admin/files: fix duplicate bucket name in presigned URLs with custom domain

[dominic-r]

Overview:

When using path-style addressing with a custom domain that includes the bucket name, the generated presigned URLs contained the bucket name twice, which is obviously not intended.

The fix strips the bucket name from the presigned URL path when path-style addressing is detected (path starts with /{bucket}/), since custom_domain must include the bucket name per configuration docs.i

A more detailed overview of the bug can be found at: #19521 (comment)

Do note that commit b5d0968 is present in this PR until #19536 is merged, so I can use the dev server and run tests locally without encountering any issues.

Motivation:

Closes: #19521

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	14789b4
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/696bf0c566049f0008d63ff3
😎 Deploy Preview	https://deploy-preview-19537--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 93.75000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 93.27%. Comparing base (8fce7b9) to head (14789b4).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
authentik/admin/files/backends/s3.py	85.71%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #19537      +/-   ##
==========================================
+ Coverage   92.50%   93.27%   +0.76%     
==========================================
  Files         949      949              
  Lines       52052    52067      +15     
==========================================
+ Hits        48151    48564     +413     
+ Misses       3901     3503     -398     

Flag	Coverage Δ
conformance	38.25% <0.00%> (-0.01%)	⬇️
e2e	44.19% <0.00%> (-0.02%)	⬇️
integration	23.20% <0.00%> (?)
unit	91.49% <93.75%> (-0.02%)	⬇️
unit-migrate	91.50% <93.75%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-14789b498f0fde1a0648af4b11e9efc951dee6a8
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-14789b498f0fde1a0648af4b11e9efc951dee6a8

Afterwards, run the upgrade commands from the latest release notes.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	14789b4
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/696bf0c436773f0008cb646a
😎 Deploy Preview	https://deploy-preview-19537--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[authentik-automation]

🍒 Cherry-pick to version-2025.12 created: #19575