chore: publish 5.0.1+2024.2.2 release

README.md

@@ -169,7 +169,7 @@ The `abra.sh` function `apply_blueprints` needs to be executed to deactivate the
             - `default-source-enrollment-field-username`
 - Custom System Tenant
     - Default - Tenant
-        - APPEND: `authentik_tenants.tenant  domain: authentik-default`
+        - APPEND: `authentik_brands.brand  domain: authentik-default`
     - Recovery with email verification
         - USE:
             - `default-recovery-flow`

abra.sh

@@ -1,6 +1,6 @@
 export CUSTOM_CSS_VERSION=v2
 export FLOW_AUTHENTICATION_VERSION=v3
-export FLOW_INVITATION_VERSION=v1
+export FLOW_INVITATION_VERSION=v2
 export FLOW_INVALIDATION_VERSION=v2
 export FLOW_RECOVERY_VERSION=v1
 export FLOW_TRANSLATION_VERSION=v2

compose.yml

@@ -32,7 +32,7 @@ x-env: &env
 version: '3.8'
 services:
   app:
-    image: ghcr.io/goauthentik/server:2023.10.7
+    image: ghcr.io/goauthentik/server:2024.2.2
     command: server
     depends_on:
       - db
@@ -76,11 +76,11 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=4.2.0+2023.10.7"
+        - "coop-cloud.${STACK_NAME}.version=5.0.1+2024.2.2"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
 
   worker:
-    image: ghcr.io/goauthentik/server:2023.10.7
+    image: ghcr.io/goauthentik/server:2024.2.2
     command: worker
     depends_on:
       - db

custom_flows.yaml.tmpl

@@ -402,4 +402,4 @@ entries:
   identifiers:
     pk: 047cce25-aae2-4b02-9f96-078e155f803d
   id: system_tenant
-  model: authentik_tenants.tenant
+  model: authentik_brands.brand

flow_invitation.yaml.tmpl

@@ -24,6 +24,18 @@ entries:
   id: invitation-enrollment-flow
   model: authentik_flows.flow
 
+### POLICIES
+- attrs:
+    expression: |
+      if not regex_match(request.context.get('prompt_data').get('username'), '\s'):
+          return True
+      ak_message("Username must not contain any whitespace!")
+      return False
+  id: username-without-spaces-policy
+  identifiers:
+    name: username-without-spaces-policy
+  model: authentik_policies_expression.expressionpolicy
+
 ### STAGES
 - identifiers:
     name: invitation-stage
@@ -41,6 +53,8 @@ entries:
       - !Find [authentik_stages_prompt.prompt, [name, default-user-settings-field-email]]
       - !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password]]
       - !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password-repeat]]
+    validation_policies:
+      - !Find [ authentik_policies_expression.expressionpolicy, [name, username-without-spaces-policy]]
 
 ### STAGE BINDINGS
 - identifiers:

release/5.0.0+2024.2.2

@@ -0,0 +1 @@
+Blueprint changes are applied and automatic migrations should work, however, manual action may be required: https://docs.goauthentik.io/docs/releases/2024.2

system_tenant.yaml.tmpl

@@ -21,7 +21,7 @@ entries:
 # remove custom tenant from old recipe
 - identifiers:
     domain: {{ env "DOMAIN" }}
-  model: authentik_tenants.tenant
+  model: authentik_brands.brand
   state: absent
 
 - attrs:
@@ -32,4 +32,4 @@ entries:
   identifiers:
     default: true
     domain: authentik-default
-  model: authentik_tenants.tenant
+  model: authentik_brands.brand