policies/reputation: limit reputation score#14008
Merged
gergosimonyi merged 6 commits intomainfrom Apr 14, 2025
Merged
Conversation
✅ Deploy Preview for authentik-docs canceled.
|
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #14008 +/- ##
==========================================
+ Coverage 92.72% 92.73% +0.01%
==========================================
Files 796 796
Lines 40927 40975 +48
==========================================
+ Hits 37951 38000 +49
+ Misses 2976 2975 -1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
|
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-9b835d386bea867ecf834b1ae8f725d7b1be714d
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sAfterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-9b835d386bea867ecf834b1ae8f725d7b1be714dAfterwards, run the upgrade commands from the latest release notes. |
e438f37 to
197f140
Compare
rissson
requested changes
Apr 11, 2025
Upper to non-negative, Lower to non-positive
rissson
approved these changes
Apr 14, 2025
| label=${msg("Reputation: lower limit")} | ||
| required | ||
| name="reputationLowerLimit" | ||
| value="${first(this._settings?.reputationLowerLimit, -5)}" |
Contributor
There was a problem hiding this comment.
Nit: this will set off a linter warning soon for “magic numbers”. Recommend moving it into a constant.
GirlBossRush
approved these changes
Apr 14, 2025
Is it too much to ask for a world in which I can just import these straight from Python?
kensternberg-authentik
added a commit
that referenced
this pull request
Apr 15, 2025
* main: (1461 commits) core: bump google-auth from 2.38.0 to v2.39.0 (#14076) core: bump sentry-sdk from 2.25.1 to v2.26.1 (#14079) core: bump prompt-toolkit from 3.0.50 to v3.0.51 (#14078) core: bump boto3 from 1.37.33 to v1.37.34 (#14074) core: bump msgraph-sdk from 1.27.0 to v1.28.0 (#14077) website/docs: fix minor typo in working_with_policies.md (#14071) core, web: update translations (#14064) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#14065) core: bump goauthentik.io/api/v3 from 3.2025024.4 to 3.2025024.6 (#14069) Small fix for Actual-Budget wiki guide (#14066) root: support db pool (#13534) rbac: add `InitialPermissions` (#13795) web: bump API Client version (#14058) core: Bump django from 5.0.14 to 5.1.8 (#14059) core: bump django-rest-framework from 3.14.0 to 3.16.0 (#14057) policies/reputation: limit reputation score (#14008) ci: fix api-py-publish by disabling poetry cache (#14010) core: bump goauthentik/fips-python from 3.12.9-slim-bookworm-fips to 3.12.10-slim-bookworm-fips (#14044) ci: add NPM packages publish (#13974) root: add packages/ to codeowners (#13975) ...
kensternberg-authentik
added a commit
that referenced
this pull request
Apr 25, 2025
* main: (93 commits) core: bump google-auth from 2.38.0 to v2.39.0 (#14076) core: bump sentry-sdk from 2.25.1 to v2.26.1 (#14079) core: bump prompt-toolkit from 3.0.50 to v3.0.51 (#14078) core: bump boto3 from 1.37.33 to v1.37.34 (#14074) core: bump msgraph-sdk from 1.27.0 to v1.28.0 (#14077) website/docs: fix minor typo in working_with_policies.md (#14071) core, web: update translations (#14064) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#14065) core: bump goauthentik.io/api/v3 from 3.2025024.4 to 3.2025024.6 (#14069) Small fix for Actual-Budget wiki guide (#14066) root: support db pool (#13534) rbac: add `InitialPermissions` (#13795) web: bump API Client version (#14058) core: Bump django from 5.0.14 to 5.1.8 (#14059) core: bump django-rest-framework from 3.14.0 to 3.16.0 (#14057) policies/reputation: limit reputation score (#14008) ci: fix api-py-publish by disabling poetry cache (#14010) core: bump goauthentik/fips-python from 3.12.9-slim-bookworm-fips to 3.12.10-slim-bookworm-fips (#14044) ci: add NPM packages publish (#13974) root: add packages/ to codeowners (#13975) ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The goal of this is to prevent a brute force attack on a very high reputation (identifier, ip) tuple.
Note: reputation scores will stay the same when the tenant-wide limit is changed, so it is possible to temporarily have a score violating a newly set limit, until the score is first updated.