authentik/authentik/sources/oauth/api/source.py

"""OAuth Source Serializer"""
from django.urls.base import reverse_lazy
from drf_spectacular.utils import extend_schema, extend_schema_field
from rest_framework.decorators import action
from rest_framework.fields import BooleanField, CharField, SerializerMethodField
from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework.serializers import ValidationError
from rest_framework.viewsets import ModelViewSet

from authentik.core.api.sources import SourceSerializer
from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import PassiveSerializer
from authentik.sources.oauth.models import OAuthSource
from authentik.sources.oauth.types.manager import MANAGER


class SourceTypeSerializer(PassiveSerializer):
    """Serializer for SourceType"""

    name = CharField(required=True)
    slug = CharField(required=True)
    urls_customizable = BooleanField()
    request_token_url = CharField(read_only=True, allow_null=True)
    authorization_url = CharField(read_only=True, allow_null=True)
    access_token_url = CharField(read_only=True, allow_null=True)
    profile_url = CharField(read_only=True, allow_null=True)


class OAuthSourceSerializer(SourceSerializer):
    """OAuth Source Serializer"""

    callback_url = SerializerMethodField()

    def get_callback_url(self, instance: OAuthSource) -> str:
        """Get OAuth Callback URL"""
        relative_url = reverse_lazy(
            "authentik_sources_oauth:oauth-client-callback",
            kwargs={"source_slug": instance.slug},
        )
        if "request" not in self.context:
            return relative_url
        return self.context["request"].build_absolute_uri(relative_url)

    type = SerializerMethodField()

    @extend_schema_field(SourceTypeSerializer)
    def get_type(self, instace: OAuthSource) -> SourceTypeSerializer:
        """Get source's type configuration"""
        return SourceTypeSerializer(instace.type).data

    def validate(self, attrs: dict) -> dict:
        provider_type = MANAGER.find_type(attrs.get("provider_type", ""))
        for url in [
            "authorization_url",
            "access_token_url",
            "profile_url",
        ]:
            if getattr(provider_type, url, None) is None:
                if url not in attrs:
                    raise ValidationError(
                        f"{url} is required for provider {provider_type.name}"
                    )
        return attrs

    class Meta:
        model = OAuthSource
        fields = SourceSerializer.Meta.fields + [
            "provider_type",
            "request_token_url",
            "authorization_url",
            "access_token_url",
            "profile_url",
            "consumer_key",
            "consumer_secret",
            "callback_url",
            "type",
        ]
        extra_kwargs = {"consumer_secret": {"write_only": True}}


class OAuthSourceViewSet(UsedByMixin, ModelViewSet):
    """Source Viewset"""

    queryset = OAuthSource.objects.all()
    serializer_class = OAuthSourceSerializer
    lookup_field = "slug"

    @extend_schema(responses={200: SourceTypeSerializer(many=True)})
    @action(detail=False, pagination_class=None, filter_backends=[])
    def source_types(self, request: Request) -> Response:
        """Get all creatable source types"""
        data = []
        for source_type in MANAGER.get():
            data.append(SourceTypeSerializer(source_type).data)
        return Response(data)
all(major): add most models to API 2019-10-28 16:40:57 +00:00			`"""OAuth Source Serializer"""`
sources/oauth: add callback URL to api 2021-02-09 15:47:49 +00:00			`from django.urls.base import reverse_lazy`
*: initial migration to openapi v3 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-15 21:57:28 +00:00			`from drf_spectacular.utils import extend_schema, extend_schema_field`
sources/oauth: add API to get provider types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 11:26:42 +00:00			`from rest_framework.decorators import action`
sources/oauth: revamp types system, move default URLs to type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 12:59:58 +00:00			`from rest_framework.fields import BooleanField, CharField, SerializerMethodField`
sources/oauth: add API to get provider types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 11:26:42 +00:00			`from rest_framework.request import Request`
			`from rest_framework.response import Response`
sources/oauth: fix error when creating an oauth source which has fixed URLs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-16 07:49:25 +00:00			`from rest_framework.serializers import ValidationError`
all(major): add most models to API 2019-10-28 16:40:57 +00:00			`from rest_framework.viewsets import ModelViewSet`

sources/*: simplify source api 2021-02-08 09:15:59 +00:00			`from authentik.core.api.sources import SourceSerializer`
API: add endpoint to show by what objects an object is used (#995) * core: add used_by API to show what objects are affected before deletion Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add support for used_by API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: add authentik_used_by_shadows to shadow other models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: implement used_by API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : fix duplicate imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> core: add action field to used_by api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: add UI for used_by action Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: add notice to tenant form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: fix naming in used_by Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: check length for used_by Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: fix used_by for non-pk models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : improve __str__ on models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> core: add support for many to many in used_by Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-10 09:58:12 +00:00			`from authentik.core.api.used_by import UsedByMixin`
sources/oauth: add API to get provider types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 11:26:42 +00:00			`from authentik.core.api.utils import PassiveSerializer`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`from authentik.sources.oauth.models import OAuthSource`
sources/oauth: add API to get provider types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 11:26:42 +00:00			`from authentik.sources.oauth.types.manager import MANAGER`
all(major): add most models to API 2019-10-28 16:40:57 +00:00

sources/oauth: revamp types system, move default URLs to type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 12:59:58 +00:00			`class SourceTypeSerializer(PassiveSerializer):`
			`"""Serializer for SourceType"""`

			`name = CharField(required=True)`
			`slug = CharField(required=True)`
			`urls_customizable = BooleanField()`
			`request_token_url = CharField(read_only=True, allow_null=True)`
			`authorization_url = CharField(read_only=True, allow_null=True)`
			`access_token_url = CharField(read_only=True, allow_null=True)`
			`profile_url = CharField(read_only=True, allow_null=True)`


sources/*: simplify source api 2021-02-08 09:15:59 +00:00			`class OAuthSourceSerializer(SourceSerializer):`
all(major): add most models to API 2019-10-28 16:40:57 +00:00			`"""OAuth Source Serializer"""`

sources/oauth: add callback URL to api 2021-02-09 15:47:49 +00:00			`callback_url = SerializerMethodField()`

			`def get_callback_url(self, instance: OAuthSource) -> str:`
			`"""Get OAuth Callback URL"""`
			`relative_url = reverse_lazy(`
			`"authentik_sources_oauth:oauth-client-callback",`
			`kwargs={"source_slug": instance.slug},`
			`)`
			`if "request" not in self.context:`
			`return relative_url`
			`return self.context["request"].build_absolute_uri(relative_url)`

sources/oauth: revamp types system, move default URLs to type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 12:59:58 +00:00			`type = SerializerMethodField()`

*: initial migration to openapi v3 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-15 21:57:28 +00:00			`@extend_schema_field(SourceTypeSerializer)`
sources/oauth: revamp types system, move default URLs to type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 12:59:58 +00:00			`def get_type(self, instace: OAuthSource) -> SourceTypeSerializer:`
			`"""Get source's type configuration"""`
			`return SourceTypeSerializer(instace.type).data`

sources/oauth: fix error when creating an oauth source which has fixed URLs Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-16 07:49:25 +00:00			`def validate(self, attrs: dict) -> dict:`
			`provider_type = MANAGER.find_type(attrs.get("provider_type", ""))`
			`for url in [`
			`"authorization_url",`
			`"access_token_url",`
			`"profile_url",`
			`]:`
			`if getattr(provider_type, url, None) is None:`
			`if url not in attrs:`
			`raise ValidationError(`
			`f"{url} is required for provider {provider_type.name}"`
			`)`
			`return attrs`

all(major): add most models to API 2019-10-28 16:40:57 +00:00			`class Meta:`
			`model = OAuthSource`
sources/*: simplify source api 2021-02-08 09:15:59 +00:00			`fields = SourceSerializer.Meta.fields + [`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`"provider_type",`
			`"request_token_url",`
			`"authorization_url",`
			`"access_token_url",`
			`"profile_url",`
			`"consumer_key",`
			`"consumer_secret",`
sources/oauth: add callback URL to api 2021-02-09 15:47:49 +00:00			`"callback_url",`
sources/oauth: revamp types system, move default URLs to type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 12:59:58 +00:00			`"type",`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`]`
sources/oauth: make secret write_only Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-09 19:40:22 +00:00			`extra_kwargs = {"consumer_secret": {"write_only": True}}`
all(major): add most models to API 2019-10-28 16:40:57 +00:00

API: add endpoint to show by what objects an object is used (#995) * core: add used_by API to show what objects are affected before deletion Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add support for used_by API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: add authentik_used_by_shadows to shadow other models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: implement used_by API Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : fix duplicate imports Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> core: add action field to used_by api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: add UI for used_by action Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: add notice to tenant form Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: fix naming in used_by Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: check length for used_by Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * core: fix used_by for non-pk models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : improve __str__ on models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> core: add support for many to many in used_by Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-10 09:58:12 +00:00			`class OAuthSourceViewSet(UsedByMixin, ModelViewSet):`
all(major): add most models to API 2019-10-28 16:40:57 +00:00			`"""Source Viewset"""`

			`queryset = OAuthSource.objects.all()`
			`serializer_class = OAuthSourceSerializer`
sources/*: switch API to use slug in URL 2021-02-09 15:08:24 +00:00			`lookup_field = "slug"`
sources/oauth: add API to get provider types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 11:26:42 +00:00
*: initial migration to openapi v3 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-15 21:57:28 +00:00			`@extend_schema(responses={200: SourceTypeSerializer(many=True)})`
sources/oauth: add API to get provider types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 11:26:42 +00:00			`@action(detail=False, pagination_class=None, filter_backends=[])`
sources/oauth: revamp types system, move default URLs to type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 12:59:58 +00:00			`def source_types(self, request: Request) -> Response:`
sources/oauth: add API to get provider types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 11:26:42 +00:00			`"""Get all creatable source types"""`
			`data = []`
sources/oauth: revamp types system, move default URLs to type Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-02 12:59:58 +00:00			`for source_type in MANAGER.get():`
			`data.append(SourceTypeSerializer(source_type).data)`
			`return Response(data)`