Releases: goauthentik/authentik
Releases · goauthentik/authentik
Release 0.10.5-stable
Changes:
- admin: fix permissions not being checked for policybinding list
- admin: fix checkmarks not being the same colour everywhere
- audit: fix fields for events from impersonation being swapped
- docs: add notice to use https when using external reverse proxy
- providers/oauth2: fix refreshtoken being initialised wrong
- proxy: fix empty regex field being interpreted as regex
- root: fix IP detection when using multiple reverse proxies
Release 0.10.4-stable
Changes
- admin: fix create link for outposts
- admin: make YAMLField return empty dict when empty yaml is given
- admin: set default host for outposts based on HTTP host
- core: add impersonation start/end to audit log
- core: fix overview template for non-rectangular icons
- docs: add docs for sonarr
- docs: add landscape integration
- docs: add outpost upgrading docs
- docs: fix environment variable for error reporting
- docs: update sentry and awx integrations
- outposts: add modal to show setup information
- outposts: add support for version checking
- providers/*: fix launch_url not working
- providers/oauth2: add more info to configuration modal
- providers/oauth2: fix end-session view not working, add tests
- providers/oauth2: make openid-configuration easily readable
- providers/proxy: add option to skip authentication for paths matching regular expressions
- proxy: improve logging and reconnecting
- proxy: improve reconnect logic, send version, properly version proxy
- root: fix startup log not showing in docker
- sources/ldap: add status display to show last sync
- stages/password: add failed_attempts_before_cancel to cancel a flow after x failed entries
- stages/password: improve labelling of LDAP backend
- stages/user_write: add migration that removes unintended data
- stages/user_write: check if session hash should be updated early
- stages/user_write: fix data being saved as attributes without intent
Release 0.10.3-stable
Changes:
- core: Fix logic for expiring model cleanup
- core: move is_superuser attribute to groups, remove from user
- e2e: add tests for proxy provider and outposts
- helm: Bump dependency Versions
- providers/oauth2: accept token as post parameter
- providers/oauth2: add CODE_ADFS that uses id_token as access_token
- providers/oauth2: make "sub" configurable
- sources/ldap: add limited support for nested user attributes
- sources/ldap: fix LDAP Signals not being registered
- static: Update flow shell background
Release 0.10.2-stable
Changes:
- Fix Anonymous User not being removed from user count
- Add LDAP Sources syncing on save of source (when source is enabled)
- Fix worker not executing scheduled tasks
- Fix Helm affinity rules for deployments
- Improve AccessDenied codepath
Release 0.10.1-stable
Fixes:
- Fix error when using OAuth2 Clients in Hybrid Flows
- Add soft affinity rules for Helm chart
- Fix channels not loading redis credentials
- Fix outpost user permissions not being updated correctly
- Improve display of unbound policies
- Add automatic launch_url detection for applications
- Add messaging when access is denied
Release 0.10.0-stable
Version 0.10
This update brings a lot of big features, such as:
-
New OAuth2/OpenID Provider
This new provider merges both OAuth2 and OpenID. It is based on the codebase of the old provider, which has been simplified and cleaned from the ground up. Support for Property Mappings has also been added. Because of this change, OpenID and OAuth2 Providers will have to be re-created.
-
Proxy Provider
Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new passbook Proxy integrates more tightly with passbook via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on passbook Keypairs, and more.
See Proxy
-
Outpost System
This is a new Object type, currently used only by the Proxy Provider. It manages the creation and permissions of service accounts, which are used by the outposts to communicate with passbook.
See Outposts
-
Flow Import/Export
Flows can now be imported and exported. This feature can be used as a backup system, or to share complex flows with other people. Example flows have also been added to the documentation to help you get going with passbook.
Under the hood
- passbook now runs on Django 3.1 and Channels with complete ASGI enabled
- uwsgi has been replaced with Gunicorn and uvicorn
- Elastic APM has been replaced with Sentry Performance metrics
- Flow title is now configurable separately from the name
- All logging output is now json
Release 0.10.0-rc6
Version 0.10
This update brings a lot of big features, such as:
-
New OAuth2/OpenID Provider
This new provider merges both OAuth2 and OpenID. It is based on the codebase of the old provider, which has been simplified and cleaned from the ground up. Support for Property Mappings has also been added. Because of this change, OpenID and OAuth2 Providers will have to be re-created.
-
Proxy Provider
Due to this new OAuth2 Provider, the Application Gateway Provider, now simply called "Proxy Provider" has been revamped as well. The new passbook Proxy integrates more tightly with passbook via the new Outposts system. The new proxy also supports multiple applications per proxy instance, can configure TLS based on passbook Keypairs, and more.
See Proxy
-
Outpost System
This is a new Object type, currently used only by the Proxy Provider. It manages the creation and permissions of service accounts, which are used by the outposts to communicate with passbook.
See Outposts
-
Flow Import/Export
Flows can now be imported and exported. This feature can be used as a backup system, or to share complex flows with other people. Example flows have also been added to the documentation to help you get going with passbook.
Under the hood
- passbook now runs on Django 3.1 and Channels with complete ASGI enabled
- uwsgi has been replaced with Gunicorn and uvicorn
- Elastic APM has been replaced with Sentry Performance metrics
- Flow title is now configurable separately from the name
- All logging output is now json
Release 0.9.0-stable
Release 0.9.0-rc2
- *: remove path-based import from all PropertyMappings
- admin: update to work with new form
- audit: fix list not having loginrequired
- build(deps-dev): bump pylint-django from 2.1.0 to 2.2.0
- build(deps): bump @fortawesome/fontawesome-free
- build(deps): bump @patternfly/patternfly in /passbook/static/static
- build(deps): bump boto3 from 1.14.20 to 1.14.21
- build(deps): bump boto3 from 1.14.21 to 1.14.22
- build(deps): bump boto3 from 1.14.22 to 1.14.23
- build(deps): bump boto3 from 1.14.23 to 1.14.24
- build(deps): bump boto3 from 1.14.24 to 1.14.25
- build(deps): bump boto3 from 1.14.25 to 1.14.26
- build(deps): bump boto3 from 1.14.26 to 1.14.28
- build(deps): bump codemirror in /passbook/static/static
- build(deps): bump sentry-sdk from 0.16.1 to 0.16.2
- build(deps): bump urllib3 from 1.25.9 to 1.25.10
- core: separate expiry logic from tokens and make re-usable
- e2e: CI -> TF_BUILD
- e2e: ensure that PasswordStage's change_flow is set correctly
- e2e: fix flow setup stage test not finding link
- e2e: fix grafana docker image tag
- e2e: fix oauth/oidc tests not working with current grafana
- flows: fix shell not showing spinner after submit
- flows: update work with new stages
- gatekeeper: automatically redirect to passbook
- gatekeeper: fix non-existent templates being copied
- lib: move SAML timestring utils into lib
- Merge branch 'master' into consent-mode
- Merge branch 'master' into consent-mode
- Merge pull request #128 from BeryJu/dependabot/npm_and_yarn/passbook/static/static/fortawesome/fontawesome-free-5.14.0
- Merge pull request #129 from BeryJu/dependabot/pip/boto3-1.14.21
- Merge pull request #130 from BeryJu/dependabot/pip/boto3-1.14.22
- Merge pull request #131 from BeryJu/dependabot/npm_and_yarn/passbook/static/static/patternfly/patternfly-4.23.3
- Merge pull request #132 from BeryJu/dependabot/pip/boto3-1.14.23
- Merge pull request #133 from BeryJu/expiring-models
- Merge pull request #134 from BeryJu/consent-mode
- Merge pull request #135 from BeryJu/dependabot/npm_and_yarn/passbook/static/static/codemirror-5.56.0
- Merge pull request #136 from BeryJu/dependabot/pip/boto3-1.14.24
- Merge pull request #137 from BeryJu/dependabot/pip/boto3-1.14.25
- Merge pull request #138 from BeryJu/dependabot/pip/boto3-1.14.26
- Merge pull request #139 from BeryJu/dependabot/pip/pylint-django-2.2.0
- Merge pull request #140 from BeryJu/dependabot/pip/sentry-sdk-0.16.2
- Merge pull request #141 from BeryJu/dependabot/pip/urllib3-1.25.10
- Merge pull request #143 from BeryJu/dependabot/pip/boto3-1.14.28
- policies/*: remove path-based import from all policies
- providers/*: remove path-based import from all providers
- providers/app_gw: fix Issuer URL being incorrect, fix incorrect length cookie secret
- providers/app_gw: generate docker-compose in code
- providers/app_gw: use full URL with protocol for internal/external_host
- providers/oauth: remove LoginRequired from AuthorizationFlowInitView as user is redirected within
- providers/oidc: remove LoginRequired from AuthorizationFlowInitView as user is redirected within
- providers/saml: remove LoginRequired from SAMLSSOView as user is redirected within
- root: clean log output, always show logger
- sources/*: remove path-based import from all sources
- sources/oauth: migrate from discordapp.com to discord.com
- Squashed commit of the following:
- stages/*: remove path-based import from all stages
- stages/consent: add unittests for new modes
- stages/consent: start implementing user consent
- ui: allow overriding of verbose_name
Release 0.9.0-rc1
- */saml: fix MetadataProcessor having generic namespace prefixes
- */saml: fix typo
- */saml: start implementing unittests, fix signing
- build(deps-dev): bump pylint-django from 2.0.15 to 2.1.0
- build(deps): bump boto3 from 1.14.17 to 1.14.18
- build(deps): bump boto3 from 1.14.18 to 1.14.19
- build(deps): bump boto3 from 1.14.19 to 1.14.20 (#122)
- build(deps): bump django-prometheus from 2.1.0.dev46 to 2.1.0.dev52
- build(deps): bump elastic-apm from 5.8.0 to 5.8.1
- build(deps): bump lxml from 4.5.1 to 4.5.2 (#121)
- build(deps): bump sentry-sdk from 0.16.0 to 0.16.1
- ci: attempt to fix Coverage not being registered
- ci: fix artifacts being downloaded into wrong directory
- ci: fix database connections failing
- ci: fix failed tests not failing CI pipeline
- ci: fix Stage names
- ci: fix targetPath and artifact being swapped
- ci: fix test results not being merged correctly
- ci: fix wrong coverage command being executed
- ci: separate unittests and e2e into separate runs, combine afterwards
- core: add generic login/base_full template for static login views
- core: add separate autosubmit form for use without flows
- core: fix autosubmit_form loading full template
- core: fix base_full template missing messages
- core: fix source slug not being unique
- core: make autosubmit_form generic template
- docs: update screenshots
- e2e: add test for OAuth Enrollment -> OAuth Authentication
- e2e: add tests for OAuth Source, update tests for new base templates
- e2e: decrease timeouts to fix failed tests
- e2e: generate dex config dynamically
- e2e: only initialise selenium after setting up container
- e2e: only save screenshots in CI
- e2e: print screenshot filename after test
- e2e: remove static oauth secret
- e2e: use non-debug selenium docker image for CI
- flows: add SESSION_KEY_APPLICATION_PRE
- flows: fix default-source-enrollment-if-username expression
- flows: fix potential open redirect vuln
- flows: fix SESSION_KEY_GET being deleted too early
- lib/evaluator: add support for IP Address comparison
- Merge branch 'master' into dependabot/pip/boto3-1.14.19
- Merge branch 'master' into dependabot/pip/django-prometheus-2.1.0.dev52
- Merge branch 'master' into dependabot/pip/pylint-django-2.1.0
- Merge branch 'master' into dependabot/pip/sentry-sdk-0.16.1
- Merge pull request #119 from BeryJu/dependabot/pip/boto3-1.14.18
- Merge pull request #120 from BeryJu/dependabot/pip/boto3-1.14.19
- Merge pull request #123 from BeryJu/dependabot/pip/pylint-django-2.1.0
- Merge pull request #124 from BeryJu/dependabot/pip/django-prometheus-2.1.0.dev52
- Merge pull request #125 from BeryJu/dependabot/pip/sentry-sdk-0.16.1
- Merge pull request #126 from BeryJu/dependabot/pip/elastic-apm-5.8.1
- polices: add helper to remove None-value keys from dict for policies
- policies/hibp: update for flows, add unittests
- policies/password: Add Password Policy tests, update password policy for flows
- providers/saml: fix AuthnRequest Signature validation, add unittests
- providers/saml: fix autosubmit_form using wrong template
- providers/saml: fix encoding for POST bindings
- providers/saml: fix RelayState being included when None given
- providers/saml: Generate NameID Value based on NameID Policy received
- providers/saml: parse NameID Policy from AuthnRequest
- providers/saml: remove processor_path field
- providers/saml: rewrite SAML AuthNRequest Parser and Response Processor
- root: fix /favicon being routed to application server
- root: fix passbook.footer_links not being rendered
- root: update version in readme
- sources/ldap: improve unittests
- sources/oauth: fix UserOAuthSourceConnection not being assigned to user after enrollment
- sources/oauth: rewrite to not directly create user, pre-seed data into flow
- sources/oauth: split up single large "core" views
- sources/saml: Add NameID Policy field, sent with AuthnRequest
- sources/saml: add POST_AUTO binding which auto redirects to IdP
- sources/saml: automatically add RelayState to build_auth_n_detached
- sources/saml: fix AuthnRequest Singing for redirect bindings
- sources/saml: fix MetadataProcessor not working, add unittests
- sources/saml: remove unused import
- sources/saml: rewrite Processors and Views to directly build XML without templates
- stages/prompt: add static and separator elements
- stages/prompt: fix checkbox not working, fix date and datetime not using HTML5 input types