forked from coop-cloud/authentik
		
	Compare commits
	
		
			1 Commits
		
	
	
		
			list
			...
			event_dele
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 93f9a7b4d7 | 
							
								
								
									
										14
									
								
								.env.sample
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								.env.sample
									
									
									
									
									
								
							| @ -17,9 +17,6 @@ AUTHENTIK_LOG_LEVEL=info | ||||
| ## Outpost Integration | ||||
| # COMPOSE_FILE="$COMPOSE_FILE:compose.outposts.yml" | ||||
|  | ||||
| ## ADMIN | ||||
| AUTHENTIK_BOOTSTRAP_EMAIL=admin@example.com | ||||
|  | ||||
| ## EMAIL | ||||
| AUTHENTIK_EMAIL__HOST=smtp | ||||
| AUTHENTIK_EMAIL__PORT=587 | ||||
| @ -70,7 +67,6 @@ AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21 | ||||
|  | ||||
| # COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml" | ||||
| # ELEMENT_DOMAIN=element-web.example.com | ||||
| # MATRIX_DOMAIN=matrix-synapse.example.com | ||||
| # SECRET_MATRIX_ID_VERSION=v1 | ||||
| # SECRET_MATRIX_SECRET_VERSION=v1 | ||||
| # APP_ICONS="$APP_ICONS matrix:~/.abra/recipes/authentik/icons/matrix.svg" | ||||
| @ -97,17 +93,13 @@ AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21 | ||||
| # KIMAI_DOMAIN=kimai.example.com | ||||
| # SECRET_KIMAI_ID_VERSION=v1 | ||||
| # SECRET_KIMAI_SECRET_VERSION=v1 | ||||
| # APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai_logo.png" | ||||
|  | ||||
| # COMPOSE_FILE="$COMPOSE_FILE:compose.zammad.yml" | ||||
| # ZAMMAD_DOMAIN=zammad.example.com | ||||
| # APP_ICONS="$APP_ICONS zammad:~/.abra/recipes/authentik/icons/zammad.svg" | ||||
| # APP_ICONS="$APP_ICONS kimai:~/.abra/recipes/authentik/icons/kimai.png" | ||||
|  | ||||
| # COMPOSE_FILE="$COMPOSE_FILE:compose.monitoring.yml" | ||||
| # MONITORING_DOMAIN=monitoring.example.com | ||||
| # SECRET_MONITORING_ID_VERSION=v1 | ||||
| # SECRET_MONITORING_SECRET_VERSION=v1 | ||||
| # APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.svg" | ||||
| # APP_ICONS="$APP_ICONS monitoring:~/.abra/recipes/authentik/icons/monitoring.png" | ||||
|  | ||||
| # COMPOSE_FILE="$COMPOSE_FILE:compose.rallly.yml" | ||||
| # RALLLY_DOMAIN=rallly.example.com | ||||
| @ -123,4 +115,4 @@ AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21 | ||||
|  | ||||
| # APPLICATIONS='{"Calendar": "https://nextcloud.example.com/apps/calendar/", "BBB": "https://nextcloud.example.com/apps/bbb/"}' | ||||
| # APP_ICONS="$APP_ICONS Calendar:~/.abra/recipes/authentik/icons/calendar.svg" | ||||
| # APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.png" | ||||
| # APP_ICONS="$APP_ICONS BBB:~/.abra/recipes/authentik/icons/bbb.jpg" | ||||
|  | ||||
							
								
								
									
										9
									
								
								abra.sh
									
									
									
									
									
								
							
							
						
						
									
										9
									
								
								abra.sh
									
									
									
									
									
								
							| @ -12,10 +12,9 @@ export WEKAN_CONFIG_VERSION=v3 | ||||
| export VIKUNJA_CONFIG_VERSION=v1 | ||||
| export OUTLINE_CONFIG_VERSION=v2 | ||||
| export KIMAI_CONFIG_VERSION=v1 | ||||
| export ZAMMAD_CONFIG_VERSION=v1 | ||||
| export RALLLY_CONFIG_VERSION=v2 | ||||
| export HEDGEDOC_CONFIG_VERSION=v1 | ||||
| export MONITORING_CONFIG_VERSION=v2 | ||||
| export MONITORING_CONFIG_VERSION=v1 | ||||
| export DB_ENTRYPOINT_VERSION=v1 | ||||
|  | ||||
| customize() { | ||||
| @ -243,9 +242,3 @@ cert = saml.signing_kp | ||||
| print(''.join(cert.certificate_data.splitlines()[1:-1])) | ||||
| """ 2>&1 | quieten | ||||
| } | ||||
|  | ||||
| get_user_uid() { | ||||
| /manage.py shell -c """ | ||||
| print(User.objects.filter(username='$1').first().uid) | ||||
| """ 2>&1 | quieten | ||||
| } | ||||
|  | ||||
| @ -17,7 +17,6 @@ matrix-synapse: | ||||
|     uncomment: | ||||
|         - compose.matrix.yml | ||||
|         - ELEMENT_DOMAIN | ||||
|         - MATRIX_DOMAIN | ||||
|         - SECRET_MATRIX_ID_VERSION | ||||
|         - SECRET_MATRIX_SECRET_VERSION | ||||
|         - matrix.svg | ||||
| @ -41,19 +40,7 @@ vikunja: | ||||
|         - vikunja.svg | ||||
|     secrets: | ||||
|         vikunja_id: vikunja | ||||
| kimai: | ||||
|     uncomment: | ||||
|         - compose.kimai.yml | ||||
|         - KIMAI_DOMAIN | ||||
|         - SECRET_KIMAI_ID_VERSION | ||||
|         - SECRET_KIMAI_SECRET_VERSION | ||||
|         - kimai_logo.png | ||||
| zammad: | ||||
|     uncomment: | ||||
|         - compose.zammad.yml | ||||
|         - ZAMMAD_DOMAIN | ||||
|         - zammad.svg | ||||
| monitoring-ng: | ||||
| monitoring: | ||||
|     uncomment: | ||||
|         - compose.monitoring.yml | ||||
|         - MONITORING_DOMAIN | ||||
|  | ||||
| @ -1,11 +1,5 @@ | ||||
| version: "3.8" | ||||
| services: | ||||
|   app: | ||||
|     deploy: | ||||
|       labels: | ||||
|         - "traefik.http.routers.${STACK_NAME}.middlewares=redirect-matrix-well-known" | ||||
|         - "traefik.http.middlewares.redirect-matrix-well-known.redirectregex.regex=^https://(.*)/.well-known/matrix/(.*)" | ||||
|         - "traefik.http.middlewares.redirect-matrix-well-known.redirectregex.replacement=https://${MATRIX_DOMAIN}/.well-known/matrix/$$2" | ||||
|   worker: | ||||
|     secrets: | ||||
|       - matrix_id | ||||
|  | ||||
							
								
								
									
										36
									
								
								compose.yml
									
									
									
									
									
								
							
							
						
						
									
										36
									
								
								compose.yml
									
									
									
									
									
								
							| @ -21,7 +21,6 @@ x-env: &env | ||||
|     - AUTHENTIK_COLOR_BACKGROUND_LIGHT | ||||
|     - AUTHENTIK_FOOTER_LINKS | ||||
|     - AUTHENTIK_IMPERSONATION | ||||
|     - AUTHENTIK_BOOTSTRAP_EMAIL | ||||
|     - WELCOME_MESSAGE | ||||
|     - DEFAULT_LANGUAGE | ||||
|     - EMAIL_SUBJECT | ||||
| @ -33,7 +32,7 @@ x-env: &env | ||||
| version: '3.8' | ||||
| services: | ||||
|   app: | ||||
|     image: ghcr.io/goauthentik/server:2024.8.3 | ||||
|     image: ghcr.io/goauthentik/server:2024.4.2 | ||||
|     command: server | ||||
|     depends_on: | ||||
|       - db | ||||
| @ -52,13 +51,16 @@ services: | ||||
|       - internal | ||||
|       - proxy | ||||
|     healthcheck: | ||||
|       test: "ak healthcheck" | ||||
|       test: "bash -c 'printf \"GET / HTTP/1.1\n\n\" > /dev/tcp/127.0.0.1/9000; exit $$?;'" | ||||
|       interval: 30s | ||||
|       timeout: 30s | ||||
|       timeout: 10s | ||||
|       retries: 10 | ||||
|       start_period: 5m | ||||
|     environment: *env | ||||
|     deploy: | ||||
|       update_config: | ||||
|         failure_action: rollback | ||||
|         order: start-first | ||||
|       labels: | ||||
|         - "traefik.enable=true" | ||||
|         - "traefik.docker.network=proxy" | ||||
| @ -71,11 +73,11 @@ services: | ||||
|         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" | ||||
|         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN" | ||||
|         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}" | ||||
|         - "coop-cloud.${STACK_NAME}.version=6.7.0+2024.8.3" | ||||
|         - "coop-cloud.${STACK_NAME}.version=6.1.1+2024.4.2" | ||||
|         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" | ||||
|  | ||||
|   worker: | ||||
|     image: ghcr.io/goauthentik/server:2024.8.3 | ||||
|     image: ghcr.io/goauthentik/server:2024.4.2 | ||||
|     command: worker | ||||
|     depends_on: | ||||
|       - db | ||||
| @ -90,10 +92,10 @@ services: | ||||
|       - internal | ||||
|       - proxy | ||||
|     volumes: | ||||
|       - backups:/backups | ||||
|       - media:/media | ||||
|       - /dev/null:/blueprints/default/flow-oobe.yaml | ||||
|       - templates:/templates | ||||
|       - certs:/certs | ||||
|     configs: | ||||
|       - source: flow_recovery | ||||
|         target: /blueprints/1_flow_recovery.yaml | ||||
| @ -108,15 +110,9 @@ services: | ||||
|       - source: flow_invalidation | ||||
|         target: /blueprints/6_flow_invalidation.yaml | ||||
|     environment: *env | ||||
|     healthcheck: | ||||
|       test: "ak healthcheck" | ||||
|       interval: 30s | ||||
|       timeout: 30s | ||||
|       retries: 10 | ||||
|       start_period: 5m | ||||
|  | ||||
|   db: | ||||
|     image: postgres:15.8 | ||||
|     image: postgres:15.7 | ||||
|     secrets: | ||||
|       - db_password | ||||
|     configs: | ||||
| @ -144,13 +140,10 @@ services: | ||||
|           backupbot.backup: "true" | ||||
|           backupbot.backup.pre-hook: "PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql" | ||||
|           backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql" | ||||
|           backupbot.backup.volumes.database.path: "backup.sql" | ||||
|           backupbot.backup.volumes.redis: "false" | ||||
|           backupbot.restore.post-hook: 'psql -U authentik -d postgres -c "DROP DATABASE authentik WITH (FORCE);" && createdb -U authentik authentik && psql -U authentik -d authentik -f /var/lib/postgresql/data/backup.sql' | ||||
|           backupbot.backup.path: "/var/lib/postgresql/data" | ||||
|  | ||||
|   redis: | ||||
|     image:  redis:7.4.0-alpine | ||||
|     command: --save 60 1 --loglevel warning | ||||
|     image:  redis:7.2.4-alpine | ||||
|     networks: | ||||
|       - internal | ||||
|     healthcheck: | ||||
| @ -159,8 +152,6 @@ services: | ||||
|       timeout: 10s | ||||
|       retries: 10 | ||||
|       start_period: 1m | ||||
|     volumes: | ||||
|         - redis:/data | ||||
|  | ||||
| secrets: | ||||
|   db_password: | ||||
| @ -185,9 +176,8 @@ networks: | ||||
|   internal: | ||||
|  | ||||
| volumes: | ||||
|   backups: | ||||
|   media: | ||||
|   certs: | ||||
|   redis: | ||||
|   templates: | ||||
|   assets: | ||||
|   database: | ||||
|  | ||||
| @ -1,14 +0,0 @@ | ||||
| version: "3.8" | ||||
| services: | ||||
|   worker: | ||||
|     environment: | ||||
|       - ZAMMAD_DOMAIN | ||||
|     configs: | ||||
|       - source: zammad | ||||
|         target: /blueprints/zammad.yaml | ||||
|  | ||||
| configs: | ||||
|   zammad: | ||||
|     name: ${STACK_NAME}_zammad_${ZAMMAD_CONFIG_VERSION} | ||||
|     file: zammad.yaml.tmpl | ||||
|     template_driver: golang | ||||
							
								
								
									
										19
									
								
								delete_user.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								delete_user.py
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,19 @@ | ||||
| model_actions = ["model_deleted"] | ||||
| model_app = "authentik_core" | ||||
| model_name = "user" | ||||
|  | ||||
| event = request.context.get("event", None) | ||||
| if not event: | ||||
|     ak_logger.info("delete_user: No event") | ||||
|     return False | ||||
| if event.action not in model_actions: | ||||
|     ak_logger.info("delete_user: Non-matching action") | ||||
|     return False | ||||
| if ( | ||||
|     event.context["model"]["app"] != model_app | ||||
|     or event.context["model"]["model_name"] != model_name | ||||
| ): | ||||
|     ak_logger.info("delete_user: Invalid model") | ||||
|     return False | ||||
|  | ||||
| ak_logger.info(f'model: {event.context["model"]}') | ||||
							
								
								
									
										
											BIN
										
									
								
								icons/bbb.jpg
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								icons/bbb.jpg
									
									
									
									
									
										Normal file
									
								
							
										
											Binary file not shown.
										
									
								
							| After Width: | Height: | Size: 6.7 KiB | 
							
								
								
									
										
											BIN
										
									
								
								icons/bbb.png
									
									
									
									
									
								
							
							
						
						
									
										
											BIN
										
									
								
								icons/bbb.png
									
									
									
									
									
								
							
										
											Binary file not shown.
										
									
								
							| Before Width: | Height: | Size: 94 KiB | 
| @ -1,30 +0,0 @@ | ||||
| <?xml version="1.0" encoding="UTF-8" standalone="no"?> | ||||
| <svg width="126px" height="108px" viewBox="0 0 42 36" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns"> | ||||
|     <!-- Generator: Sketch 3.3.2 (12043) - http://www.bohemiancoding.com/sketch --> | ||||
|     <title>logo</title> | ||||
|     <desc>Created with Sketch.</desc> | ||||
|     <defs/> | ||||
|     <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage"> | ||||
|         <g id="logo" sketch:type="MSArtboardGroup"> | ||||
|             <g sketch:type="MSLayerGroup" transform="translate(1.000000, 0.000000)" id="Shape"> | ||||
|                 <path d="M27.3375,12.6 L36.72,9.72 L31.1625,13.2525 L27.3375,12.6 Z" fill="#CA2317" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M33.0525,19.62 L31.1625,13.2525 L36.72,9.72 L35.055,15.435 L33.0525,19.62 Z" fill="#E84F83" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M39.465,7.9875 L38.43,9.72 L35.055,15.435 L36.72,9.72 L39.465,7.9875 Z" fill="#CA2317" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M39.8025,9.1125 L37.1925,11.79 L38.43,9.72 L39.8025,9.1125 Z" fill="#E54011" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M27.9,10.8225 L35.5725,10.0575 L30.24,11.7 L27.9,10.8225 Z" fill="#E54011" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M28.1925,15.165 L31.1625,13.2525 L33.0525,19.62 L32.0625,21.645 L28.1925,15.165 Z" fill="#CA2317" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M23.76,22.725 L22.3425,5.4 L32.0625,21.645 L23.76,22.725 Z" fill="#B7DFF2" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M19.7325,27.1575 L23.76,22.725 L32.0625,21.645 L19.7325,27.1575 Z" fill="#E54011" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M0.1575,35.865 L19.7325,27.1575 L23.76,22.725 L17.37,22.0725 L0.1575,35.865 Z" fill="#FFCE33" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M0.9,28.755 L10.9575,27.225 L14.085,24.705 L12.555,24.03 L0.9,28.755 Z" fill="#D6B12D" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M4.5225,20.5425 L14.085,24.705 L17.37,22.0725 L4.5225,20.5425 Z" fill="#FFDE85" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M21.6225,11.6775 L20.4075,11.88 L17.37,22.0725 L20.655,20.0025 L21.6225,11.6775 Z" fill="#009EC6" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M23.4,18.2475 L20.655,20.0025 L22.3425,5.4 L23.4,18.2475 Z" fill="#5EAFCE" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M13.0275,13.05 L21.6225,11.6775 L22.005,8.28 L13.0275,13.05 Z" fill="#045972" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M12.105,5.085 L19.575,9.585 L22.005,8.28 L22.0725,7.8075 L12.105,5.085 Z" fill="#5A8591" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M13.5675,0.18 L20.3625,7.335 L22.0725,7.8075 L22.3425,5.4 L13.5675,0.18 Z" fill="#009EC6" sketch:type="MSShapeGroup"/> | ||||
|                 <path d="M17.37,22.0725 L23.4,18.2475 L23.76,22.725 L17.37,22.0725 Z" fill="#F39804" sketch:type="MSShapeGroup"/> | ||||
|             </g> | ||||
|         </g> | ||||
|     </g> | ||||
| </svg> | ||||
| Before Width: | Height: | Size: 3.0 KiB | 
| @ -25,7 +25,7 @@ entries: | ||||
|   conditions: [] | ||||
|   id: monitoring_provider | ||||
|   identifiers: | ||||
|     pk: 9990 | ||||
|     pk: 9994 | ||||
|   model: authentik_providers_oauth2.oauth2provider | ||||
|   state: present | ||||
|  | ||||
|  | ||||
| @ -1 +0,0 @@ | ||||
| Replaced icon bbb.jpg with icon.png - configs need to be updated when upgrading! | ||||
| @ -1,3 +0,0 @@ | ||||
| Two critical vulnerabilities were closed: | ||||
| https://github.com/goauthentik/authentik/security/advisories/GHSA-7jxf-mmg9-9hg7 | ||||
| https://github.com/goauthentik/authentik/security/advisories/GHSA-8gfm-pr6x-pfh9 | ||||
| @ -1,67 +0,0 @@ | ||||
| version: 1 | ||||
| metadata: | ||||
|   labels: | ||||
|     blueprints.goauthentik.io/instantiate: "true" | ||||
|   name: zammad | ||||
|  | ||||
| entries: | ||||
| - attrs: | ||||
|     expression: return request.user.name | ||||
|     managed: null | ||||
|     name: 'Zammad SAML Mapping: name' | ||||
|     saml_name: name | ||||
|   conditions: [] | ||||
|   identifiers: | ||||
|     name: zammad_name_mapping | ||||
|   id: zammad_name_mapping | ||||
|   model: authentik_providers_saml.samlpropertymapping | ||||
|   state: present | ||||
|  | ||||
| - attrs: | ||||
|     expression: return request.user.email | ||||
|     managed: null | ||||
|     name: 'Zammad SAML Mapping: email' | ||||
|     saml_name: email | ||||
|   conditions: [] | ||||
|   identifiers: | ||||
|     name: zammad_email_mapping | ||||
|   id: zammad_email_mapping | ||||
|   model: authentik_providers_saml.samlpropertymapping | ||||
|   state: present | ||||
|  | ||||
| - attrs: | ||||
|     acs_url: https://{{ env  "ZAMMAD_DOMAIN" }}/auth/saml/callback | ||||
|     assertion_valid_not_before: minutes=-5 | ||||
|     assertion_valid_not_on_or_after: minutes=5 | ||||
|     audience: https://{{ env  "ZAMMAD_DOMAIN" }}/auth/saml/metadata | ||||
|     authentication_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]] | ||||
|     authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] | ||||
|     digest_algorithm: http://www.w3.org/2001/04/xmlenc#sha256 | ||||
|     issuer: https://{{ env  "ZAMMAD_DOMAIN" }}/auth/saml/metadata | ||||
|     name: zammad | ||||
|     property_mappings: | ||||
|     - !KeyOf zammad_name_mapping | ||||
|     - !KeyOf zammad_email_mapping | ||||
|     session_valid_not_on_or_after: minutes=86400 | ||||
|     signature_algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | ||||
|     signing_kp: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] | ||||
|     sp_binding: post | ||||
|   conditions: [] | ||||
|   id: zammad_provider | ||||
|   identifiers: | ||||
|     pk: 9989 | ||||
|   model: authentik_providers_saml.samlprovider | ||||
|   state: present | ||||
|  | ||||
| - attrs: | ||||
|     meta_launch_url: https://{{ env  "ZAMMAD_DOMAIN" }} | ||||
|     open_in_new_tab: true | ||||
|     policy_engine_mode: any | ||||
|     provider: !KeyOf zammad_provider | ||||
|     slug: zammad | ||||
|   conditions: [] | ||||
|   id: zammad_application | ||||
|   identifiers: | ||||
|     name: Zammad | ||||
|   model: authentik_core.application | ||||
|   state: present | ||||
		Reference in New Issue
	
	Block a user