web/maintenance: remove writeOnly hacks from Form and HorizontalFormElement#14649
Merged
kensternberg-authentik merged 61 commits intomainfrom Jun 6, 2025
Merged
web/maintenance: remove writeOnly hacks from Form and HorizontalFormElement#14649kensternberg-authentik merged 61 commits intomainfrom
writeOnly hacks from Form and HorizontalFormElement#14649kensternberg-authentik merged 61 commits intomainfrom
Conversation
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* main: (43 commits) core, web: update translations (#11858) web/admin: fix code-based MFA toggle not working in wizard (#11854) sources/kerberos: add kiprop to ignored system principals (#11852) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11846) translate: Updates for file locale/en/LC_MESSAGES/django.po in it (#11845) translate: Updates for file web/xliff/en.xlf in zh_CN (#11847) translate: Updates for file web/xliff/en.xlf in zh-Hans (#11848) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11849) translate: Updates for file web/xliff/en.xlf in it (#11850) website: 2024.10 Release Notes (#11839) translate: Updates for file web/xliff/en.xlf in zh-Hans (#11814) core, web: update translations (#11821) core: bump goauthentik.io/api/v3 from 3.2024083.13 to 3.2024083.14 (#11830) core: bump service-identity from 24.1.0 to 24.2.0 (#11831) core: bump twilio from 9.3.5 to 9.3.6 (#11832) core: bump pytest-randomly from 3.15.0 to 3.16.0 (#11833) website/docs: Update social-logins github (#11822) website/docs: remove � (#11823) lifecycle: fix kdc5-config missing (#11826) website/docs: update preview status of different features (#11817) ...
* main: website: bump elliptic from 6.5.7 to 6.6.0 in /website (#11869) core: bump selenium from 4.25.0 to 4.26.0 (#11875) core: bump goauthentik.io/api/v3 from 3.2024083.14 to 3.2024100.1 (#11876) website/docs: add info about invalidation flow, default flows in general (#11800) website: fix docs redirect (#11873) website: remove RC disclaimer for version 2024.10 (#11871) website: update supported versions (#11841) web: bump API Client version (#11870) root: backport version bump 2024.10.0 (#11868) website/docs: 2024.8.4 release notes (#11862) web/admin: provide default invalidation flows for LDAP and Radius (#11861)
* main: core: add `None` check to a device's `extra_description` (#11904) providers/oauth2: fix size limited index for tokens (#11879) web: fix missing status code on failed build (#11903) website: bump docusaurus-theme-openapi-docs from 4.1.0 to 4.2.0 in /website (#11897) translate: Updates for file locale/en/LC_MESSAGES/django.po in de (#11891) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#11884) translate: Updates for file web/xliff/en.xlf in tr (#11878) translate: Updates for file locale/en/LC_MESSAGES/django.po in tr (#11866) core: bump google-api-python-client from 2.149.0 to 2.151.0 (#11885) core: bump selenium from 4.26.0 to 4.26.1 (#11886) core, web: update translations (#11896) website: bump docusaurus-plugin-openapi-docs from 4.1.0 to 4.2.0 in /website (#11898) core: bump watchdog from 5.0.3 to 6.0.0 (#11899) core: bump ruff from 0.7.1 to 0.7.2 (#11900) core: bump django-pglock from 1.6.2 to 1.7.0 (#11901) website/docs: fix release notes to say Federation (#11889)
* main: website/docs: fix slug matching redirect URI causing broken refresh (#11950) website/integrations: jellyfin: update plugin catalog location (#11948) translate: Updates for file locale/en/LC_MESSAGES/django.po in de (#11942) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11946) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11947) website/docs: clarify traefik ingress setup (#11938) core: bump importlib-metadata from 8.4.0 to 8.5.0 (#11934) web: bump API Client version (#11930) root: backport version bump `2024.10.1` (#11929) website/docs: `2024.10.1` Release Notes (#11926) website: bump path-to-regexp from 1.8.0 to 1.9.0 in /website (#11924) core: bump sentry-sdk from 2.17.0 to 2.18.0 (#11918) website: bump the docusaurus group in /website with 9 updates (#11917) core: bump goauthentik.io/api/v3 from 3.2024100.1 to 3.2024100.2 (#11915) core, web: update translations (#11914)
* main: ci: fix dockerfile warning (#11956)
* main: (21 commits) web: bump API Client version (#11997) sources/kerberos: use new python-kadmin implementation (#11932) core: add ability to provide reason for impersonation (#11951) website/integrations: update vcenter integration docs (#11768) core, web: update translations (#11995) website: bump postcss from 8.4.48 to 8.4.49 in /website (#11996) web: bump API Client version (#11992) blueprints: add default Password policy (#11793) stages/captcha: Run interactive captcha in Frame (#11857) core, web: update translations (#11979) core: bump packaging from 24.1 to 24.2 (#11985) core: bump ruff from 0.7.2 to 0.7.3 (#11986) core: bump msgraph-sdk from 1.11.0 to 1.12.0 (#11987) website: bump the docusaurus group in /website with 9 updates (#11988) website: bump postcss from 8.4.47 to 8.4.48 in /website (#11989) stages/password: use recovery flow from brand (#11953) core: bump golang.org/x/sync from 0.8.0 to 0.9.0 (#11962) web: bump cookie, swagger-client and express in /web (#11966) core, web: update translations (#11959) core: bump debugpy from 1.8.7 to 1.8.8 (#11961) ...
* main: providers/ldap: fix global search_full_directory permission not being sufficient (#12028) website/docs: 2024.10.2 release notes (#12025) lifecycle: fix ak exit status not being passed (#12024) core: use versioned_script for path only (#12003) core, web: update translations (#12020) core: bump google-api-python-client from 2.152.0 to 2.153.0 (#12021) providers/oauth2: fix manual device code entry (#12017) crypto: validate that generated certificate's name is unique (#12015) core, web: update translations (#12006) core: bump google-api-python-client from 2.151.0 to 2.152.0 (#12007) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#12011) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#12010) translate: Updates for file web/xliff/en.xlf in zh-Hans (#12012) translate: Updates for file web/xliff/en.xlf in zh_CN (#12013) providers/proxy: fix Issuer when AUTHENTIK_HOST_BROWSER is set (#11968) website/docs: move S3 ad GeoIP to System Management/Operations (#11998) website/integrations: nextcloud: add SSE warning (#11976)
* main: translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#12045) translate: Updates for file web/xliff/en.xlf in zh_CN (#12047) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#12044) translate: Updates for file web/xliff/en.xlf in zh-Hans (#12046) web/flows: fix invisible captcha call (#12048) rbac: fix incorrect object_description for object-level permissions (#12029) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#12036) core: bump coverage from 7.6.4 to 7.6.5 (#12037) ci: bump codecov/codecov-action from 4 to 5 (#12038) release: 2024.10.2 (#12031)
* main: (28 commits) providers/scim: accept string and int for SCIM IDs (#12093) website: bump the docusaurus group in /website with 9 updates (#12086) core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (#12080) translate: Updates for file locale/en/LC_MESSAGES/django.po in de (#12079) scripts: remove read_replicas from generated dev config (#12078) core: bump geoip2 from 4.8.0 to 4.8.1 (#12071) core: bump goauthentik.io/api/v3 from 3.2024100.2 to 3.2024102.2 (#12072) core: bump maxmind/geoipupdate from v7.0.1 to v7.1.0 (#12073) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#12074) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#12075) translate: Updates for file web/xliff/en.xlf in zh-Hans (#12076) translate: Updates for file web/xliff/en.xlf in zh_CN (#12077) web/admin: auto-prefill user path for new users based on selected path (#12070) core: bump aiohttp from 3.10.2 to 3.10.11 (#12069) web/admin: fix brand title not respected in application list (#12068) core: bump pyjwt from 2.9.0 to 2.10.0 (#12063) web: add italian locale (#11958) web/admin: better footer links (#12004) core, web: update translations (#12052) core: bump twilio from 9.3.6 to 9.3.7 (#12061) ...
* main: (33 commits) ci: mirror repo to internal repo (#12160) core: bump goauthentik.io/api/v3 from 3.2024102.2 to 3.2024104.1 (#12149) core: bump debugpy from 1.8.8 to 1.8.9 (#12150) core: bump webauthn from 2.2.0 to 2.3.0 (#12151) core: bump pydantic from 2.10.0 to 2.10.1 (#12152) translate: Updates for file web/xliff/en.xlf in zh_CN (#12156) translate: Updates for file web/xliff/en.xlf in zh-Hans (#12157) core: bump sentry-sdk from 2.18.0 to 2.19.0 (#12153) web: bump API Client version (#12147) root: Backport version change (#12146) website/docs: update info about footer links to match new UI (#12120) website/docs: prepare release notes (#12142) providers/oauth2: fix migration (#12138) providers/oauth2: fix migration dependencies (#12123) web: bump API Client version (#12129) providers/oauth2: fix redirect uri input (#12122) providers/proxy: fix redirect_uri (#12121) website/docs: prepare release notes (#12119) web: bump API Client version (#12118) security: fix CVE 2024 52289 (#12113) ...
* main: ci: only mirror if secret is available (#12181) root: fix database ssl options not set correctly (#12180) core, web: update translations (#12145) core: bump tornado from 6.4.1 to 6.4.2 (#12165) website: bump the docusaurus group in /website with 9 updates (#12172) website: bump typescript from 5.6.3 to 5.7.2 in /website (#12173) ci: bump actions/checkout from 3 to 4 (#12174) core: bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#12175) core: bump coverage from 7.6.7 to 7.6.8 (#12176) core: bump ruff from 0.7.4 to 0.8.0 (#12177)
* main: website/docs: Fix CSP syntax (#12124)
* main: website/docs: Add note about single group per role (#12169) website/docs: Fix documentation about attribute merging for indirect membership (#12168) root: support running authentik in subpath (#8675) docs: fix contribution link (#12189) core, web: update translations (#12190) core: Bump msgraph-sdk from 1.12.0 to 1.13.0 (#12191) core: Bump selenium from 4.26.1 to 4.27.0 (#12192)
* main: (31 commits) web/admin: bugfix: dual select initialization revision (#12051) web: update tests for Chromedriver 131 (#12199) website/integrations: add Aruba Orchestrator (#12220) core: bump aws-cdk-lib from 2.167.1 to 2.171.1 (#12237) website: bump aws-cdk from 2.167.1 to 2.171.1 in /website (#12241) core, web: update translations (#12236) core: bump python-kadmin-rs from 0.2.0 to 0.3.0 (#12238) core: bump pytest from 8.3.3 to 8.3.4 (#12239) core: bump drf-spectacular from 0.27.2 to 0.28.0 (#12240) core, web: update translations (#12222) core: Bump ruff from 0.8.0 to 0.8.1 (#12224) core: Bump ua-parser from 0.18.0 to 1.0.0 (#12225) core: Bump msgraph-sdk from 1.13.0 to 1.14.0 (#12226) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#12234) website/docs: install: add aws (#12082) core: Bump pyjwt from 2.10.0 to 2.10.1 (#12217) core: Bump fido2 from 1.1.3 to 1.2.0 (#12218) core: Bump cryptography from 43.0.3 to 44.0.0 (#12219) providers/oauth2: allow m2m for JWKS without alg in keys (#12196) translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#12210) ...
* main: web: simplify `?inline` handler for Storybook (#12246) website/docs: Update Traefik middleware example to reflect latest version of Traefik (#12267) website/docs: add . in https://netbird.company* (#12166) core: bump goauthentik.io/api/v3 from 3.2024104.1 to 3.2024104.2 (#12263) core: bump pydantic from 2.10.2 to 2.10.3 (#12262) core: bump github.com/getsentry/sentry-go from 0.29.1 to 0.30.0 (#12264) core, web: update translations (#12268) website: bump @types/react from 18.3.12 to 18.3.13 in /website (#12269) website: bump prettier from 3.4.1 to 3.4.2 in /website (#12270) ci: bump actions/attest-build-provenance from 1 to 2 (#12271) core: bump golang.org/x/sync from 0.9.0 to 0.10.0 (#12272) core: bump django from 5.0.9 to 5.0.10 (#12273) core: bump webauthn from 2.3.0 to 2.4.0 (#12274) website/integrations: add The Lounge (#11971) core: bump python-kadmin-rs from 0.3.0 to 0.4.0 (#12257) root: fix health status code (#12255) ci: fix should_push always being false (#12252) web: bump API Client version (#12251) providers/oauth2: Add provider federation between OAuth2 Providers (#12083) website/integrations: mastodon: set correct uid field (#11945)
* main: website/docs: add page about the Cobalt pentest (#12249) core: bump aws-cdk-lib from 2.171.1 to 2.172.0 (#12296) website: bump aws-cdk from 2.171.1 to 2.172.0 in /website (#12295) core: bump sentry-sdk from 2.19.1 to 2.19.2 (#12297) core: bump coverage from 7.6.8 to 7.6.9 (#12299) core, web: update translations (#12290) root: fix override locale only if it is not empty (#12283) translate: Updates for file web/xliff/en.xlf in fr (#12276) core: bump twilio from 9.3.7 to 9.3.8 (#12282) website: bump path-to-regexp and express in /website (#12279) core: bump sentry-sdk from 2.19.0 to 2.19.1 (#12280) core: bump ruff from 0.8.1 to 0.8.2 (#12281) website/docs: fix lint (#12287) website/integrations: netbird: fix redirect URI regex (#12284)
* main: flows: better test stage's challenge responses (#12316) enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (#12311) stages/identification: fix invalid challenge warning when no captcha stage is set (#12312) website/docs: prepare 2024.10.5 release notes (#12309) website: bump nanoid from 3.3.7 to 3.3.8 in /website (#12307) flows: silent authz flow (#12213) root: use healthcheck in depends_on for postgres and redis (#12301) ci: ensure mark jobs always run and reflect correct status (#12288) enterprise: allow deletion/modification of users when in read-only mode (#12289) web/flows: resize captcha iframes (#12260)
* main: (118 commits) outposts: fix version label (#12486) web: only load version context when authenticated (#12482) core: bump goauthentik.io/api/v3 from 3.2024120.2 to 3.2024121.2 (#12478) ci: bump helm/kind-action from 1.11.0 to 1.12.0 (#12479) web: fix build dev build (#12473) root: fix dev build version being invalid semver (#12472) internal: fix missing trailing slash in outpost websocket (#12470) web: bump API Client version (#12469) admin: monitor worker version (#12463) core: bump jinja2 from 3.1.4 to 3.1.5 (#12467) web: bump API Client version (#12468) release: 2024.12.1 (#12466) web: misc fixes for admin and flow inspector (#12461) website/docs: 2024.12.1 release notes (#12462) core: bump goauthentik.io/api/v3 from 3.2024120.1 to 3.2024120.2 (#12456) core: bump urllib3 from 2.2.3 to 2.3.0 (#12457) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#12454) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#12453) translate: Updates for file web/xliff/en.xlf in zh-Hans (#12455) translate: Updates for file web/xliff/en.xlf in zh_CN (#12458) ...
…ing. \# What \# Why \# How \# Designs \# Test Steps \# Other Notes
…rom failing." This reverts commit dddde09.
* main: website/integrations: meshcentral: document (#12509) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#12524) core: bump goauthentik.io/api/v3 from 3.2024121.2 to 3.2024121.3 (#12522) web: bump API Client version (#12520) website/integrations: chronograf: document (#12474) website/integrations: update preparation placeholder (#12507) providers/saml: fix handle Accept: application/xml for SAML Metadata endpoint (#12483) (#12518) core: bump aws-cdk-lib from 2.173.3 to 2.173.4 (#12513) website: bump aws-cdk from 2.173.3 to 2.173.4 in /website (#12514) core: bump coverage from 7.6.9 to 7.6.10 (#12499) core: bump aws-cdk-lib from 2.173.2 to 2.173.3 (#12500) website: bump aws-cdk from 2.173.2 to 2.173.3 in /website (#12501) core: bump github.com/go-ldap/ldap/v3 from 3.4.9 to 3.4.10 (#12502) website/docs: New "Whats Up Docker" URL (#12488)
* main: core: bump github.com/getsentry/sentry-go from 0.30.0 to 0.31.1 (#12543) core: bump google-api-python-client from 2.156.0 to 2.157.0 (#12544) core: bump ruff from 0.8.4 to 0.8.5 (#12545) core: bump msgraph-sdk from 1.15.0 to 1.16.0 (#12546) Update index.mdx (#12542) web: fix source selection and outpost integration health (#12530) Ading a step to paperless guide (#12539) website/integrations: Semaphore (#12515) website/integrations: komga: document (#12476) website/integrations: fix missing quote in paperless-ngx (#12537) website/integrations: cloudflare access: upd placeholder for saas (#12536) website/integrations: veeam-enterprise-manager: don't hardcode helpcenter doc version (#12538)
* main: core: bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#12571) website: bump the docusaurus group in /website with 9 updates (#12569) core: bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 (#12572) core: bump ruff from 0.8.5 to 0.8.6 (#12573) ci: release: fix AWS cfn template permissions (#12576) translate: Updates for file web/xliff/en.xlf in fr (#12578) translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#12577) sources/kerberos: authenticate with the user's username instead of the first username in authentik (#12497) website/integrations: Fix deprecated terraform ressource authentik_scope_mapping in docs (#12554) website/user-sources Fix Free IPA docs page (#12549) core: bump aws-cdk-lib from 2.173.4 to 2.174.0 (#12574) website/integrations: semaphore: fix formatting (#12567) website: bump aws-cdk from 2.173.4 to 2.174.0 in /website (#12570) website/integrations: Update Frappe Application index.md (#12527) website: add api reference docs to redirect file (#12551)
* main: lib: add expression helper ak_create_jwt to create JWTs (#12599) api: cleanup owner permissions (#12598) website: bump aws-cdk from 2.174.0 to 2.174.1 in /website (#12593) core: bump aws-cdk-lib from 2.174.0 to 2.174.1 (#12594) website/integrations: portainer: group config steps (#12548) translate: Updates for file web/xliff/en.xlf in fi (#12586) translate: Updates for file locale/en/LC_MESSAGES/django.po in fi (#12584) website/docs: fix Nginx redirection example (#12561)
* main: website: revise full development environment instructions (#12638) website: bump typescript from 5.7.2 to 5.7.3 in /website (#12620) website: bump aws-cdk from 2.174.1 to 2.175.0 in /website (#12621) ci: bump docker/setup-qemu-action from 3.2.0 to 3.3.0 (#12622) core: bump twilio from 9.4.1 to 9.4.2 (#12623) core: bump python-kadmin-rs from 0.5.2 to 0.5.3 (#12624) core: bump ruff from 0.8.6 to 0.9.0 (#12625) core: bump pydantic from 2.10.4 to 2.10.5 (#12626) core: bump google-api-python-client from 2.157.0 to 2.158.0 (#12628) core: bump goauthentik.io/api/v3 from 3.2024121.3 to 3.2024122.1 (#12629) web: bump API Client version (#12617) release: 2024.12.2 (#12615) website/docs: prepare 2024.12.2 release notes (#12614) providers/saml: fix invalid SAML Response when assertion and response are signed (#12611) core: fix error when creating new user with default path (#12609) rbac: permissions endpoint: allow authenticated users (#12608) website/docs: update customer portal (#12603) website/docs: policy for email whitelist: modernize (#12558)
* main: (65 commits) stages/redirect: fix query parameter when redirecting to flow (#12750) website/integrations: cloudflare-access: refactor (#12663) sources/kerberos: handle principal expire time (#12748) lifecycle: build binary dependencies which link against SSL directly (#12724) website/docs: style guide: document styling preferences for URLs (#12715) website/integrations: nextcloud: fix broken link (#12744) core: bump selenium from 4.27.1 to 4.28.0 (#12745) lifecycle: move AWS CFN generation to lifecycle and fix CI (#12743) core: search users' attributes (#12740) web/components: ak-number-input: add support for min (#12703) website/integrations: nextcloud: fix url for "disable username changes" (#12725) core: bump pytest-github-actions-annotate-failures from 0.2.0 to 0.3.0 (#12735) website: bump katex from 0.16.11 to 0.16.21 in /website (#12731) web: bump katex from 0.16.11 to 0.16.21 in /web (#12730) website/integrations: Fix URL for authentik installation instead of mobilizon installation (#12729) core: bump debugpy from 1.8.11 to 1.8.12 (#12718) core: bump ruff from 0.9.1 to 0.9.2 (#12717) core: bump webauthn from 2.4.0 to 2.5.0 (#12719) core: bump structlog from 24.4.0 to 25.1.0 (#12720) website/integrations: all: install -> installation (#12676) ...
* main: web: update gen-client-ts to OpenAPI 7.11.0 (#12756) website/integrations: rustdesk-server-pro (#12706) core: bump codespell from 2.3.0 to 2.4.0 (#12762) root: docker: ensure apt packages are up-to-date (#12683) ci: fix missing build args for dev and release (#12760) web: bump vite from 5.4.11 to 5.4.14 in /web (#12757) web: bump undici from 6.21.0 to 6.21.1 in /web (#12755) lifecycle: fix cryptography's OpenSSL path (#12753)
* main: (111 commits) root: correctly use correct schema for install_id (#13018) website: bump docusaurus-plugin-openapi-docs from 4.3.3 to 4.3.4 in /website (#13011) web: bump API Client version (#13017) core: bump aws-cdk-lib from 2.178.1 to 2.178.2 (#13013) core: bump oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm (#13012) website: bump docusaurus-theme-openapi-docs from 4.3.3 to 4.3.4 in /website (#13010) lifecycle/aws: bump aws-cdk from 2.178.1 to 2.178.2 in /lifecycle/aws (#13009) core: bump github.com/sethvargo/go-envconfig from 1.1.0 to 1.1.1 (#13008) web/admin: fix source selection for identification stage (#13007) core: bump sentry-sdk from 2.20.0 to 2.21.0 (#13014) website/integrations: Open WebUI (#12939) root: use correct default schema for install_id (#13006) website/docs: fix a minor typo (#13004) enterprise/providers/ssf: fixes v2 (#13003) root: make default postgres schema configurable (#12949) providers/oauth2: cleanup tokens when user is deactivated (#12859) website/docs: fix Nginx redirection example (#12920) core: bump twilio from 9.4.4 to 9.4.5 (#12993) core: bump coverage from 7.6.11 to 7.6.12 (#12994) core: bump cryptography from 44.0.0 to 44.0.1 (#12992) ...
* main: (54 commits) ci: use dependabot for compose correctly? (#14340) website/docs: use Universal Device Trust for GDTC instead of Okta (#14335) ci: use dependabot for docker-compose files (#14336) website/docs: fix dry-run release highlight (#14337) rbac: fix RoleObjectPermissionTable not showing `add_user_to_group` (#14312) core, web: update translations (#14326) core: bump github.com/sethvargo/go-envconfig from 1.2.0 to 1.3.0 (#14327) web: bump vite from 5.4.16 to 5.4.19 in /web (#14324) core: bump setuptools from 78.1.0 to v79.0.0 (#14173) core: bump ruff from 0.11.5 to v0.11.6 (#14171) core: bump s3transfer from 0.11.4 to v0.11.5 (#14172) core: bump packaging from 24.2 to v25.0 (#14169) core: bump aiohttp from 3.11.16 to v3.11.18 (#14166) core: bump boto3 from 1.37.35 to v1.37.38 (#14167) core: bump frozenlist from 1.5.0 to v1.6.0 (#14168) core: bump pdoc from 15.0.1 to v15.0.3 (#14170) core: bump trio from 0.29.0 to v0.30.0 (#14174) translate: Updates for file locale/en/LC_MESSAGES/django.po in it (#14271) website: bump the build group across 1 directory with 9 updates (#14293) core, web: update translations (#14309) ...
* main: (45 commits) web, website: update browserslist (#14386) core, web: update translations (#14383) website/integrations: add atlassian (#14209) core: bump github.com/pires/go-proxyproto from 0.8.0 to 0.8.1 (#14388) ci: bump golangci/golangci-lint-action from 7 to 8 (#14389) core: bump axllent/mailpit from v1.24.1 to v1.24.2 in /tests/e2e (#14390) translate: Updates for file web/xliff/en.xlf in it (#14372) translate: Updates for file web/xliff/en.xlf in zh_CN (#14374) translate: Updates for file web/xliff/en.xlf in zh-Hans (#14375) translate: Updates for file locale/en/LC_MESSAGES/django.po in pt (#14379) website/integrations: Fix outpost link for Home Assistant configuration (#14382) website/docs: fix leftover placeholder in release notes (#14377) website/integrations: minio: fix typo (#14376) core: bump goauthentik/fips-python from 3.12.10-slim-bookworm-fips to 3.13.3-slim-bookworm-fips (#12763) core: bump axllent/mailpit from v1.6.5 to v1.24.1 in /tests/e2e (#14341) core: bump selenium/standalone-chrome from 122.0 to 135.0 in /tests/e2e (#14342) core: bump lxml from 5.3.2 to v5.4.0 (#14355) core: bump azure-core from 1.33.0 to v1.34.0 (#14345) core: bump boto3 from 1.37.35 to v1.38.7 (#14346) core: bump celery from 5.5.1 to v5.5.2 (#14347) ...
* main: (60 commits) website: bump the build group in /website with 6 updates (#14502) core: remove `OldAuthenticatedSession` content type (#14507) core: bump msgraph-sdk from 1.29.0 to 1.30.0 (#14503) core: bump twilio from 9.6.0 to 9.6.1 (#14505) core: bump psycopg[c,pool] from 3.2.8 to 3.2.9 (#14504) enterprise: fix expired license's users being counted (#14451) website/integrations: fix missing closing brace for semaphore (#14467) tests/e2e: Add E2E tests for Flow SFE (#14484) website: bump semver from 7.7.1 to 7.7.2 in /website (#14491) core: bump django from 5.1.8 to 5.1.9 (#14483) core: bump psycopg[c,pool] from 3.2.7 to 3.2.8 (#14481) core: bump sentry-sdk from 2.27.0 to 2.28.0 (#14482) root: pin package version in pyproject for dependabot (#14469) core: fix session migration when old session can't be loaded (#14466) root: temporarily deactivate database pool option (#14443) website: bump the build group in /website with 3 updates (#14475) website/docs: stages: fix-typo (#14477) website/docs: Update Kubernetes Bootstrap Instructions (#14471) root: improve sentry distributed tracing (#14468) Revert "web/admin: fix enterprise menu display" (#14458) ...
* main: (55 commits) web: Fix missing Enterprise sidebar entries. (#14615) core, web: update translations (#14626) esbuild-plugin-live-reload: Publish. (#14624) web/NPM Workspaces: Prep ESBuild plugin for publish. (#14552) lifecycle: fix arguments not being passed to worker command (#14574) translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#14611) providers/proxy: kubernetes outpost: fix reconcile when ingress class name changed (#14612) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#14608) translate: Updates for file web/xliff/en.xlf in zh_CN (#14607) translate: Updates for file web/xliff/en.xlf in zh-Hans (#14609) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#14606) root: move forked dependencies to goauthentik org (#14590) core: bump library/node from 22 to 24 (#14410) core: bump django-guardian from 2.4.0 to v3.0.0 (#14453) enterprise/stages/mtls: improve certificate validation (#14582) translate: Updates for file web/xliff/en.xlf in it (#14575) core, web: update translations (#14578) core: bump sentry-sdk from 2.28.0 to 2.29.1 (#14579) core: bump astral-sh/uv from 0.7.5 to 0.7.6 (#14580) web/NPM Workspaces: ESbuild version cleanup (#14541) ...
## What Renamed the 'inputHint' attribute to 'input-hint', because it is an attribute, not a property. Properties are camelCased, but attributes are kebab-cased. Updated all instances where this appears with the usual magic: ``` $ perl -pi.bak -e 's/inputHint="code"/input-hint="code"/' $(rg -l 'inputHint="code"') ``` This fix is in preparation for both the Patternfly 5 project and the Schema-Driven Forms project.
…mElement ## What The `writeOnly` hack substituted an obscuring, read-only field for secret keys and passwords that an admin should never be able to see/read, only *write*, but allowed the user to click on and replace the key or password. The hack performed this substitution within `HorizontalFormElement` and dispersed a flag throughout the code to enforce it. Another hack within `Form` directed the API to not update / write changes to that field if the field had never been activated. This commit replaces the `writeOnly` hack with a pair of purpose-built components, `ak-private-text-input` and `ak-private-textarea-input`, that perform the exact same functionality but without having to involve the HorizontalFormElement, which really should just be layout and generic functionality. It also replaces all the `writeOnly` hackery in Form with a simple `doNotProcess` flag, which extends and genericizes this capability to any and all input fields. The only major protocol change is that `?writeOnly` was a *positive* flag; you controlled it by saying `this.instance !== undefined`; `?revealed` is a *positive* flog; you reveal the working input field when `this.instance === undefined`. It is not necessary to specify the monospace, autocomplete, and spell-check features; those are enabled or disabled automatically when the `input-hint="code"` flag is passed. ## Why Removing special cases from processing code is an important step toward the Authentik Elements NPM package, as well as the Schema-Driven Forms update. ## Note This is actually a very significant change; this is important functionality that I have hand-tested quite a bit, but could wish for automated testing that also checks the database back-end to ensure the fixes made write the keys and passwords as required. Checking the back-end directly is important since these fields are never re-sent to the front-end after being saved! Things like `placeholder`, `required`, and getting the `name`, `label` or `help` are all issues very subject to Last-Line Effect, so give this the hairiest eyeball you've got, please.
✅ Deploy Preview for authentik-docs canceled.
|
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #14649 +/- ##
=======================================
Coverage 92.79% 92.79%
=======================================
Files 818 818
Lines 42196 42196
=======================================
+ Hits 39154 39155 +1
+ Misses 3042 3041 -1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
|
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-4652ca718fa79f47c36509e0ca015954f14166c2
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sAfterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-4652ca718fa79f47c36509e0ca015954f14166c2Afterwards, run the upgrade commands from the latest release notes. |
| #onReveal() { | ||
| this.revealed = true; | ||
| } | ||
|
|
Contributor
Author
There was a problem hiding this comment.
The next function is the heart of this whole shebang: it moves the functionality for "hide value but show it exists / allow input to change value" out of the forms management code and directly into a component that does the correct thing without needing hacks in both HorizontalFormElement and Form.
|
|
||
| export type AkControlElement<T = string | string[]> = HTMLInputElement & { json: () => T }; | ||
|
|
||
| const doNotProcess = <T extends HTMLElement>(element: T) => element.dataset.formIgnore === "true"; |
Contributor
Author
There was a problem hiding this comment.
While this effectively adds one more line of code, it's much more generic and much less special-case. It just says "Here are the rules for input elements you shouldn't process: they'll tell you when you shouldn't process them." Simple, straightforward.
| * 3. Updated() pushes the `name` field down to the children, as if that were necessary; why isn't | ||
| * it being written on-demand when the child is written? Because it's slotted... despite there | ||
| * being very few unique uses. | ||
| * 4. There is some very specific use-case around the `writeOnly` boolean; this seems to be a case |
Contributor
Author
There was a problem hiding this comment.
Welp, that's no longer necessary, now is it? 😀
Next: Kill the other three comments. 😈
BeryJu
reviewed
May 22, 2025
| <ak-form-element-horizontal | ||
| name="keyData" | ||
| ?writeOnly=${this.instance !== undefined} | ||
| input-hint="code" |
Member
There was a problem hiding this comment.
where did this input-hint come from?
Contributor
There was a problem hiding this comment.
Many moons ago when we received customer feedback that certain inputs be in a monospace font for secret keys and such.
Contributor
Author
There was a problem hiding this comment.
input-hint="code" activates these three features in ak-private-textarea-input:
autocomplete="off"
spellcheck="false"
class="pf-c-form-control pf-m-monospace"
... which you can clearly see in the textarea we are replacing.
Since those are the common settings you, Jens, use when making a textarea work as a code space. Having an attribute instead of remembering the same three lines a dozen or so times seemed parsimonious.
Contributor
Author
There was a problem hiding this comment.
(Sigh... that comment had been "pending" for 2 weeks.)
GirlBossRush
approved these changes
May 23, 2025
* main: (209 commits) core: bump django from 5.1.9 to 5.1.10 (#14951) website/docs: add 2025.6.1 release notes (#14948) root: remove /if/help (#14929) core, web: update translations (#14933) providers/proxy: add option to override host header with property mappings (#14927) website/integrations: fix webfinger link in tailscale doc (#14942) web/admin: make message container bottom aligned for admin interface (#14816) web/user: fix user settings flow not loading (#14911) website/docs: fix outdated and incorrect example kubernetes deployment (#14928) docusaurus-config: Update deps, colors. (#14796) admin: only run update checks in the default tenant (#14874) translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#14923) core: bump astral-sh/uv from 0.7.10 to 0.7.11 (#14918) providers/proxy: set_oauth_defaults in reconcile instead of task (#14875) *: use ManagedAppConfig everywhere (#14839) tenants: fix tenant aware celery scheduler (#14921) core, web: update translations (#14910) core: bump goauthentik.io/api/v3 from 3.2025041.4 to 3.2025060.1 (#14919) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#14915) translate: Updates for file web/xliff/en.xlf in zh_CN (#14916) ...
\# What \# Why \# How \# Designs \# Test Steps \# Other Notes
* main: web/admin: use attribute naming scheme for attributes (#14644)
kensternberg-authentik
added a commit
that referenced
this pull request
Jun 6, 2025
* main: web/maintenance: remove `writeOnly` hacks from Form and HorizontalFormElement (#14649) web/admin: use attribute naming scheme for attributes (#14644) core: bump django from 5.1.9 to 5.1.10 (#14951) website/docs: add 2025.6.1 release notes (#14948) root: remove /if/help (#14929) core, web: update translations (#14933) providers/proxy: add option to override host header with property mappings (#14927) website/integrations: fix webfinger link in tailscale doc (#14942) web/admin: make message container bottom aligned for admin interface (#14816)
cavefire
pushed a commit
to cavefire/authentik
that referenced
this pull request
Jun 24, 2025
…mElement (goauthentik#14649) * web: Add InvalidationFlow to Radius Provider dialogues ## What - Bugfix: adds the InvalidationFlow to the Radius Provider dialogues - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated to the Notification. - Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/` ## Note Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current dialogues at the moment. * This (temporary) change is needed to prevent the unit tests from failing. \# What \# Why \# How \# Designs \# Test Steps \# Other Notes * Revert "This (temporary) change is needed to prevent the unit tests from failing." This reverts commit dddde09. * web/standards: use attribute naming scheme for attributes ## What Renamed the 'inputHint' attribute to 'input-hint', because it is an attribute, not a property. Properties are camelCased, but attributes are kebab-cased. Updated all instances where this appears with the usual magic: ``` $ perl -pi.bak -e 's/inputHint="code"/input-hint="code"/' $(rg -l 'inputHint="code"') ``` This fix is in preparation for both the Patternfly 5 project and the Schema-Driven Forms project. * web/maintenance: remove `writeOnly` hacks from Form and HorizontalFormElement ## What The `writeOnly` hack substituted an obscuring, read-only field for secret keys and passwords that an admin should never be able to see/read, only *write*, but allowed the user to click on and replace the key or password. The hack performed this substitution within `HorizontalFormElement` and dispersed a flag throughout the code to enforce it. Another hack within `Form` directed the API to not update / write changes to that field if the field had never been activated. This commit replaces the `writeOnly` hack with a pair of purpose-built components, `ak-private-text-input` and `ak-private-textarea-input`, that perform the exact same functionality but without having to involve the HorizontalFormElement, which really should just be layout and generic functionality. It also replaces all the `writeOnly` hackery in Form with a simple `doNotProcess` flag, which extends and genericizes this capability to any and all input fields. The only major protocol change is that `?writeOnly` was a *positive* flag; you controlled it by saying `this.instance !== undefined`; `?revealed` is a *positive* flog; you reveal the working input field when `this.instance === undefined`. It is not necessary to specify the monospace, autocomplete, and spell-check features; those are enabled or disabled automatically when the `input-hint="code"` flag is passed. ## Why Removing special cases from processing code is an important step toward the Authentik Elements NPM package, as well as the Schema-Driven Forms update. ## Note This is actually a very significant change; this is important functionality that I have hand-tested quite a bit, but could wish for automated testing that also checks the database back-end to ensure the fixes made write the keys and passwords as required. Checking the back-end directly is important since these fields are never re-sent to the front-end after being saved! Things like `placeholder`, `required`, and getting the `name`, `label` or `help` are all issues very subject to Last-Line Effect, so give this the hairiest eyeball you've got, please. * Found a few small things, like a missing import that might have broken something. * web/admin: Update `private-text` field to pass new linting requirement. \# What \# Why \# How \# Designs \# Test Steps \# Other Notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
web/maintenance: remove
writeOnlyhacks from Form and HorizontalFormElementWhat
The
writeOnlyhack substituted an obscuring, read-only field for secret keys and passwords that an admin should never be able to see/read, only write, but allowed the user to click on and replace the key or password. The hack performed this substitution withinHorizontalFormElementand dispersed a flag throughout the code to enforce it. Another hack withinFormdirected the API to not update / write changes to that field if the field had never been activated.This commit replaces the
writeOnlyhack with a pair of purpose-built components,ak-private-text-inputandak-private-textarea-input, that perform the exact same functionality but without having to involve the HorizontalFormElement, which really should just be layout and generic functionality. It also replaces all thewriteOnlyhackery in Form with a simpledoNotProcessflag, which extends and genericizes this capability to any and all input fields.The only major protocol change is that
?writeOnlywas a positive flag; you controlled it by sayingthis.instance !== undefined;?revealedis a positive flog; you reveal the working input field whenthis.instance === undefined.It is not necessary to specify the monospace, autocomplete, and spell-check features; those are enabled or disabled automatically when the
input-hint="code"flag is passed.Why
Removing special cases from processing code is an important step toward the Authentik Elements NPM package, as well as the Schema-Driven Forms update.
Note
This is actually a very significant change; this is important functionality that I have hand-tested quite a bit, but could wish for automated testing that also checks the database back-end to ensure the fixes made write the keys and passwords as required. Checking the back-end directly is important since these fields are never re-sent to the front-end after being saved!
Things like
placeholder,required, and getting thename,labelorhelpare all issues very subject to Last-Line Effect, so give this the hairiest eyeball you’ve got, please.make web)