Releases: goauthentik/authentik
Releases · goauthentik/authentik
Release 0.10.0-rc6
Version 0.10
This update brings a lot of big features, such as:
-
New OAuth2/OpenID Provider
This new provider merges both OAuth2 and OpenID. It is based on the codebase of the old provider, which has been simplified and cleaned from the ground up. Support for Property Mappings has also been added. Because of this change, OpenID and OAuth2 Providers will have to be re-created.
-
Proxy Provider
Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new passbook Proxy integrates more tightly with passbook via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on passbook Keypairs, and more.
See Proxy
-
Outpost System
This is a new Object type, currently used only by the Proxy Provider. It manages the creation and permissions of service accounts, which are used by the outposts to communicate with passbook.
See Outposts
-
Flow Import/Export
Flows can now be imported and exported. This feature can be used as a backup system, or to share complex flows with other people. Example flows have also been added to the documentation to help you get going with passbook.
Under the hood
- passbook now runs on Django 3.1 and Channels with complete ASGI enabled
- uwsgi has been replaced with Gunicorn and uvicorn
- Elastic APM has been replaced with Sentry Performance metrics
- Flow title is now configurable separately from the name
- All logging output is now json
Release 0.9.0-stable
Release 0.9.0-rc2
- *: remove path-based import from all PropertyMappings
- admin: update to work with new form
- audit: fix list not having loginrequired
- build(deps-dev): bump pylint-django from 2.1.0 to 2.2.0
- build(deps): bump @fortawesome/fontawesome-free
- build(deps): bump @patternfly/patternfly in /passbook/static/static
- build(deps): bump boto3 from 1.14.20 to 1.14.21
- build(deps): bump boto3 from 1.14.21 to 1.14.22
- build(deps): bump boto3 from 1.14.22 to 1.14.23
- build(deps): bump boto3 from 1.14.23 to 1.14.24
- build(deps): bump boto3 from 1.14.24 to 1.14.25
- build(deps): bump boto3 from 1.14.25 to 1.14.26
- build(deps): bump boto3 from 1.14.26 to 1.14.28
- build(deps): bump codemirror in /passbook/static/static
- build(deps): bump sentry-sdk from 0.16.1 to 0.16.2
- build(deps): bump urllib3 from 1.25.9 to 1.25.10
- core: separate expiry logic from tokens and make re-usable
- e2e: CI -> TF_BUILD
- e2e: ensure that PasswordStage's change_flow is set correctly
- e2e: fix flow setup stage test not finding link
- e2e: fix grafana docker image tag
- e2e: fix oauth/oidc tests not working with current grafana
- flows: fix shell not showing spinner after submit
- flows: update work with new stages
- gatekeeper: automatically redirect to passbook
- gatekeeper: fix non-existent templates being copied
- lib: move SAML timestring utils into lib
- Merge branch 'master' into consent-mode
- Merge branch 'master' into consent-mode
- Merge pull request #128 from BeryJu/dependabot/npm_and_yarn/passbook/static/static/fortawesome/fontawesome-free-5.14.0
- Merge pull request #129 from BeryJu/dependabot/pip/boto3-1.14.21
- Merge pull request #130 from BeryJu/dependabot/pip/boto3-1.14.22
- Merge pull request #131 from BeryJu/dependabot/npm_and_yarn/passbook/static/static/patternfly/patternfly-4.23.3
- Merge pull request #132 from BeryJu/dependabot/pip/boto3-1.14.23
- Merge pull request #133 from BeryJu/expiring-models
- Merge pull request #134 from BeryJu/consent-mode
- Merge pull request #135 from BeryJu/dependabot/npm_and_yarn/passbook/static/static/codemirror-5.56.0
- Merge pull request #136 from BeryJu/dependabot/pip/boto3-1.14.24
- Merge pull request #137 from BeryJu/dependabot/pip/boto3-1.14.25
- Merge pull request #138 from BeryJu/dependabot/pip/boto3-1.14.26
- Merge pull request #139 from BeryJu/dependabot/pip/pylint-django-2.2.0
- Merge pull request #140 from BeryJu/dependabot/pip/sentry-sdk-0.16.2
- Merge pull request #141 from BeryJu/dependabot/pip/urllib3-1.25.10
- Merge pull request #143 from BeryJu/dependabot/pip/boto3-1.14.28
- policies/*: remove path-based import from all policies
- providers/*: remove path-based import from all providers
- providers/app_gw: fix Issuer URL being incorrect, fix incorrect length cookie secret
- providers/app_gw: generate docker-compose in code
- providers/app_gw: use full URL with protocol for internal/external_host
- providers/oauth: remove LoginRequired from AuthorizationFlowInitView as user is redirected within
- providers/oidc: remove LoginRequired from AuthorizationFlowInitView as user is redirected within
- providers/saml: remove LoginRequired from SAMLSSOView as user is redirected within
- root: clean log output, always show logger
- sources/*: remove path-based import from all sources
- sources/oauth: migrate from discordapp.com to discord.com
- Squashed commit of the following:
- stages/*: remove path-based import from all stages
- stages/consent: add unittests for new modes
- stages/consent: start implementing user consent
- ui: allow overriding of verbose_name
Release 0.9.0-rc1
- */saml: fix MetadataProcessor having generic namespace prefixes
- */saml: fix typo
- */saml: start implementing unittests, fix signing
- build(deps-dev): bump pylint-django from 2.0.15 to 2.1.0
- build(deps): bump boto3 from 1.14.17 to 1.14.18
- build(deps): bump boto3 from 1.14.18 to 1.14.19
- build(deps): bump boto3 from 1.14.19 to 1.14.20 (#122)
- build(deps): bump django-prometheus from 2.1.0.dev46 to 2.1.0.dev52
- build(deps): bump elastic-apm from 5.8.0 to 5.8.1
- build(deps): bump lxml from 4.5.1 to 4.5.2 (#121)
- build(deps): bump sentry-sdk from 0.16.0 to 0.16.1
- ci: attempt to fix Coverage not being registered
- ci: fix artifacts being downloaded into wrong directory
- ci: fix database connections failing
- ci: fix failed tests not failing CI pipeline
- ci: fix Stage names
- ci: fix targetPath and artifact being swapped
- ci: fix test results not being merged correctly
- ci: fix wrong coverage command being executed
- ci: separate unittests and e2e into separate runs, combine afterwards
- core: add generic login/base_full template for static login views
- core: add separate autosubmit form for use without flows
- core: fix autosubmit_form loading full template
- core: fix base_full template missing messages
- core: fix source slug not being unique
- core: make autosubmit_form generic template
- docs: update screenshots
- e2e: add test for OAuth Enrollment -> OAuth Authentication
- e2e: add tests for OAuth Source, update tests for new base templates
- e2e: decrease timeouts to fix failed tests
- e2e: generate dex config dynamically
- e2e: only initialise selenium after setting up container
- e2e: only save screenshots in CI
- e2e: print screenshot filename after test
- e2e: remove static oauth secret
- e2e: use non-debug selenium docker image for CI
- flows: add SESSION_KEY_APPLICATION_PRE
- flows: fix default-source-enrollment-if-username expression
- flows: fix potential open redirect vuln
- flows: fix SESSION_KEY_GET being deleted too early
- lib/evaluator: add support for IP Address comparison
- Merge branch 'master' into dependabot/pip/boto3-1.14.19
- Merge branch 'master' into dependabot/pip/django-prometheus-2.1.0.dev52
- Merge branch 'master' into dependabot/pip/pylint-django-2.1.0
- Merge branch 'master' into dependabot/pip/sentry-sdk-0.16.1
- Merge pull request #119 from BeryJu/dependabot/pip/boto3-1.14.18
- Merge pull request #120 from BeryJu/dependabot/pip/boto3-1.14.19
- Merge pull request #123 from BeryJu/dependabot/pip/pylint-django-2.1.0
- Merge pull request #124 from BeryJu/dependabot/pip/django-prometheus-2.1.0.dev52
- Merge pull request #125 from BeryJu/dependabot/pip/sentry-sdk-0.16.1
- Merge pull request #126 from BeryJu/dependabot/pip/elastic-apm-5.8.1
- polices: add helper to remove None-value keys from dict for policies
- policies/hibp: update for flows, add unittests
- policies/password: Add Password Policy tests, update password policy for flows
- providers/saml: fix AuthnRequest Signature validation, add unittests
- providers/saml: fix autosubmit_form using wrong template
- providers/saml: fix encoding for POST bindings
- providers/saml: fix RelayState being included when None given
- providers/saml: Generate NameID Value based on NameID Policy received
- providers/saml: parse NameID Policy from AuthnRequest
- providers/saml: remove processor_path field
- providers/saml: rewrite SAML AuthNRequest Parser and Response Processor
- root: fix /favicon being routed to application server
- root: fix passbook.footer_links not being rendered
- root: update version in readme
- sources/ldap: improve unittests
- sources/oauth: fix UserOAuthSourceConnection not being assigned to user after enrollment
- sources/oauth: rewrite to not directly create user, pre-seed data into flow
- sources/oauth: split up single large "core" views
- sources/saml: Add NameID Policy field, sent with AuthnRequest
- sources/saml: add POST_AUTO binding which auto redirects to IdP
- sources/saml: automatically add RelayState to build_auth_n_detached
- sources/saml: fix AuthnRequest Singing for redirect bindings
- sources/saml: fix MetadataProcessor not working, add unittests
- sources/saml: remove unused import
- sources/saml: rewrite Processors and Views to directly build XML without templates
- stages/prompt: add static and separator elements
- stages/prompt: fix checkbox not working, fix date and datetime not using HTML5 input types
Release 0.9.0-pre7
- lib: ignore APM errors
- policies/reputation: only change score when credentials contain username
- root: allow changing of APM verify_server_cert setting
- sources/oauth: directly call AuthorizedServiceBackend instead of authenticate()
- sources/oauth: disable twitter source while its broken
- sources/oauth: fix wrong comparions
Release 0.9.0-pre6
This is a big release. Due to some database changes, it is not compatible to the previous 0.8.x releases and needs a fresh database. See https://passbook.beryju.org/upgrading-from-0.8.x/
- admin: fix submit button on update form
- admin: fix token_list template
- admin: improve overview layout
- admin: use django cache for admin version (expiry)
- build(deps-dev): bump coverage from 5.1 to 5.2
- build(deps): bump boto3 from 1.14.16 to 1.14.17
- ci: fix gatekeeper building the wrong image
- ci: fix gatekeeper dockerfile path
- ci: notify sentry of new releases
- core: fix user's sidebar links for sources
- crypto: add colon seperator for fingerprint
- docs: migrate TOTP and Static OTP devices
- lib/eval: fix import order
- Merge branch 'master' into dependabot/pip/boto3-1.14.17
- Merge branch 'master' into dependabot/pip/coverage-5.2
- Merge pull request #115 from BeryJu/dependabot/pip/boto3-1.14.17
- Merge pull request #116 from BeryJu/dependabot/pip/coverage-5.2
- Merge pull request #117 from BeryJu/apm
- new release: 0.9.0-pre6
- policies/reputation: rewrite to save score into cache and save into DB via worker
- root: expose APM settings in helm chart
- root: fix API requests erroring
- root: implement APM support
- root: remove psutil as we have external monitoring for CPU
- sources/ldap: adjust task schedule name
- sources/oauth: fix template for user settings
- stages/invitation: move invite signals from core to app
- stages/user_write: add signals
- ui: fix modal layout
Release 0.9.0-pre5
This is a big release. Due to some database changes, it is not compatible to the previous 0.8.x releases and needs a fresh database. See https://passbook.beryju.org/upgrading-from-0.8.x/
- *: rephrase strings
- admin: add filter to hide classes with `__debug_only__` when Debug is disabled
- admin: add generic form tests
- admin: add list of all tokens
- admin: fix Password Recovery function not working
- admin: fix user and group create not triggering sidebar
- admin: improve policy binding listing by showing Target object type
- admin: remove duplicate code into new base classes
- api: add token authentication
- build(deps): bump boto3 from 1.14.14 to 1.14.15
- build(deps): bump boto3 from 1.14.15 to 1.14.16
- build(deps): bump django-prometheus from 2.1.0.dev40 to 2.1.0.dev42
- build(deps): bump django-prometheus from 2.1.0.dev42 to 2.1.0.dev46
- build(deps): bump sentry-sdk from 0.15.1 to 0.16.0
- ci: final cleanup
- ci: fix incorrect node version for pyright
- ci: publish unittest results and coverage
- core: add token Intents
- core: fix application overview
- core: fix forms for radio buttons
- core: fix linting
- core: fix type annotation for user settings
- core: update styling of impersonate banner
- e2e: Add denied tests for oauth and oidc provider
- e2e/provider/saml: add negative case
- flows: cleanup denied view, use everywhere
- flows: FlowStageBinding group Stage by type
- flows: FlowStageBinding: rename .flow to .target to fix select_subclasses()
- lib: cleanup unused widgets
- Merge branch 'master' into azure-pipelines
- Merge pull request #109 from BeryJu/dependabot/pip/django-prometheus-2.1.0.dev42
- Merge pull request #110 from BeryJu/dependabot/pip/boto3-1.14.15
- Merge pull request #111 from BeryJu/dependabot/pip/boto3-1.14.16
- Merge pull request #112 from BeryJu/dependabot/pip/django-prometheus-2.1.0.dev46
- Merge pull request #114 from BeryJu/dependabot/pip/sentry-sdk-0.16.0
- Merge pull request #40 from BeryJu/azure-pipelines
- new release: 0.9.0-pre5
- policies: Show grouped Dropdown for Target
- providers/* use name for __str__
- providers/*: use PolicyAccessMixin to simplify
- providers/saml: fix access result not being checked properly
- providers/samlv2: remove SAMLv2 from master
- root: add group_membership policy
- stages/user_login: Allow changing of session duration
- ui: Make Checkbox label click trigger checkbox toggle
Release 0.9.0-pre4
This is a big release. Due to some database changes, it is not compatible to the previous 0.8.x releases and needs a fresh database. See https://passbook.beryju.org/upgrading-from-0.8.x/
- admin: add execute button to flow which executes flow without cache
- admin: add info about latest version
- api: fix consent stage missing from API
- audit: add cleanse_dict function to ensure no passwords end in logs
- audit: fix sanitize_dict updating source dict
- audit: move events list from admin to audit app
- build(deps-dev): bump docker from 4.2.1 to 4.2.2
- build(deps): bump boto3 from 1.14.10 to 1.14.11 (#99)
- build(deps): bump boto3 from 1.14.11 to 1.14.12
- build(deps): bump boto3 from 1.14.12 to 1.14.13
- build(deps): bump boto3 from 1.14.13 to 1.14.14
- build(deps): bump django from 3.0.7 to 3.0.8
- build(deps): bump swagger-spec-validator from 2.7.2 to 2.7.3 (#100)
- ci: add snyk
- ci: up node version for pyright
- core: ensure user settings are sorted by name
- core: fix user settings sidebar buttons not being enabled
- core: UIUserSettings: remove icon, rename view_name to URL for complete URL
- e2e: add utility to wait for URL
- e2e: bump selenium waits even more
- e2e: improve error message when using wait_for_url
- e2e: saml provider: wait for URL
- e2e: show browser logs to debug CI issues
- e2e: wait for grafana URL
- flows: add CancelView to cancel current flow execution
- flows: fix linting error
- flows: remove generic "password change" designation and add setup_stage
- flows: show error message in flow when stage raises
- flows: Stage ui_user_settings -> staticmethod with context as argument
- flows: update migrations to use update_or_create
- Merge branch 'master' into flows-cancel
- Merge branch 'master' into flows-cancel
- Merge branch 'master' into otp-rework
- Merge branch 'master' into otp-rework
- Merge branch 'master' into otp-rework
- Merge branch 'master' into otp-rework
- Merge pull request #101 from BeryJu/otp-rework
- Merge pull request #103 from BeryJu/stage-password-change
- Merge pull request #104 from BeryJu/flows-cancel
- Merge pull request #105 from BeryJu/dependabot/pip/boto3-1.14.13
- Merge pull request #106 from BeryJu/dependabot/pip/boto3-1.14.14
- Merge pull request #107 from BeryJu/dependabot/pip/django-3.0.8
- Merge pull request #108 from BeryJu/dependabot/pip/docker-4.2.2
- new release: 0.9.0-pre4
- otp_time: fix linting
- Squashed commit of the following:
- stages/*: minor string updates
- stages/*: minor UI updates, cleanup
- stages/otp_*: fix linting
- stages/otp_*: update user setting design
- stages/otp_static: start implementing static stage
- stages/otp_time: Cleanup, use django_otp's URL generator
- stages/otp_time: fix linting
- stages/otp_time: implement TOTP Setup stage
- stages/otp_validate: Implement OTP Validation stage
- stages/otp: start separation into 3 stages, otp_time, otp_static and otp_validate
- stages/password: assign default password change flow to password stage
- stages/password: create default password change flow
- stages/password: make template inherit form_with_user
Release 0.9.0-pre3
This is a big release. Due to some database changes, it is not compatible to the previous 0.8.x releases and needs a fresh database. See https://passbook.beryju.org/upgrading-from-0.8.x/
- *: fix not all migrations using db_alias
- *: make email naming consistent
- api: fix SAMLSource missing from API
- build(deps): bump @fortawesome/fontawesome-free (#80)
- build(deps): bump @patternfly/patternfly in /passbook/static/static
- build(deps): bump boto3 from 1.14.2 to 1.14.3 (#69)
- build(deps): bump boto3 from 1.14.3 to 1.14.5 (#72)
- build(deps): bump boto3 from 1.14.5 to 1.14.6 (#83)
- build(deps): bump boto3 from 1.14.6 to 1.14.7 (#89)
- build(deps): bump boto3 from 1.14.7 to 1.14.8 (#90)
- build(deps): bump boto3 from 1.14.8 to 1.14.9 (#93)
- build(deps): bump boto3 from 1.14.9 to 1.14.10
- build(deps): bump celery from 4.4.5 to 4.4.6
- build(deps): bump codemirror in /passbook/static/static (#86)
- build(deps): bump django-otp from 0.9.1 to 0.9.2 (#82)
- build(deps): bump django-otp from 0.9.2 to 0.9.3 (#91)
- build(deps): bump django-prometheus from 2.1.0.dev30 to 2.1.0.dev32 (#73)
- build(deps): bump django-prometheus from 2.1.0.dev32 to 2.1.0.dev36 (#81)
- build(deps): bump django-prometheus from 2.1.0.dev36 to 2.1.0.dev38 (#88)
- build(deps): bump django-prometheus from 2.1.0.dev38 to 2.1.0.dev40 (#92)
- build(deps): bump kombu from 4.6.10 to 4.6.11
- build(deps): bump pycryptodome from 3.9.7 to 3.9.8
- build(deps): bump pyuwsgi from 2.0.18.post0 to 2.0.19.1 (#84)
- build(deps): bump sentry-sdk from 0.14.4 to 0.15.0 (#74)
- build(deps): bump sentry-sdk from 0.15.0 to 0.15.1 (#85)
- build(deps): bump signxml from 2.7.3 to 2.8.0 (#87)
- build(deps): bump swagger-spec-validator from 2.7.1 to 2.7.2 (#70)
- ci: install node and run yarn for e2e tests
- ci: run full coverage including e2e
- ci: run full coverage with e2e in one step so we get full coverage percentage
- ci: use `gh-` prefix for auto-build docker images for easier cleanup
- core: fix integrity error for default user
- core: make generic error template work with shell executor
- docs: add supported scopes of oauth provider
- docs: clarify post-installation login
- docs(captcha.md): grammar and clarity
- docs(docker-compose.md): grammar and clarity
- docs(dummy.md): punctuation and grammar
- docs(email.md): grammar and clarity
- docs(expression.md): clarity
- docs(expression.md): clarity & punctuation
- docs(flows.md): grammar and clarity
- docs(identification.md): punctuation
- docs(index.md): capitalisation
- docs(index.md): capitalisation & formatting
- docs(index.md): capitalisation & punctuation
- docs(index.md): capitalisation & punctuation
- docs(index.md): capitalisation & punctuation
- docs(index.md): capitalisation and clarity
- docs(index.md): punctuation
- docs(index.md): punctuation & capitalisation
- docs(invitation.md): new words
- docs(kubernetes.md): grammar
- docs(password.md): clarity and punctuation
- docs(prompt.md): grammar and clarity
- docs(providers.md): grammar and clarity
- docs(sources.md): grammar and clarity
- docs(terminology.md): clarity & capitalisation
- docs(upgrading-from-0.8.x.md): formatting
- docs(user-object.md): punctuation & capitalisation
- docs(validation.md): grammar and typo fix
- e2e: add custom testcase class to simplify code
- e2e: add more failsafe
- e2e: add more failsafe
- e2e: add more safety checks
- e2e: add OIDC Provider test against grafana, more formatting, minor bug fixes
- e2e: add test for providers/oidc with consent
- e2e: add tests for enrollment with email
- e2e: add tests for oauth and saml provider
- e2e: add tests for SAML source
- e2e: add wait for codemirror
- e2e: cleanup, always take screenshots on teardown
- e2e: cleanup, use USER function instead of typing static strings
- e2e: fix lint error
- e2e: fix linting error
- e2e: improve race-condition
- e2e: rewrite enroll test to use admin interface for setup
- e2e: save screenshot on failure, upload to github actions
- e2e: save screenshots with timestamp instead of class name
- e2e: SeleniumTestCase: add url() to reverse into full URL
- e2e: test against standalone chrome instance, start implementing oidc provider test
- e2e: use class name and timestamp for screenshots
- e2e: use reverse instead of static URLs
- flows: change wording of consent on flows
- flows: fix flow cache not being cleared correctly when stages are saved
- flows: introduce FlowPlan markers, which indicate when a stage needs … (#79)
- flows: save entire GET params from shell executor
- flows/executor: call plan.next before pop so we can save plan
- flows/shell: check for elements with autofocus attribute and call .focus();
- Merge branch 'master' into e2e
- Merge branch 'master' into e2e
- Merge branch 'pr/77'
- Merge pull request #42 from BeryJu/e2e
- providers/*: fix plan stages not being injected properly
- providers/oauth: add support for consent stage, cleanup
- providers/oidc: add template for consent
- providers/saml: fix metadata template using wrong templates
- providers/saml: fix provider has no attribute sp_binding
- providers/saml: make metadata accessible without authentication
- providers/saml: make SAML provider compatible with consent
- providers/saml: move templates into correct folder
- root: enable debug logging when testing
- root: fix docker-compose not correctly redirecting to https
- root: improve test detection
- root: move all e2e dependencies into pipfile
- root: update funding
- sources/oauth: fix facebook provider
- sources/saml: correctly cleanup transient users, update forms
- sources/saml: fix SAMLRequest not being encoded properly for Redirect bindings
- sources/saml: improve error handing of invalid signatures
- sources/saml: minor formatting fixes
- sources/saml: start implementing transient NameID format
- stages/consent: add FlowPlan context variable for template name
- stages/email: check saved get params for token
- stages/email: fix email account confirmation email template
Release 0.9.0-pre2
This is a big release. Due to some database changes, it is not compatible to the previous 0.8.x releases and needs a fresh database. See https://passbook.beryju.org/upgrading-from-0.8.x/
- build(deps-dev): bump pylint from 2.5.2 to 2.5.3 (#59)
- build(deps): bump @patternfly/patternfly in /passbook/static/static (#58)
- build(deps): bump boto3 from 1.13.24 to 1.13.25 (#61)
- build(deps): bump boto3 from 1.13.25 to 1.13.26 (#62)
- build(deps): bump boto3 from 1.13.26 to 1.14.1 (#66)
- build(deps): bump boto3 from 1.14.1 to 1.14.2 (#68)
- build(deps): bump celery from 4.4.4 to 4.4.5 (#60)
- build(deps): bump django-prometheus from 2.1.0.dev14 to 2.1.0.dev30 (#67)
- build(deps): bump signxml from 2.7.2 to 2.7.3 (#65)
- build(deps): bump swagger-spec-validator from 2.7.0 to 2.7.1 (#64)
- docs: add initial login instructions
- docs: add login credentials to kubernetes install
- docs: update docker-compose install form README
- gatekeeper: update upstream docker image
- new release: 0.9.0-pre2
- root: add lgtm
- root: revert to non-prometheus db backend
- sources/ldap: fix 'LDAPSource' object has no attribute '_connection'
- stages/email: add noopener noreferrer
- stages/identification: improve support for password managers
- stages/password: Improve support for password managers
- stages/prompt: Add username type field
- ui: (pf4) fix empty state
- ui: (pf4) fix navbar
- ui: (pf4) update admin overview
- ui: (pf4) update forms
- ui: (pf4) Update pagination and toolbar