policies: remove deprecated group_membership policy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-03-23 14:43:10 +01:00
parent 6961089425
commit 0671d712fa
14 changed files with 84 additions and 381 deletions

View File

@ -38,7 +38,6 @@ from authentik.policies.dummy.api import DummyPolicyViewSet
from authentik.policies.event_matcher.api import EventMatcherPolicyViewSet
from authentik.policies.expiry.api import PasswordExpiryPolicyViewSet
from authentik.policies.expression.api import ExpressionPolicyViewSet
from authentik.policies.group_membership.api import GroupMembershipPolicyViewSet
from authentik.policies.hibp.api import HaveIBeenPwendPolicyViewSet
from authentik.policies.password.api import PasswordPolicyViewSet
from authentik.policies.reputation.api import (
@ -134,7 +133,6 @@ router.register("policies/all", PolicyViewSet)
router.register("policies/bindings", PolicyBindingViewSet)
router.register("policies/expression", ExpressionPolicyViewSet)
router.register("policies/event_matcher", EventMatcherPolicyViewSet)
router.register("policies/group_membership", GroupMembershipPolicyViewSet)
router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet)
router.register("policies/password_expiry", PasswordExpiryPolicyViewSet)
router.register("policies/password", PasswordPolicyViewSet)

View File

@ -6,7 +6,7 @@ from django.db.models import Model
from django.http.response import HttpResponseBadRequest, JsonResponse
from django.shortcuts import get_object_or_404
from drf_yasg2 import openapi
from drf_yasg2.utils import no_body, swagger_auto_schema, unset
from drf_yasg2.utils import no_body, swagger_auto_schema
from guardian.shortcuts import get_objects_for_user
from rest_framework.decorators import action
from rest_framework.exceptions import PermissionDenied

View File

@ -0,0 +1,83 @@
# Generated by Django 3.1.7 on 2021-03-23 13:39
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_policies_event_matcher", "0011_auto_20210302_0856"),
]
operations = [
migrations.AlterField(
model_name="eventmatcherpolicy",
name="app",
field=models.TextField(
blank=True,
choices=[
("authentik.admin", "authentik Admin"),
("authentik.api", "authentik API"),
("authentik.events", "authentik Events"),
("authentik.crypto", "authentik Crypto"),
("authentik.flows", "authentik Flows"),
("authentik.outposts", "authentik Outpost"),
("authentik.lib", "authentik lib"),
("authentik.policies", "authentik Policies"),
("authentik.policies.dummy", "authentik Policies.Dummy"),
(
"authentik.policies.event_matcher",
"authentik Policies.Event Matcher",
),
("authentik.policies.expiry", "authentik Policies.Expiry"),
("authentik.policies.expression", "authentik Policies.Expression"),
("authentik.policies.hibp", "authentik Policies.HaveIBeenPwned"),
("authentik.policies.password", "authentik Policies.Password"),
("authentik.policies.reputation", "authentik Policies.Reputation"),
("authentik.providers.proxy", "authentik Providers.Proxy"),
("authentik.providers.oauth2", "authentik Providers.OAuth2"),
("authentik.providers.saml", "authentik Providers.SAML"),
("authentik.recovery", "authentik Recovery"),
("authentik.sources.ldap", "authentik Sources.LDAP"),
("authentik.sources.oauth", "authentik Sources.OAuth"),
("authentik.sources.saml", "authentik Sources.SAML"),
(
"authentik.stages.authenticator_static",
"authentik Stages.Authenticator.Static",
),
(
"authentik.stages.authenticator_totp",
"authentik Stages.Authenticator.TOTP",
),
(
"authentik.stages.authenticator_validate",
"authentik Stages.Authenticator.Validate",
),
(
"authentik.stages.authenticator_webauthn",
"authentik Stages.Authenticator.WebAuthn",
),
("authentik.stages.captcha", "authentik Stages.Captcha"),
("authentik.stages.consent", "authentik Stages.Consent"),
("authentik.stages.deny", "authentik Stages.Deny"),
("authentik.stages.dummy", "authentik Stages.Dummy"),
("authentik.stages.email", "authentik Stages.Email"),
(
"authentik.stages.identification",
"authentik Stages.Identification",
),
("authentik.stages.invitation", "authentik Stages.User Invitation"),
("authentik.stages.password", "authentik Stages.Password"),
("authentik.stages.prompt", "authentik Stages.Prompt"),
("authentik.stages.user_delete", "authentik Stages.User Delete"),
("authentik.stages.user_login", "authentik Stages.User Login"),
("authentik.stages.user_logout", "authentik Stages.User Logout"),
("authentik.stages.user_write", "authentik Stages.User Write"),
("authentik.managed", "authentik Managed"),
("authentik.core", "authentik Core"),
],
default="",
help_text="Match events created by selected application. When left empty, all applications are matched.",
),
),
]

View File

@ -1,22 +0,0 @@
"""Group Membership Policy API"""
from rest_framework.viewsets import ModelViewSet
from authentik.policies.api import PolicySerializer
from authentik.policies.group_membership.models import GroupMembershipPolicy
class GroupMembershipPolicySerializer(PolicySerializer):
"""Group Membership Policy Serializer"""
class Meta:
model = GroupMembershipPolicy
fields = PolicySerializer.Meta.fields + [
"group",
]
class GroupMembershipPolicyViewSet(ModelViewSet):
"""Group Membership Policy Viewset"""
queryset = GroupMembershipPolicy.objects.all()
serializer_class = GroupMembershipPolicySerializer

View File

@ -1,11 +0,0 @@
"""authentik Group Membership policy app config"""
from django.apps import AppConfig
class AuthentikPoliciesGroupMembershipConfig(AppConfig):
"""authentik Group Membership policy app config"""
name = "authentik.policies.group_membership"
label = "authentik_policies_group_membership"
verbose_name = "authentik Policies.Group Membership"

View File

@ -1,23 +0,0 @@
"""authentik Group Membership Policy forms"""
from django import forms
from authentik.core.models import Group
from authentik.policies.forms import PolicyForm
from authentik.policies.group_membership.models import GroupMembershipPolicy
class GroupMembershipPolicyForm(PolicyForm):
"""GroupMembershipPolicy Form"""
group = forms.ModelChoiceField(queryset=Group.objects.all().order_by("name"))
class Meta:
model = GroupMembershipPolicy
fields = PolicyForm.Meta.fields + [
"group",
]
widgets = {
"name": forms.TextInput(),
}

View File

@ -1,47 +0,0 @@
# Generated by Django 3.0.7 on 2020-07-01 19:01
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
initial = True
dependencies = [
("authentik_policies", "0002_auto_20200528_1647"),
("authentik_core", "0003_default_user"),
]
operations = [
migrations.CreateModel(
name="GroupMembershipPolicy",
fields=[
(
"policy_ptr",
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to="authentik_policies.Policy",
),
),
(
"group",
models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
to="authentik_core.Group",
),
),
],
options={
"verbose_name": "Group Membership Policy",
"verbose_name_plural": "Group Membership Policies",
},
bases=("authentik_policies.policy",),
),
]

View File

@ -1,20 +0,0 @@
# Generated by Django 3.1.6 on 2021-02-11 19:24
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("authentik_policies_group_membership", "0001_initial"),
]
operations = [
migrations.AlterModelOptions(
name="groupmembershippolicy",
options={
"verbose_name": "Group Membership Policy (deprecated)",
"verbose_name_plural": "Group Membership Policies",
},
),
]

View File

@ -1,40 +0,0 @@
"""user field matcher models"""
from typing import Type
from django.db import models
from django.forms import ModelForm
from django.utils.translation import gettext as _
from rest_framework.serializers import BaseSerializer
from authentik.core.models import Group
from authentik.policies.models import Policy
from authentik.policies.types import PolicyRequest, PolicyResult
class GroupMembershipPolicy(Policy):
"""Check that the user is member of the selected group. **DEPRECATED**
Assign the group directly in a binding instead of using this policy."""
group = models.ForeignKey(Group, null=True, blank=True, on_delete=models.SET_NULL)
@property
def serializer(self) -> BaseSerializer:
from authentik.policies.group_membership.api import (
GroupMembershipPolicySerializer,
)
return GroupMembershipPolicySerializer
@property
def form(self) -> Type[ModelForm]:
from authentik.policies.group_membership.forms import GroupMembershipPolicyForm
return GroupMembershipPolicyForm
def passes(self, request: PolicyRequest) -> PolicyResult:
return PolicyResult(self.group.users.filter(pk=request.user.pk).exists())
class Meta:
verbose_name = _("Group Membership Policy (deprecated)")
verbose_name_plural = _("Group Membership Policies")

View File

@ -1,32 +0,0 @@
"""evaluator tests"""
from django.test import TestCase
from guardian.shortcuts import get_anonymous_user
from authentik.core.models import Group
from authentik.policies.group_membership.models import GroupMembershipPolicy
from authentik.policies.types import PolicyRequest
class TestGroupMembershipPolicy(TestCase):
"""GroupMembershipPolicy tests"""
def setUp(self):
self.request = PolicyRequest(user=get_anonymous_user())
def test_invalid(self):
"""user not in group"""
group = Group.objects.create(name="test")
policy: GroupMembershipPolicy = GroupMembershipPolicy.objects.create(
group=group
)
self.assertFalse(policy.passes(self.request).passing)
def test_valid(self):
"""user in group"""
group = Group.objects.create(name="test")
group.users.add(get_anonymous_user())
group.save()
policy: GroupMembershipPolicy = GroupMembershipPolicy.objects.create(
group=group
)
self.assertTrue(policy.passes(self.request).passing)

View File

@ -97,7 +97,6 @@ INSTALLED_APPS = [
"authentik.policies.event_matcher.apps.AuthentikPoliciesEventMatcherConfig",
"authentik.policies.expiry.apps.AuthentikPolicyExpiryConfig",
"authentik.policies.expression.apps.AuthentikPolicyExpressionConfig",
"authentik.policies.group_membership.apps.AuthentikPoliciesGroupMembershipConfig",
"authentik.policies.hibp.apps.AuthentikPolicyHIBPConfig",
"authentik.policies.password.apps.AuthentikPoliciesPasswordConfig",
"authentik.policies.reputation.apps.AuthentikPolicyReputationConfig",

View File

@ -4852,148 +4852,6 @@ paths:
required: true
type: string
format: uuid
/policies/group_membership/:
get:
operationId: policies_group_membership_list
description: Group Membership Policy Viewset
parameters:
- name: ordering
in: query
description: Which field to use when ordering the results.
required: false
type: string
- name: search
in: query
description: A search term.
required: false
type: string
- name: page
in: query
description: Page Index
required: false
type: integer
- name: page_size
in: query
description: Page Size
required: false
type: integer
responses:
'200':
description: ''
schema:
required:
- results
- pagination
type: object
properties:
pagination:
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
results:
type: array
items:
$ref: '#/definitions/GroupMembershipPolicy'
tags:
- policies
post:
operationId: policies_group_membership_create
description: Group Membership Policy Viewset
parameters:
- name: data
in: body
required: true
schema:
$ref: '#/definitions/GroupMembershipPolicy'
responses:
'201':
description: ''
schema:
$ref: '#/definitions/GroupMembershipPolicy'
tags:
- policies
parameters: []
/policies/group_membership/{policy_uuid}/:
get:
operationId: policies_group_membership_read
description: Group Membership Policy Viewset
parameters: []
responses:
'200':
description: ''
schema:
$ref: '#/definitions/GroupMembershipPolicy'
tags:
- policies
put:
operationId: policies_group_membership_update
description: Group Membership Policy Viewset
parameters:
- name: data
in: body
required: true
schema:
$ref: '#/definitions/GroupMembershipPolicy'
responses:
'200':
description: ''
schema:
$ref: '#/definitions/GroupMembershipPolicy'
tags:
- policies
patch:
operationId: policies_group_membership_partial_update
description: Group Membership Policy Viewset
parameters:
- name: data
in: body
required: true
schema:
$ref: '#/definitions/GroupMembershipPolicy'
responses:
'200':
description: ''
schema:
$ref: '#/definitions/GroupMembershipPolicy'
tags:
- policies
delete:
operationId: policies_group_membership_delete
description: Group Membership Policy Viewset
parameters: []
responses:
'204':
description: ''
tags:
- policies
parameters:
- name: policy_uuid
in: path
description: A UUID string identifying this Group Membership Policy (deprecated).
required: true
type: string
format: uuid
/policies/haveibeenpwned/:
get:
operationId: policies_haveibeenpwned_list
@ -12629,7 +12487,6 @@ definitions:
- authentik.policies.event_matcher
- authentik.policies.expiry
- authentik.policies.expression
- authentik.policies.group_membership
- authentik.policies.hibp
- authentik.policies.password
- authentik.policies.reputation
@ -12699,45 +12556,6 @@ definitions:
title: Expression
type: string
minLength: 1
GroupMembershipPolicy:
description: Group Membership Policy Serializer
type: object
properties:
pk:
title: Policy uuid
type: string
format: uuid
readOnly: true
name:
title: Name
type: string
x-nullable: true
execution_logging:
title: Execution logging
description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged.
type: boolean
object_type:
title: Object type
type: string
readOnly: true
verbose_name:
title: Verbose name
type: string
readOnly: true
verbose_name_plural:
title: Verbose name plural
type: string
readOnly: true
bound_to:
title: Bound to
type: integer
readOnly: true
group:
title: Group
type: string
format: uuid
x-nullable: true
HaveIBeenPwendPolicy:
description: Have I Been Pwned Policy Serializer
type: object