authentik
authentik copied to clipboard
Published
20 hours ago •
goauthentik
goauthentik
Web: add command palette
trafficstars
Details
web: add command palette
Adds Ninja Keys (MIT License) to the Admin Interface. This is a trivial demo. Start the UI and begin by pressing CMD-K or CTRL-K in the Admin Interface.
- Because a lot of the Create and Update operations are accessible as activations-on-modals rather than navigable components in their own right, we don’t have a way to encode commands like “Start the Application Wizard” or “Add a new Policy.”
- Our search isn’t very quick, so “Edit Application Foo” would have intolerable delays while we looked up a list of applications that could be edited.
- The
iconfeature is relatively difficult to exploit because it’s a web component and its inner styles are inacessible. - There seem to be cases where the modal-popup and charts conflict.
If we want to move forward with this, we have the challenge of finding activation means for the various Create and Edit features, and whether or not Search can be meaningfully integrated into the results.
It would also be nifty if the User and Admin palettes treated each other as peers; you could just go “CMD-K My User Page” and it would just take you there, and “CMD-K Admin Applications” to go back, creating an illusion of seamlessness.
Checklist
- [X] The code has been formatted (
make web)
Deploy Preview for authentik-storybook ready!
| Name | Link |
|---|---|
| Latest commit | 00c1e17b520376a19a986f45dfb02353587ac05b |
| Latest deploy log | https://app.netlify.com/projects/authentik-storybook/deploys/684cbf9c4870bb0008ccd46d |
| Deploy Preview | https://deploy-preview-8929--authentik-storybook.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify project configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for authentik-docs canceled.
| Name | Link |
|---|---|
| Latest commit | 00c1e17b520376a19a986f45dfb02353587ac05b |
| Latest deploy log | https://app.netlify.com/projects/authentik-docs/deploys/684cbf9c8c10b800085dc792 |
authentik PR Installation instructions
Instructions for docker-compose
Add the following block to your .env file:
AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-cba8e84bbe7cb7362f23a26dc0cc455157ea81a5
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
For arm64, use these values:
AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-cba8e84bbe7cb7362f23a26dc0cc455157ea81a5-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
Afterwards, run the upgrade commands from the latest release notes.
Instructions for Kubernetes
Add the following block to your values.yml file:
authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ghcr.io/goauthentik/dev-server:gh-cba8e84bbe7cb7362f23a26dc0cc455157ea81a5
For arm64, use these values:
authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ghcr.io/goauthentik/dev-server:gh-cba8e84bbe7cb7362f23a26dc0cc455157ea81a5-arm64
Afterwards, run the upgrade commands from the latest release notes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
![notion-workspace[bot] avatar](https://avatars.githubusercontent.com/in/300037?v=4 "Published by a pub.dev verified publisher"){kind=small}
:x: 2 Tests Failed:
| Tests completed | Failed | Passed | Skipped |
|---|---|---|---|
| 1822 | 2 | 1820 | 2 |
View the top 2 failed test(s) by shortest run time
tests.e2e.test_provider_ldap.TestProviderLDAP::test_ldap_schemaStack Traces | 42.6s run time
self = <unittest.case._Outcome object at 0x7f5c262b8fc0> test_case = <tests.e2e.test_provider_ldap.TestProviderLDAP testMethod=test_ldap_schema> subTest = False @contextlib.contextmanager def testPartExecutor(self, test_case, subTest=False): old_success = self.success self.success = True try: > yield .../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_ldap.TestProviderLDAP testMethod=test_ldap_schema> result = <TestCaseFunction test_ldap_schema> def run(self, result=None): if result is None: result = self.defaultTestResult() startTestRun = getattr(result, 'startTestRun', None) stopTestRun = getattr(result, 'stopTestRun', None) if startTestRun is not None: startTestRun() else: stopTestRun = None result.startTest(self) try: testMethod = getattr(self, self._testMethodName) if (getattr(self.__class__, "__unittest_skip__", False) or getattr(testMethod, "__unittest_skip__", False)): # If the class or method was skipped. skip_why = (getattr(self.__class__, '__unittest_skip_why__', '') or getattr(testMethod, '__unittest_skip_why__', '')) _addSkip(result, self, skip_why) return result expecting_failure = ( getattr(self, "__unittest_expecting_failure__", False) or getattr(testMethod, "__unittest_expecting_failure__", False) ) outcome = _Outcome(result) start_time = time.perf_counter() try: self._outcome = outcome with outcome.testPartExecutor(self): self._callSetUp() if outcome.success: outcome.expecting_failure = expecting_failure with outcome.testPartExecutor(self): > self._callTestMethod(testMethod) .../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_ldap.TestProviderLDAP testMethod=test_ldap_schema> method = <bound method TestProviderLDAP.test_ldap_schema of <tests.e2e.test_provider_ldap.TestProviderLDAP testMethod=test_ldap_schema>> def _callTestMethod(self, method): > if method() is not None: .../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_ldap.TestProviderLDAP testMethod=test_ldap_schema> args = (), kwargs = {} @wraps(func) def wrapper(self: TransactionTestCase, *args, **kwargs): """Run test again if we're below max_retries, including tearDown and setUp. Otherwise raise the error""" nonlocal count try: > return func(self, *args, **kwargs) tests/e2e/utils.py:323: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ args = (<tests.e2e.test_provider_ldap.TestProviderLDAP testMethod=test_ldap_schema>,) kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml' content = 'version: 1\nmetadata:\n name: Default - Invalidation flow\nentries:\n- attrs:\n designation: invalidation\n na...0\n stage: !KeyOf default-invalidation-logout\n target: !KeyOf flow\n model: authentik_flows.flowstagebinding\n' @wraps(func) def wrapper(*args, **kwargs): for file in files: content = BlueprintInstance(path=file).retrieve() Importer.from_string(content).apply() > return func(*args, **kwargs) .../blueprints/tests/__init__.py:25: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ args = (<tests.e2e.test_provider_ldap.TestProviderLDAP testMethod=test_ldap_schema>,) kwargs = {}, config = <AuthentikTenantsConfig: authentik_tenants> @wraps(func) def wrapper(*args, **kwargs): config = apps.get_app_config(app_name) if isinstance(config, ManagedAppConfig): config._on_startup_callback(None) > return func(*args, **kwargs) .../blueprints/tests/__init__.py:43: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ args = (<tests.e2e.test_provider_ldap.TestProviderLDAP testMethod=test_ldap_schema>,) kwargs = {}, config = <AuthentikOutpostConfig: authentik_outposts> @wraps(func) def wrapper(*args, **kwargs): config = apps.get_app_config(app_name) if isinstance(config, ManagedAppConfig): config._on_startup_callback(None) > return func(*args, **kwargs) .../blueprints/tests/__init__.py:43: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_ldap.TestProviderLDAP testMethod=test_ldap_schema> @retry() @apply_blueprint( "default/flow-default-authentication-flow.yaml", "default/flow-default-invalidation-flow.yaml", ) @reconcile_app("authentik_tenants") @reconcile_app("authentik_outposts") def test_ldap_schema(self): """Test LDAP Schema""" self._prepare() server = Server("ldap://localhost:3389", get_info=ALL) _connection = Connection( server, raise_exceptions=True, user=f"cn={self.user.username},ou=users,dc=ldap,dc=goauthentik,dc=io", password=self.user.username, ) > _connection.bind() tests/e2e/test_provider_ldap.py:425: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = Connection(server=Server(host='localhost', port=3389, use_ssl=False, allowed_referral_hosts=[('*', True)], get_info='A...oder=True, auto_range=True, return_empty_attributes=True, auto_encode=True, auto_escape=True, use_referral_cache=False) read_server_info = True, controls = None def bind(self, read_server_info=True, controls=None): """Bind to ldap Server with the authentication method and the user defined in the connection :param read_server_info: reads info from server :param controls: LDAP controls to send along with the bind operation :type controls: list of tuple :return: bool """ if log_enabled(BASIC): log(BASIC, 'start BIND operation via <%s>', self) self.last_error = None with self.connection_lock: if self.lazy and not self._executing_deferred: if self.strategy.pooled: self.strategy.validate_bind(controls) self._deferred_bind = True self._bind_controls = controls self.bound = True if log_enabled(BASIC): log(BASIC, 'deferring bind for <%s>', self) else: self._deferred_bind = False self._bind_controls = None if self.closed: # try to open connection if closed self.open(read_server_info=False) if self.authentication == ANONYMOUS: if log_enabled(PROTOCOL): log(PROTOCOL, 'performing anonymous BIND for <%s>', self) if not self.strategy.pooled: request = bind_operation(self.version, self.authentication, self.user, '', auto_encode=self.auto_encode) if log_enabled(PROTOCOL): log(PROTOCOL, 'anonymous BIND request <%s> sent via <%s>', bind_request_to_dict(request), self) response = self.post_send_single_response(self.send('bindRequest', request, controls)) else: response = self.strategy.validate_bind(controls) # only for REUSABLE elif self.authentication == SIMPLE: if log_enabled(PROTOCOL): log(PROTOCOL, 'performing simple BIND for <%s>', self) if not self.strategy.pooled: request = bind_operation(self.version, self.authentication, self.user, self.password, auto_encode=self.auto_encode) if log_enabled(PROTOCOL): log(PROTOCOL, 'simple BIND request <%s> sent via <%s>', bind_request_to_dict(request), self) > response = self.post_send_single_response(self.send('bindRequest', request, controls)) .venv/lib/python3.13.../ldap3/core/connection.py:607: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <ldap3.strategy.sync.SyncStrategy object at 0x7f5c22786b70> message_id = 142 def post_send_single_response(self, message_id): """ Executed after an Operation Request (except Search) Returns the result message or None """ > responses, result = self.get_response(message_id) .venv/lib/python3.13.../ldap3/strategy/sync.py:160: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <ldap3.strategy.sync.SyncStrategy object at 0x7f5c22786b70> message_id = 142, timeout = 20, get_request = False def get_response(self, message_id, timeout=None, get_request=False): """ Get response LDAP messages Responses are returned by the underlying connection strategy Check if message_id LDAP message is still outstanding and wait for timeout to see if it appears in _get_response Result is stored in connection.result Responses without result is stored in connection.response A tuple (responses, result) is returned """ if timeout is None: timeout = get_config_parameter('RESPONSE_WAITING_TIMEOUT') response = None result = None # request = None if self._outstanding and message_id in self._outstanding: responses = self._get_response(message_id, timeout) if not responses: if log_enabled(ERROR): log(ERROR, 'socket timeout, no response from server for <%s>', self.connection) raise LDAPResponseTimeoutError('no response from server') if responses == SESSION_TERMINATED_BY_SERVER: try: # try to close the session but don't raise any error if server has already closed the session self.close() except (socket.error, LDAPExceptionError): pass self.connection.last_error = 'session terminated by server' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSessionTerminatedByServerError(self.connection.last_error) elif responses == TRANSACTION_ERROR: # Novell LDAP Transaction unsolicited notification self.connection.last_error = 'transaction error' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPTransactionError(self.connection.last_error) # if referral in response opens a new connection to resolve referrals if requested if responses[-2]['result'] == RESULT_REFERRAL: if self.connection.usage: self.connection._usage.referrals_received += 1 if self.connection.auto_referrals: ref_response, ref_result = self.do_operation_on_referral(self._outstanding[message_id], responses[-2]['referrals']) if ref_response is not None: responses = ref_response + [ref_result] responses.append(RESPONSE_COMPLETE) elif ref_result is not None: responses = [ref_result, RESPONSE_COMPLETE] self._referrals = [] if responses: result = responses[-2] response = responses[:-2] self.connection.result = None self.connection.response = None if self.connection.raise_exceptions and result and result['result'] not in DO_NOT_RAISE_EXCEPTIONS: if log_enabled(PROTOCOL): log(PROTOCOL, 'operation result <%s> for <%s>', result, self.connection) self._outstanding.pop(message_id) self.connection.result = result.copy() > raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) E ldap3.core.exceptions.LDAPInvalidCredentialsResult: LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - None - bindResponse - None .venv/lib/python3.13.../ldap3/strategy/base.py:403: LDAPInvalidCredentialsResult
tests.e2e.test_provider_radius.TestProviderRadius::test_radius_bind_successStack Traces | 114s run time
self = <unittest.case._Outcome object at 0x7f3316784050> test_case = <tests.e2e.test_provider_radius.TestProviderRadius testMethod=test_radius_bind_success> subTest = False @contextlib.contextmanager def testPartExecutor(self, test_case, subTest=False): old_success = self.success self.success = True try: > yield .../hostedtoolcache/Python/3.13.4.............../x64/lib/python3.13/unittest/case.py:58: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_radius.TestProviderRadius testMethod=test_radius_bind_success> result = <TestCaseFunction test_radius_bind_success> def run(self, result=None): if result is None: result = self.defaultTestResult() startTestRun = getattr(result, 'startTestRun', None) stopTestRun = getattr(result, 'stopTestRun', None) if startTestRun is not None: startTestRun() else: stopTestRun = None result.startTest(self) try: testMethod = getattr(self, self._testMethodName) if (getattr(self.__class__, "__unittest_skip__", False) or getattr(testMethod, "__unittest_skip__", False)): # If the class or method was skipped. skip_why = (getattr(self.__class__, '__unittest_skip_why__', '') or getattr(testMethod, '__unittest_skip_why__', '')) _addSkip(result, self, skip_why) return result expecting_failure = ( getattr(self, "__unittest_expecting_failure__", False) or getattr(testMethod, "__unittest_expecting_failure__", False) ) outcome = _Outcome(result) start_time = time.perf_counter() try: self._outcome = outcome with outcome.testPartExecutor(self): self._callSetUp() if outcome.success: outcome.expecting_failure = expecting_failure with outcome.testPartExecutor(self): > self._callTestMethod(testMethod) .../hostedtoolcache/Python/3.13.4.............../x64/lib/python3.13/unittest/case.py:651: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_radius.TestProviderRadius testMethod=test_radius_bind_success> method = <bound method TestProviderRadius.test_radius_bind_success of <tests.e2e.test_provider_radius.TestProviderRadius testMethod=test_radius_bind_success>> def _callTestMethod(self, method): > if method() is not None: .../hostedtoolcache/Python/3.13.4.............../x64/lib/python3.13/unittest/case.py:606: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_radius.TestProviderRadius testMethod=test_radius_bind_success> args = (), kwargs = {} @wraps(func) def wrapper(self: TransactionTestCase, *args, **kwargs): """Run test again if we're below max_retries, including tearDown and setUp. Otherwise raise the error""" nonlocal count try: > return func(self, *args, **kwargs) tests/e2e/utils.py:323: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ args = (<tests.e2e.test_provider_radius.TestProviderRadius testMethod=test_radius_bind_success>,) kwargs = {}, file = 'default/flow-default-invalidation-flow.yaml' content = 'version: 1\nmetadata:\n name: Default - Invalidation flow\nentries:\n- attrs:\n designation: invalidation\n na...0\n stage: !KeyOf default-invalidation-logout\n target: !KeyOf flow\n model: authentik_flows.flowstagebinding\n' @wraps(func) def wrapper(*args, **kwargs): for file in files: content = BlueprintInstance(path=file).retrieve() Importer.from_string(content).apply() > return func(*args, **kwargs) .../blueprints/tests/__init__.py:25: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_radius.TestProviderRadius testMethod=test_radius_bind_success> @retry() @apply_blueprint( "default/flow-default-authentication-flow.yaml", "default/flow-default-invalidation-flow.yaml", ) def test_radius_bind_success(self): """Test simple bind""" self._prepare() srv = Client( server="localhost", secret=self.shared_secret.encode(), dict=Dictionary(".../radius/dictionaries/dictionary"), ) req = srv.CreateAuthPacket( code=AccessRequest, User_Name=self.user.username, NAS_Identifier="localhost" ) req["User-Password"] = req.PwCrypt(self.user.username) reply = srv.SendPacket(req) > self.assertEqual(reply.code, AccessAccept) tests/e2e/test_provider_radius.py:86: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_radius.TestProviderRadius testMethod=test_radius_bind_success> first = 3, second = 2, msg = None def assertEqual(self, first, second, msg=None): """Fail if the two objects are unequal as determined by the '==' operator. """ assertion_func = self._getAssertEqualityFunc(first, second) > assertion_func(first, second, msg=msg) .../hostedtoolcache/Python/3.13.4.............../x64/lib/python3.13/unittest/case.py:907: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <tests.e2e.test_provider_radius.TestProviderRadius testMethod=test_radius_bind_success> first = 3, second = 2, msg = '3 != 2' def _baseAssertEqual(self, first, second, msg=None): """The default assertEqual implementation, not type specific.""" if not first == second: standardMsg = '%s != %s' % _common_shorten_repr(first, second) msg = self._formatMessage(msg, standardMsg) > raise self.failureException(msg) E AssertionError: 3 != 2 .../hostedtoolcache/Python/3.13.4.............../x64/lib/python3.13/unittest/case.py:900: AssertionError
To view more test analytics, go to the Test Analytics Dashboard 📋 Got 3 mins? Take this short survey to help us improve Test Analytics.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}