diff --git a/authentik/api/v2/urls.py b/authentik/api/v2/urls.py index a3fbf390b..f3725a1db 100644 --- a/authentik/api/v2/urls.py +++ b/authentik/api/v2/urls.py @@ -38,7 +38,6 @@ from authentik.policies.dummy.api import DummyPolicyViewSet from authentik.policies.event_matcher.api import EventMatcherPolicyViewSet from authentik.policies.expiry.api import PasswordExpiryPolicyViewSet from authentik.policies.expression.api import ExpressionPolicyViewSet -from authentik.policies.group_membership.api import GroupMembershipPolicyViewSet from authentik.policies.hibp.api import HaveIBeenPwendPolicyViewSet from authentik.policies.password.api import PasswordPolicyViewSet from authentik.policies.reputation.api import ( @@ -134,7 +133,6 @@ router.register("policies/all", PolicyViewSet) router.register("policies/bindings", PolicyBindingViewSet) router.register("policies/expression", ExpressionPolicyViewSet) router.register("policies/event_matcher", EventMatcherPolicyViewSet) -router.register("policies/group_membership", GroupMembershipPolicyViewSet) router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet) router.register("policies/password_expiry", PasswordExpiryPolicyViewSet) router.register("policies/password", PasswordPolicyViewSet) diff --git a/authentik/flows/api/flows.py b/authentik/flows/api/flows.py index 850a80734..a87aff0b3 100644 --- a/authentik/flows/api/flows.py +++ b/authentik/flows/api/flows.py @@ -6,7 +6,7 @@ from django.db.models import Model from django.http.response import HttpResponseBadRequest, JsonResponse from django.shortcuts import get_object_or_404 from drf_yasg2 import openapi -from drf_yasg2.utils import no_body, swagger_auto_schema, unset +from drf_yasg2.utils import no_body, swagger_auto_schema from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action from rest_framework.exceptions import PermissionDenied diff --git a/authentik/policies/event_matcher/migrations/0012_auto_20210323_1339.py b/authentik/policies/event_matcher/migrations/0012_auto_20210323_1339.py new file mode 100644 index 000000000..a29cc4e18 --- /dev/null +++ b/authentik/policies/event_matcher/migrations/0012_auto_20210323_1339.py @@ -0,0 +1,83 @@ +# Generated by Django 3.1.7 on 2021-03-23 13:39 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_policies_event_matcher", "0011_auto_20210302_0856"), + ] + + operations = [ + migrations.AlterField( + model_name="eventmatcherpolicy", + name="app", + field=models.TextField( + blank=True, + choices=[ + ("authentik.admin", "authentik Admin"), + ("authentik.api", "authentik API"), + ("authentik.events", "authentik Events"), + ("authentik.crypto", "authentik Crypto"), + ("authentik.flows", "authentik Flows"), + ("authentik.outposts", "authentik Outpost"), + ("authentik.lib", "authentik lib"), + ("authentik.policies", "authentik Policies"), + ("authentik.policies.dummy", "authentik Policies.Dummy"), + ( + "authentik.policies.event_matcher", + "authentik Policies.Event Matcher", + ), + ("authentik.policies.expiry", "authentik Policies.Expiry"), + ("authentik.policies.expression", "authentik Policies.Expression"), + ("authentik.policies.hibp", "authentik Policies.HaveIBeenPwned"), + ("authentik.policies.password", "authentik Policies.Password"), + ("authentik.policies.reputation", "authentik Policies.Reputation"), + ("authentik.providers.proxy", "authentik Providers.Proxy"), + ("authentik.providers.oauth2", "authentik Providers.OAuth2"), + ("authentik.providers.saml", "authentik Providers.SAML"), + ("authentik.recovery", "authentik Recovery"), + ("authentik.sources.ldap", "authentik Sources.LDAP"), + ("authentik.sources.oauth", "authentik Sources.OAuth"), + ("authentik.sources.saml", "authentik Sources.SAML"), + ( + "authentik.stages.authenticator_static", + "authentik Stages.Authenticator.Static", + ), + ( + "authentik.stages.authenticator_totp", + "authentik Stages.Authenticator.TOTP", + ), + ( + "authentik.stages.authenticator_validate", + "authentik Stages.Authenticator.Validate", + ), + ( + "authentik.stages.authenticator_webauthn", + "authentik Stages.Authenticator.WebAuthn", + ), + ("authentik.stages.captcha", "authentik Stages.Captcha"), + ("authentik.stages.consent", "authentik Stages.Consent"), + ("authentik.stages.deny", "authentik Stages.Deny"), + ("authentik.stages.dummy", "authentik Stages.Dummy"), + ("authentik.stages.email", "authentik Stages.Email"), + ( + "authentik.stages.identification", + "authentik Stages.Identification", + ), + ("authentik.stages.invitation", "authentik Stages.User Invitation"), + ("authentik.stages.password", "authentik Stages.Password"), + ("authentik.stages.prompt", "authentik Stages.Prompt"), + ("authentik.stages.user_delete", "authentik Stages.User Delete"), + ("authentik.stages.user_login", "authentik Stages.User Login"), + ("authentik.stages.user_logout", "authentik Stages.User Logout"), + ("authentik.stages.user_write", "authentik Stages.User Write"), + ("authentik.managed", "authentik Managed"), + ("authentik.core", "authentik Core"), + ], + default="", + help_text="Match events created by selected application. When left empty, all applications are matched.", + ), + ), + ] diff --git a/authentik/policies/group_membership/__init__.py b/authentik/policies/group_membership/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/authentik/policies/group_membership/api.py b/authentik/policies/group_membership/api.py deleted file mode 100644 index 671b1654d..000000000 --- a/authentik/policies/group_membership/api.py +++ /dev/null @@ -1,22 +0,0 @@ -"""Group Membership Policy API""" -from rest_framework.viewsets import ModelViewSet - -from authentik.policies.api import PolicySerializer -from authentik.policies.group_membership.models import GroupMembershipPolicy - - -class GroupMembershipPolicySerializer(PolicySerializer): - """Group Membership Policy Serializer""" - - class Meta: - model = GroupMembershipPolicy - fields = PolicySerializer.Meta.fields + [ - "group", - ] - - -class GroupMembershipPolicyViewSet(ModelViewSet): - """Group Membership Policy Viewset""" - - queryset = GroupMembershipPolicy.objects.all() - serializer_class = GroupMembershipPolicySerializer diff --git a/authentik/policies/group_membership/apps.py b/authentik/policies/group_membership/apps.py deleted file mode 100644 index fa3acbffb..000000000 --- a/authentik/policies/group_membership/apps.py +++ /dev/null @@ -1,11 +0,0 @@ -"""authentik Group Membership policy app config""" - -from django.apps import AppConfig - - -class AuthentikPoliciesGroupMembershipConfig(AppConfig): - """authentik Group Membership policy app config""" - - name = "authentik.policies.group_membership" - label = "authentik_policies_group_membership" - verbose_name = "authentik Policies.Group Membership" diff --git a/authentik/policies/group_membership/forms.py b/authentik/policies/group_membership/forms.py deleted file mode 100644 index bccc7b6b3..000000000 --- a/authentik/policies/group_membership/forms.py +++ /dev/null @@ -1,23 +0,0 @@ -"""authentik Group Membership Policy forms""" - -from django import forms - -from authentik.core.models import Group -from authentik.policies.forms import PolicyForm -from authentik.policies.group_membership.models import GroupMembershipPolicy - - -class GroupMembershipPolicyForm(PolicyForm): - """GroupMembershipPolicy Form""" - - group = forms.ModelChoiceField(queryset=Group.objects.all().order_by("name")) - - class Meta: - - model = GroupMembershipPolicy - fields = PolicyForm.Meta.fields + [ - "group", - ] - widgets = { - "name": forms.TextInput(), - } diff --git a/authentik/policies/group_membership/migrations/0001_initial.py b/authentik/policies/group_membership/migrations/0001_initial.py deleted file mode 100644 index 1b48a5004..000000000 --- a/authentik/policies/group_membership/migrations/0001_initial.py +++ /dev/null @@ -1,47 +0,0 @@ -# Generated by Django 3.0.7 on 2020-07-01 19:01 - -import django.db.models.deletion -from django.db import migrations, models - - -class Migration(migrations.Migration): - - initial = True - - dependencies = [ - ("authentik_policies", "0002_auto_20200528_1647"), - ("authentik_core", "0003_default_user"), - ] - - operations = [ - migrations.CreateModel( - name="GroupMembershipPolicy", - fields=[ - ( - "policy_ptr", - models.OneToOneField( - auto_created=True, - on_delete=django.db.models.deletion.CASCADE, - parent_link=True, - primary_key=True, - serialize=False, - to="authentik_policies.Policy", - ), - ), - ( - "group", - models.ForeignKey( - blank=True, - null=True, - on_delete=django.db.models.deletion.SET_NULL, - to="authentik_core.Group", - ), - ), - ], - options={ - "verbose_name": "Group Membership Policy", - "verbose_name_plural": "Group Membership Policies", - }, - bases=("authentik_policies.policy",), - ), - ] diff --git a/authentik/policies/group_membership/migrations/0002_auto_20210211_1924.py b/authentik/policies/group_membership/migrations/0002_auto_20210211_1924.py deleted file mode 100644 index 090b597de..000000000 --- a/authentik/policies/group_membership/migrations/0002_auto_20210211_1924.py +++ /dev/null @@ -1,20 +0,0 @@ -# Generated by Django 3.1.6 on 2021-02-11 19:24 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ("authentik_policies_group_membership", "0001_initial"), - ] - - operations = [ - migrations.AlterModelOptions( - name="groupmembershippolicy", - options={ - "verbose_name": "Group Membership Policy (deprecated)", - "verbose_name_plural": "Group Membership Policies", - }, - ), - ] diff --git a/authentik/policies/group_membership/migrations/__init__.py b/authentik/policies/group_membership/migrations/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/authentik/policies/group_membership/models.py b/authentik/policies/group_membership/models.py deleted file mode 100644 index 076bfd7be..000000000 --- a/authentik/policies/group_membership/models.py +++ /dev/null @@ -1,40 +0,0 @@ -"""user field matcher models""" -from typing import Type - -from django.db import models -from django.forms import ModelForm -from django.utils.translation import gettext as _ -from rest_framework.serializers import BaseSerializer - -from authentik.core.models import Group -from authentik.policies.models import Policy -from authentik.policies.types import PolicyRequest, PolicyResult - - -class GroupMembershipPolicy(Policy): - """Check that the user is member of the selected group. **DEPRECATED** - Assign the group directly in a binding instead of using this policy.""" - - group = models.ForeignKey(Group, null=True, blank=True, on_delete=models.SET_NULL) - - @property - def serializer(self) -> BaseSerializer: - from authentik.policies.group_membership.api import ( - GroupMembershipPolicySerializer, - ) - - return GroupMembershipPolicySerializer - - @property - def form(self) -> Type[ModelForm]: - from authentik.policies.group_membership.forms import GroupMembershipPolicyForm - - return GroupMembershipPolicyForm - - def passes(self, request: PolicyRequest) -> PolicyResult: - return PolicyResult(self.group.users.filter(pk=request.user.pk).exists()) - - class Meta: - - verbose_name = _("Group Membership Policy (deprecated)") - verbose_name_plural = _("Group Membership Policies") diff --git a/authentik/policies/group_membership/tests.py b/authentik/policies/group_membership/tests.py deleted file mode 100644 index 5c53b3950..000000000 --- a/authentik/policies/group_membership/tests.py +++ /dev/null @@ -1,32 +0,0 @@ -"""evaluator tests""" -from django.test import TestCase -from guardian.shortcuts import get_anonymous_user - -from authentik.core.models import Group -from authentik.policies.group_membership.models import GroupMembershipPolicy -from authentik.policies.types import PolicyRequest - - -class TestGroupMembershipPolicy(TestCase): - """GroupMembershipPolicy tests""" - - def setUp(self): - self.request = PolicyRequest(user=get_anonymous_user()) - - def test_invalid(self): - """user not in group""" - group = Group.objects.create(name="test") - policy: GroupMembershipPolicy = GroupMembershipPolicy.objects.create( - group=group - ) - self.assertFalse(policy.passes(self.request).passing) - - def test_valid(self): - """user in group""" - group = Group.objects.create(name="test") - group.users.add(get_anonymous_user()) - group.save() - policy: GroupMembershipPolicy = GroupMembershipPolicy.objects.create( - group=group - ) - self.assertTrue(policy.passes(self.request).passing) diff --git a/authentik/root/settings.py b/authentik/root/settings.py index 78acc5474..945b89abc 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -97,7 +97,6 @@ INSTALLED_APPS = [ "authentik.policies.event_matcher.apps.AuthentikPoliciesEventMatcherConfig", "authentik.policies.expiry.apps.AuthentikPolicyExpiryConfig", "authentik.policies.expression.apps.AuthentikPolicyExpressionConfig", - "authentik.policies.group_membership.apps.AuthentikPoliciesGroupMembershipConfig", "authentik.policies.hibp.apps.AuthentikPolicyHIBPConfig", "authentik.policies.password.apps.AuthentikPoliciesPasswordConfig", "authentik.policies.reputation.apps.AuthentikPolicyReputationConfig", diff --git a/swagger.yaml b/swagger.yaml index 7e2443740..493b34f4a 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -4852,148 +4852,6 @@ paths: required: true type: string format: uuid - /policies/group_membership/: - get: - operationId: policies_group_membership_list - description: Group Membership Policy Viewset - parameters: - - name: ordering - in: query - description: Which field to use when ordering the results. - required: false - type: string - - name: search - in: query - description: A search term. - required: false - type: string - - name: page - in: query - description: Page Index - required: false - type: integer - - name: page_size - in: query - description: Page Size - required: false - type: integer - responses: - '200': - description: '' - schema: - required: - - results - - pagination - type: object - properties: - pagination: - required: - - next - - previous - - count - - current - - total_pages - - start_index - - end_index - type: object - properties: - next: - type: number - previous: - type: number - count: - type: number - current: - type: number - total_pages: - type: number - start_index: - type: number - end_index: - type: number - results: - type: array - items: - $ref: '#/definitions/GroupMembershipPolicy' - tags: - - policies - post: - operationId: policies_group_membership_create - description: Group Membership Policy Viewset - parameters: - - name: data - in: body - required: true - schema: - $ref: '#/definitions/GroupMembershipPolicy' - responses: - '201': - description: '' - schema: - $ref: '#/definitions/GroupMembershipPolicy' - tags: - - policies - parameters: [] - /policies/group_membership/{policy_uuid}/: - get: - operationId: policies_group_membership_read - description: Group Membership Policy Viewset - parameters: [] - responses: - '200': - description: '' - schema: - $ref: '#/definitions/GroupMembershipPolicy' - tags: - - policies - put: - operationId: policies_group_membership_update - description: Group Membership Policy Viewset - parameters: - - name: data - in: body - required: true - schema: - $ref: '#/definitions/GroupMembershipPolicy' - responses: - '200': - description: '' - schema: - $ref: '#/definitions/GroupMembershipPolicy' - tags: - - policies - patch: - operationId: policies_group_membership_partial_update - description: Group Membership Policy Viewset - parameters: - - name: data - in: body - required: true - schema: - $ref: '#/definitions/GroupMembershipPolicy' - responses: - '200': - description: '' - schema: - $ref: '#/definitions/GroupMembershipPolicy' - tags: - - policies - delete: - operationId: policies_group_membership_delete - description: Group Membership Policy Viewset - parameters: [] - responses: - '204': - description: '' - tags: - - policies - parameters: - - name: policy_uuid - in: path - description: A UUID string identifying this Group Membership Policy (deprecated). - required: true - type: string - format: uuid /policies/haveibeenpwned/: get: operationId: policies_haveibeenpwned_list @@ -12629,7 +12487,6 @@ definitions: - authentik.policies.event_matcher - authentik.policies.expiry - authentik.policies.expression - - authentik.policies.group_membership - authentik.policies.hibp - authentik.policies.password - authentik.policies.reputation @@ -12699,45 +12556,6 @@ definitions: title: Expression type: string minLength: 1 - GroupMembershipPolicy: - description: Group Membership Policy Serializer - type: object - properties: - pk: - title: Policy uuid - type: string - format: uuid - readOnly: true - name: - title: Name - type: string - x-nullable: true - execution_logging: - title: Execution logging - description: When this option is enabled, all executions of this policy will - be logged. By default, only execution errors are logged. - type: boolean - object_type: - title: Object type - type: string - readOnly: true - verbose_name: - title: Verbose name - type: string - readOnly: true - verbose_name_plural: - title: Verbose name plural - type: string - readOnly: true - bound_to: - title: Bound to - type: integer - readOnly: true - group: - title: Group - type: string - format: uuid - x-nullable: true HaveIBeenPwendPolicy: description: Have I Been Pwned Policy Serializer type: object