmailStage UI for cleaner code * Fix saving token_expiry in the stage configuration * Remove debug statements * Add email connection settings to the Email authenticator stage configuration UI * Remove unused field activate_on_success from AuthenticatorEmailStage * Add tests for duplicate email, token expiration and template error * cosmetic/styling changes * Use authentik's GroupMemberSerializer and ManagedAppConfig in api and apps for email authenticathor * stages/authenticator_email: Fix typos, styling and unused fields * stages/authenticator_email: remove unused field responseStatus * stages/authenticator_email: regen migrations * Fix linting issues * Fix app label issue, typos, missing user field * Add a trailing space in email_otp.txt RFC 3676 sec. 4.3 Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com> * Move mask_email method to a helper function in authentik.lib.utils.email * Remove unused function * Use authentik.stages.email.tasks instead of authentik.stages.authenticator_email.tasks, delete authentik.stages.authenticator_email.tasks * Fix use global settings not using the global setting if there's a default * Revert "Fix use global settings not using the global setting if there's a default" This reverts commit 3825248. * Use user email from user attributes if exists * Show masked email in AuthenticatorValidateStageCode * Remove unused base.html template * Fix linting issues * Change token_expiry from integer to TextField, use timedelta_string_validator where necessary to process the change * Move 'use global connection settings' up in the Email Authenticator Stage Configuration * Show expanded connections settings when 'use global settings' is not activated for better UX * Fix migration file, add missing validator * Fix test for no prefilled email address * Add tests to check session management, challenge generation and challenge response validation * fix linting * Add default value EmailStage for stage_class in stage.email.tasks.send_mail * Change string representation for EmailDevice to handle authentik/events/tests/test_models.py::TestModels, add tests for the new __str__ method * Add #nosec to skip false positive in linting validation Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com> * Change Email Authenticator Setup Stage name for consistency with other authenticators * Add tests to test properties and methods of EmailDevice and AuthenticatorEmailStage, add test for email tasks * Add tests for email challenge in authenticator_validate * Update migration to reflect new verbose name for AuthenticatorEmailStage * Update schema.yml to reflect new verbose name for AuthenticatorEmailStage * Add default email subject in Email Authenticator Setup Stage configuration * Remove from_address from email template to ensure global settings use if use global settings is on * Add flow-default-authenticator-email-setup.yaml blueprint * Move email authenticator blueprint to the examples folder * Update authentik/stages/authenticator_email/models.py Signed-off-by: Jens L. <jens@beryju.org> * Change self.user_pk to self.user_id because user_pk doesn't exists here * Remove unused logger import * Remove more unused logger import * Add error handling to authentik.lib.utils.email.mask_email * fix linting * don't catch Exception Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update icons Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marcelo Elizeche Landó <marce@melizeche.com> Signed-off-by: Jens L. <jens@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: Jens L. <jens@beryju.org> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Details
We still have a bunch of API endpoints that require superuser permissions and don't really use RBAC. This PR cleans that up and removes the strict superuser check
Checklist
ak test authentik/)make lint-fix)If an API change has been made
make gen-build)If changes to the frontend have been made
make web)If applicable
make website)