From fe4791c21664207b9118e44f9bc55b3f528378d9 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Mar 2021 00:02:35 +0100 Subject: [PATCH 01/60] web: initial implementation of new forms Signed-off-by: Jens Langhammer --- authentik/core/forms/users.py | 15 -- authentik/core/templates/user/details.html | 26 --- authentik/core/tests/test_views_user.py | 30 ---- authentik/core/urls.py | 1 - authentik/core/views/user.py | 28 ---- tests/e2e/test_flows_enroll.py | 4 +- tests/e2e/test_source_oauth.py | 6 +- tests/e2e/test_source_saml.py | 6 +- web/package-lock.json | 138 ++++++++++++++++ web/package.json | 2 + web/src/api/legacy.ts | 4 + web/src/authentik.css | 7 + web/src/main.ts | 1 - web/src/pages/users/UserDetailsPage.ts | 151 ++++++++++++++++++ web/src/pages/users/UserSettingsPage.ts | 30 +--- .../pages/{tokens => users}/UserTokenList.ts | 2 +- 16 files changed, 317 insertions(+), 134 deletions(-) delete mode 100644 authentik/core/forms/users.py delete mode 100644 authentik/core/templates/user/details.html delete mode 100644 authentik/core/tests/test_views_user.py create mode 100644 web/src/pages/users/UserDetailsPage.ts rename web/src/pages/{tokens => users}/UserTokenList.ts (99%) diff --git a/authentik/core/forms/users.py b/authentik/core/forms/users.py deleted file mode 100644 index 36b5e33c5..000000000 --- a/authentik/core/forms/users.py +++ /dev/null @@ -1,15 +0,0 @@ -"""authentik core user forms""" - -from django import forms - -from authentik.core.models import User - - -class UserDetailForm(forms.ModelForm): - """Update User Details""" - - class Meta: - - model = User - fields = ["username", "name", "email"] - widgets = {"name": forms.TextInput} diff --git a/authentik/core/templates/user/details.html b/authentik/core/templates/user/details.html deleted file mode 100644 index 0babe3137..000000000 --- a/authentik/core/templates/user/details.html +++ /dev/null @@ -1,26 +0,0 @@ -{% load i18n %} - -
-
- {% trans 'Update details' %} -
-
-
- {% include 'partials/form_horizontal.html' with form=form %} - {% block beneath_form %} - {% endblock %} -
-
-
- - {% if unenrollment_enabled %} - {% - trans "Delete account" %} - {% endif %} -
-
-
-
-
-
diff --git a/authentik/core/tests/test_views_user.py b/authentik/core/tests/test_views_user.py deleted file mode 100644 index bad0ab441..000000000 --- a/authentik/core/tests/test_views_user.py +++ /dev/null @@ -1,30 +0,0 @@ -"""authentik user view tests""" -import string -from random import SystemRandom - -from django.test import TestCase -from django.urls import reverse - -from authentik.core.models import User - - -class TestUserViews(TestCase): - """Test User Views""" - - def setUp(self): - super().setUp() - self.user = User.objects.create_user( - username="unittest user", - email="unittest@example.com", - password="".join( - SystemRandom().choice(string.ascii_uppercase + string.digits) - for _ in range(8) - ), - ) - self.client.force_login(self.user) - - def test_user_details(self): - """Test UserDetailsView""" - self.assertEqual( - self.client.get(reverse("authentik_core:user-details")).status_code, 200 - ) diff --git a/authentik/core/urls.py b/authentik/core/urls.py index ee03d748c..a8f2d91b6 100644 --- a/authentik/core/urls.py +++ b/authentik/core/urls.py @@ -14,7 +14,6 @@ urlpatterns = [ name="root-redirect", ), # User views - path("-/user/details/", user.UserDetailsView.as_view(), name="user-details"), path( "-/user/tokens/create/", user.TokenCreateView.as_view(), diff --git a/authentik/core/views/user.py b/authentik/core/views/user.py index 6d630e922..6c5a9d7d4 100644 --- a/authentik/core/views/user.py +++ b/authentik/core/views/user.py @@ -15,39 +15,11 @@ from guardian.mixins import PermissionRequiredMixin from guardian.shortcuts import get_objects_for_user from authentik.core.forms.token import UserTokenForm -from authentik.core.forms.users import UserDetailForm from authentik.core.models import Token, TokenIntents from authentik.flows.models import Flow, FlowDesignation from authentik.lib.views import CreateAssignPermView -class UserSettingsView(TemplateView): - """Multiple SiteShells for user details and all stages""" - - template_name = "user/settings.html" - - -class UserDetailsView(SuccessMessageMixin, LoginRequiredMixin, UpdateView): - """Update User details""" - - template_name = "user/details.html" - form_class = UserDetailForm - - success_message = _("Successfully updated user.") - success_url = reverse_lazy("authentik_core:user-details") - - def get_object(self): - return self.request.user - - def get_context_data(self, **kwargs: Any) -> dict[str, Any]: - kwargs = super().get_context_data(**kwargs) - unenrollment_flow = Flow.with_policy( - self.request, designation=FlowDesignation.UNRENOLLMENT - ) - kwargs["unenrollment_enabled"] = bool(unenrollment_flow) - return kwargs - - class TokenCreateView( SuccessMessageMixin, LoginRequiredMixin, diff --git a/tests/e2e/test_flows_enroll.py b/tests/e2e/test_flows_enroll.py index abd4c976d..2a9bef063 100644 --- a/tests/e2e/test_flows_enroll.py +++ b/tests/e2e/test_flows_enroll.py @@ -98,7 +98,7 @@ class TestFlowsEnroll(SeleniumTestCase): wait = WebDriverWait(interface_admin, self.wait_timeout) wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-sidebar"))) - self.driver.get(self.if_admin_url("authentik_core:user-details")) + self.driver.get(self.if_admin_url("/user")) user = User.objects.get(username="foo") self.assertEqual(user.username, "foo") @@ -198,7 +198,7 @@ class TestFlowsEnroll(SeleniumTestCase): ) wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-sidebar"))) - self.driver.get(self.if_admin_url("authentik_core:user-details")) + self.driver.get(self.if_admin_url("/user")) self.assert_user(User.objects.get(username="foo")) diff --git a/tests/e2e/test_source_oauth.py b/tests/e2e/test_source_oauth.py index 85dbab6ab..9f1ca18af 100644 --- a/tests/e2e/test_source_oauth.py +++ b/tests/e2e/test_source_oauth.py @@ -160,7 +160,7 @@ class TestSourceOAuth2(SeleniumTestCase): # Wait until we've logged in self.wait_for_url(self.if_admin_url("/library")) - self.driver.get(self.url("authentik_core:user-details")) + self.driver.get(self.if_admin_url("/user")) self.assertEqual( self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo" @@ -255,7 +255,7 @@ class TestSourceOAuth2(SeleniumTestCase): # Wait until we've logged in self.wait_for_url(self.if_admin_url("/library")) - self.driver.get(self.url("authentik_core:user-details")) + self.driver.get(self.if_admin_url("/user")) self.assertEqual( self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo" @@ -359,7 +359,7 @@ class TestSourceOAuth1(SeleniumTestCase): sleep(2) # Wait until we've logged in self.wait_for_url(self.if_admin_url("/library")) - self.driver.get(self.url("authentik_core:user-details")) + self.driver.get(self.if_admin_url("/user")) self.assertEqual( self.driver.find_element(By.ID, "id_username").get_attribute("value"), diff --git a/tests/e2e/test_source_saml.py b/tests/e2e/test_source_saml.py index 413b3e69a..8ea4d926d 100644 --- a/tests/e2e/test_source_saml.py +++ b/tests/e2e/test_source_saml.py @@ -153,7 +153,7 @@ class TestSourceSAML(SeleniumTestCase): # Wait until we're logged in self.wait_for_url(self.if_admin_url("/library")) - self.driver.get(self.url("authentik_core:user-details")) + self.driver.get(self.if_admin_url("/user")) # Wait until we've loaded the user info page self.assertNotEqual( @@ -233,7 +233,7 @@ class TestSourceSAML(SeleniumTestCase): # Wait until we're logged in self.wait_for_url(self.if_admin_url("/library")) - self.driver.get(self.url("authentik_core:user-details")) + self.driver.get(self.if_admin_url("/user")) # Wait until we've loaded the user info page self.assertNotEqual( @@ -300,7 +300,7 @@ class TestSourceSAML(SeleniumTestCase): # Wait until we're logged in self.wait_for_url(self.if_admin_url("/library")) - self.driver.get(self.url("authentik_core:user-details")) + self.driver.get(self.if_admin_url("/user")) # Wait until we've loaded the user info page self.assertNotEqual( diff --git a/web/package-lock.json b/web/package-lock.json index e49a55ba7..4efea8bd9 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -133,6 +133,139 @@ "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.90.5.tgz", "integrity": "sha512-Fe0C8UkzSjtacQ+fHXlFB/LHzrv/c2K4z479C6dboOgkGQE1FyB0wt1NBfxij0D++rhOy04OOYdE+Tr0JSlZKw==" }, + "@polymer/font-roboto": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@polymer/font-roboto/-/font-roboto-3.0.2.tgz", + "integrity": "sha512-tx5TauYSmzsIvmSqepUPDYbs4/Ejz2XbZ1IkD7JEGqkdNUJlh+9KU85G56Tfdk/xjEZ8zorFfN09OSwiMrIQWA==" + }, + "@polymer/iron-a11y-announcer": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@polymer/iron-a11y-announcer/-/iron-a11y-announcer-3.1.0.tgz", + "integrity": "sha512-lc5i4NKB8kSQHH0Hwu8WS3ym93m+J69OHJWSSBxwd17FI+h2wmgxDzeG9LI4ojMMck17/uc2pLe7g/UHt5/K/A==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-a11y-keys-behavior": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-a11y-keys-behavior/-/iron-a11y-keys-behavior-3.0.1.tgz", + "integrity": "sha512-lnrjKq3ysbBPT/74l0Fj0U9H9C35Tpw2C/tpJ8a+5g8Y3YJs1WSZYnEl1yOkw6sEyaxOq/1DkzH0+60gGu5/PQ==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-ajax": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-ajax/-/iron-ajax-3.0.1.tgz", + "integrity": "sha512-7+TPEAfWsRdhj1Y8UeF1759ktpVu+c3sG16rJiUC3wF9+woQ9xI1zUm2d59i7Yc3aDEJrR/Q8Y262KlOvyGVNg==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-autogrow-textarea": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@polymer/iron-autogrow-textarea/-/iron-autogrow-textarea-3.0.3.tgz", + "integrity": "sha512-5r0VkWrIlm0JIp5E5wlnvkw7slK72lFRZXncmrsLZF+6n1dg2rI8jt7xpFzSmUWrqpcyXwyKaGaDvUjl3j4JLA==", + "requires": { + "@polymer/iron-behaviors": "^3.0.0-pre.26", + "@polymer/iron-flex-layout": "^3.0.0-pre.26", + "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-behaviors": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-behaviors/-/iron-behaviors-3.0.1.tgz", + "integrity": "sha512-IMEwcv1lhf1HSQxuyWOUIL0lOBwmeaoSTpgCJeP9IBYnuB1SPQngmfRuHKgK6/m9LQ9F9miC7p3HeQQUdKAE0w==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-flex-layout": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-flex-layout/-/iron-flex-layout-3.0.1.tgz", + "integrity": "sha512-7gB869czArF+HZcPTVSgvA7tXYFze9EKckvM95NB7SqYF+NnsQyhoXgKnpFwGyo95lUjUW9TFDLUwDXnCYFtkw==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-form": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-form/-/iron-form-3.0.1.tgz", + "integrity": "sha512-JwSQXHjYALsytCeBkXlY8aRwqgZuYIqzOk3iHuugb1RXOdZ7MZHyJhMDVBbscHjxqPKu/KaVzAjrcfwNNafzEA==", + "requires": { + "@polymer/iron-ajax": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-form-element-behavior": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-form-element-behavior/-/iron-form-element-behavior-3.0.1.tgz", + "integrity": "sha512-G/e2KXyL5AY7mMjmomHkGpgS0uAf4ovNpKhkuUTRnMuMJuf589bKqE85KN4ovE1Tzhv2hJoh/igyD6ekHiYU1A==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-input": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-input/-/iron-input-3.0.1.tgz", + "integrity": "sha512-WLx13kEcbH9GKbj9+pWR6pbJkA5kxn3796ynx6eQd2rueMyUfVTR3GzOvadBKsciUuIuzrxpBWZ2+3UcueVUQQ==", + "requires": { + "@polymer/iron-a11y-announcer": "^3.0.0-pre.26", + "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-meta": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-meta/-/iron-meta-3.0.1.tgz", + "integrity": "sha512-pWguPugiLYmWFV9UWxLWzZ6gm4wBwQdDy4VULKwdHCqR7OP7u98h+XDdGZsSlDPv6qoryV/e3tGHlTIT0mbzJA==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-validatable-behavior": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-validatable-behavior/-/iron-validatable-behavior-3.0.1.tgz", + "integrity": "sha512-wwpYh6wOa4fNI+jH5EYKC7TVPYQ2OfgQqocWat7GsNWcsblKYhLYbwsvEY5nO0n2xKqNfZzDLrUom5INJN7msQ==", + "requires": { + "@polymer/iron-meta": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/paper-input": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/@polymer/paper-input/-/paper-input-3.2.1.tgz", + "integrity": "sha512-6ghgwQKM6mS0hAQxQqj+tkeEY1VUBqAsrasAm8V5RpNcfSWQC/hhRFxU0beGuKTAhndzezDzWYP6Zz4b8fExGg==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/iron-autogrow-textarea": "^3.0.0-pre.26", + "@polymer/iron-behaviors": "^3.0.0-pre.26", + "@polymer/iron-form-element-behavior": "^3.0.0-pre.26", + "@polymer/iron-input": "^3.0.0-pre.26", + "@polymer/paper-styles": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/paper-styles": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/paper-styles/-/paper-styles-3.0.1.tgz", + "integrity": "sha512-y6hmObLqlCx602TQiSBKHqjwkE7xmDiFkoxdYGaNjtv4xcysOTdVJsDR/R9UHwIaxJ7gHlthMSykir1nv78++g==", + "requires": { + "@polymer/font-roboto": "^3.0.1", + "@polymer/iron-flex-layout": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/polymer": { + "version": "3.4.1", + "resolved": "https://registry.npmjs.org/@polymer/polymer/-/polymer-3.4.1.tgz", + "integrity": "sha512-KPWnhDZibtqKrUz7enIPOiO4ZQoJNOuLwqrhV2MXzIt3VVnUVJVG5ORz4Z2sgO+UZ+/UZnPD0jqY+jmw/+a9mQ==", + "requires": { + "@webcomponents/shadycss": "^1.9.1" + } + }, "@rollup/plugin-typescript": { "version": "8.2.0", "resolved": "https://registry.npmjs.org/@rollup/plugin-typescript/-/plugin-typescript-8.2.0.tgz", @@ -490,6 +623,11 @@ "eslint-visitor-keys": "^2.0.0" } }, + "@webcomponents/shadycss": { + "version": "1.10.2", + "resolved": "https://registry.npmjs.org/@webcomponents/shadycss/-/shadycss-1.10.2.tgz", + "integrity": "sha512-9Iseu8bRtecb0klvv+WXZOVZatsRkbaH7M97Z+f+Pt909R4lDfgUODAnra23DOZTpeMTAkVpf4m/FZztN7Ox1A==" + }, "acorn": { "version": "7.4.1", "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", diff --git a/web/package.json b/web/package.json index b5757b497..9921a4efa 100644 --- a/web/package.json +++ b/web/package.json @@ -12,6 +12,8 @@ "dependencies": { "@fortawesome/fontawesome-free": "^5.15.3", "@patternfly/patternfly": "^4.90.5", + "@polymer/iron-form": "^3.0.1", + "@polymer/paper-input": "^3.2.1", "@sentry/browser": "^6.2.3", "@sentry/tracing": "^6.2.3", "@types/chart.js": "^2.9.31", diff --git a/web/src/api/legacy.ts b/web/src/api/legacy.ts index c8a520d71..9e2c7734f 100644 --- a/web/src/api/legacy.ts +++ b/web/src/api/legacy.ts @@ -105,6 +105,10 @@ export class AppURLManager { export class FlowURLManager { + static defaultUnenrollment(): string { + return "-/default/unenrollment/"; + } + static configure(stageUuid: string, rest: string): string { return `-/configure/${stageUuid}/${rest}`; } diff --git a/web/src/authentik.css b/web/src/authentik.css index 8d5da9ba4..3cf2133ce 100644 --- a/web/src/authentik.css +++ b/web/src/authentik.css @@ -88,6 +88,7 @@ body { @media (prefers-color-scheme: dark) { :root { + --ak-accent: #fd4b2d; --ak-dark-foreground: #fafafa; --ak-dark-foreground-darker: #bebebe; --ak-dark-foreground-link: #5a5cb9; @@ -100,6 +101,12 @@ body { --pf-c-page__main-section--m-light--BackgroundColor: var(--ak-dark-background-darker); --pf-global--link--Color: var(--ak-dark-foreground-link); } + + paper-input { + /* --paper-input-container-color: var(--ak-accent); */ + --paper-input-container-input-color: var(--ak-dark-foreground); + } + /* Global page background colour */ .pf-c-page { --pf-c-page--BackgroundColor: var(--ak-dark-background); diff --git a/web/src/main.ts b/web/src/main.ts index f57e82208..12997f4e3 100644 --- a/web/src/main.ts +++ b/web/src/main.ts @@ -8,7 +8,6 @@ import "./elements/buttons/ModalButton"; import "./elements/buttons/SpinnerButton"; import "./elements/CodeMirror"; -import "./pages/tokens/UserTokenList"; import "./pages/generic/SiteShell"; import "./interfaces/AdminInterface"; import "./elements/messages/MessageContainer"; diff --git a/web/src/pages/users/UserDetailsPage.ts b/web/src/pages/users/UserDetailsPage.ts new file mode 100644 index 000000000..9ef3fb26c --- /dev/null +++ b/web/src/pages/users/UserDetailsPage.ts @@ -0,0 +1,151 @@ +import { gettext } from "django"; +import { CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element"; +import PFCard from "@patternfly/patternfly/components/Card/card.css"; +import AKGlobal from "../../authentik.css"; +import PFButton from "@patternfly/patternfly/components/Button/button.css"; +import PFBase from "@patternfly/patternfly/patternfly-base.css"; +import PFForm from "@patternfly/patternfly/components/Form/form.css"; +import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; +import { CoreApi, User } from "authentik-api"; +import { me } from "../../api/Users"; +import "../../elements/forms/FormElement"; +import "../../elements/EmptyState"; +import { FlowURLManager } from "../../api/legacy"; +import "@polymer/paper-input/paper-input"; +import "@polymer/iron-form/iron-form"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { PaperInputElement } from "@polymer/paper-input/paper-input"; +import { showMessage } from "../../elements/messages/MessageContainer"; + +export interface ErrorResponse { + [key: string]: string[]; +} + +@customElement("ak-form") +export class Form extends LitElement { + + @property() + successMessage = ""; + + @property() + send!: (data: Record) => Promise; + + submit(ev: Event): void { + ev.preventDefault(); + const ironForm = this.shadowRoot?.querySelector("iron-form"); + if (!ironForm) { + return; + } + const data = ironForm.serializeForm(); + this.send(data).then(() => { + showMessage({ + level_tag: "success", + message: this.successMessage + }); + }).catch((ex: Response) => { + if (ex.status > 399 && ex.status < 500) { + return ex.json(); + } + return ex; + }).then((errorMessage?: ErrorResponse) => { + if (!errorMessage) return; + const elements: PaperInputElement[] = ironForm._getSubmittableElements(); + elements.forEach((element) => { + const elementName = element.name; + if (!elementName) return; + if (elementName in errorMessage) { + element.errorMessage = errorMessage[elementName].join(", "); + element.invalid = true; + } + }); + }); + } + + render(): TemplateResult { + return html` { this.submit(ev); }}> + + `; + } + +} + +@customElement("ak-user-details") +export class UserDetailsPage extends LitElement { + + static get styles(): CSSResult[] { + return [PFBase, PFCard, PFForm, PFFormControl, PFButton, AKGlobal]; + } + + @property({attribute: false}) + user?: User; + + firstUpdated(): void { + me().then((user) => { + this.user = user.user; + }); + } + + render(): TemplateResult { + if (!this.user) { + return html` + `; + } + return html`
+
+ ${gettext("Update details")} +
+
+ { + return new CoreApi(DEFAULT_CONFIG).coreUsersUpdate({ + id: this.user?.pk || 0, + data: data as User + }); + }}> +
+ + +

${gettext("Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.")}

+ + +

${gettext("User's display name.")}

+ + + +
+
+
+ + + ${gettext("Delete account")} + +
+
+
+
+ +
+
`; + } + +} diff --git a/web/src/pages/users/UserSettingsPage.ts b/web/src/pages/users/UserSettingsPage.ts index eefdae207..75aa14574 100644 --- a/web/src/pages/users/UserSettingsPage.ts +++ b/web/src/pages/users/UserSettingsPage.ts @@ -18,8 +18,8 @@ import { DEFAULT_CONFIG } from "../../api/Config"; import { until } from "lit-html/directives/until"; import { ifDefined } from "lit-html/directives/if-defined"; import "../../elements/Tabs"; -import "../tokens/UserTokenList"; -import "../generic/SiteShell"; +import "./UserDetailsPage"; +import "./UserTokenList"; import "./settings/UserSettingsAuthenticatorTOTP"; import "./settings/UserSettingsAuthenticatorStatic"; import "./settings/UserSettingsAuthenticatorWebAuthnDevices"; @@ -48,13 +48,7 @@ export class UserSettingsPage extends LitElement { return html` `; default: - return html`
-
- -
- -
-
`; + return html`

${gettext(`Error: unsupported stage settings: ${stage.component}`)}

`; } } @@ -64,13 +58,7 @@ export class UserSettingsPage extends LitElement { return html` `; default: - return html`
-
- -
- -
-
`; + return html`

${gettext(`Error: unsupported source settings: ${source.component}`)}

`; } } @@ -88,16 +76,10 @@ export class UserSettingsPage extends LitElement {
-
-
- -
- -
-
+
- +
${until(new StagesApi(DEFAULT_CONFIG).stagesAllUserSettings({}).then((stages) => { return stages.map((stage) => { diff --git a/web/src/pages/tokens/UserTokenList.ts b/web/src/pages/users/UserTokenList.ts similarity index 99% rename from web/src/pages/tokens/UserTokenList.ts rename to web/src/pages/users/UserTokenList.ts index 56cec2b0d..4c1d21c36 100644 --- a/web/src/pages/tokens/UserTokenList.ts +++ b/web/src/pages/users/UserTokenList.ts @@ -12,7 +12,7 @@ import { CoreApi, Token } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; import { AdminURLManager } from "../../api/legacy"; -@customElement("ak-token-user-list") +@customElement("ak-user-token-list") export class UserTokenList extends Table { searchEnabled(): boolean { return true; From cfcf7aa2ae27ef0be2f82925afc5be096cccc8e5 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Mar 2021 09:52:19 +0100 Subject: [PATCH 02/60] web: separate forms into dedicated file Signed-off-by: Jens Langhammer --- web/src/elements/forms/Form.ts | 58 ++++++++++++++++++++++++++ web/src/pages/users/UserDetailsPage.ts | 56 +------------------------ 2 files changed, 59 insertions(+), 55 deletions(-) create mode 100644 web/src/elements/forms/Form.ts diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts new file mode 100644 index 000000000..823520a35 --- /dev/null +++ b/web/src/elements/forms/Form.ts @@ -0,0 +1,58 @@ +import "@polymer/paper-input/paper-input"; +import "@polymer/iron-form/iron-form"; +import { PaperInputElement } from "@polymer/paper-input/paper-input"; +import { showMessage } from "../../elements/messages/MessageContainer"; +import { customElement, html, LitElement, property, TemplateResult } from "lit-element"; + +export interface ErrorResponse { + [key: string]: string[]; +} + +@customElement("ak-form") +export class Form extends LitElement { + + @property() + successMessage = ""; + + @property() + send!: (data: Record) => Promise; + + submit(ev: Event): void { + ev.preventDefault(); + const ironForm = this.shadowRoot?.querySelector("iron-form"); + if (!ironForm) { + return; + } + const data = ironForm.serializeForm(); + this.send(data).then(() => { + showMessage({ + level_tag: "success", + message: this.successMessage + }); + }).catch((ex: Response) => { + if (ex.status > 399 && ex.status < 500) { + return ex.json(); + } + return ex; + }).then((errorMessage?: ErrorResponse) => { + if (!errorMessage) return; + const elements: PaperInputElement[] = ironForm._getSubmittableElements(); + elements.forEach((element) => { + const elementName = element.name; + if (!elementName) return; + if (elementName in errorMessage) { + element.errorMessage = errorMessage[elementName].join(", "); + element.invalid = true; + } + }); + }); + } + + render(): TemplateResult { + return html` { this.submit(ev); }}> + + `; + } + +} diff --git a/web/src/pages/users/UserDetailsPage.ts b/web/src/pages/users/UserDetailsPage.ts index 9ef3fb26c..6547dbccd 100644 --- a/web/src/pages/users/UserDetailsPage.ts +++ b/web/src/pages/users/UserDetailsPage.ts @@ -14,61 +14,7 @@ import { FlowURLManager } from "../../api/legacy"; import "@polymer/paper-input/paper-input"; import "@polymer/iron-form/iron-form"; import { DEFAULT_CONFIG } from "../../api/Config"; -import { PaperInputElement } from "@polymer/paper-input/paper-input"; -import { showMessage } from "../../elements/messages/MessageContainer"; - -export interface ErrorResponse { - [key: string]: string[]; -} - -@customElement("ak-form") -export class Form extends LitElement { - - @property() - successMessage = ""; - - @property() - send!: (data: Record) => Promise; - - submit(ev: Event): void { - ev.preventDefault(); - const ironForm = this.shadowRoot?.querySelector("iron-form"); - if (!ironForm) { - return; - } - const data = ironForm.serializeForm(); - this.send(data).then(() => { - showMessage({ - level_tag: "success", - message: this.successMessage - }); - }).catch((ex: Response) => { - if (ex.status > 399 && ex.status < 500) { - return ex.json(); - } - return ex; - }).then((errorMessage?: ErrorResponse) => { - if (!errorMessage) return; - const elements: PaperInputElement[] = ironForm._getSubmittableElements(); - elements.forEach((element) => { - const elementName = element.name; - if (!elementName) return; - if (elementName in errorMessage) { - element.errorMessage = errorMessage[elementName].join(", "); - element.invalid = true; - } - }); - }); - } - - render(): TemplateResult { - return html` { this.submit(ev); }}> - - `; - } - -} +import "../../elements/forms/Form"; @customElement("ak-user-details") export class UserDetailsPage extends LitElement { From 0b3980e5644d2144139c823ec6cc3eac07432096 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Mar 2021 10:07:10 +0100 Subject: [PATCH 03/60] web: fix URLs for FlowURLManager Signed-off-by: Jens Langhammer --- web/src/api/legacy.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/src/api/legacy.ts b/web/src/api/legacy.ts index 9e2c7734f..b24dfb43e 100644 --- a/web/src/api/legacy.ts +++ b/web/src/api/legacy.ts @@ -106,11 +106,11 @@ export class AppURLManager { export class FlowURLManager { static defaultUnenrollment(): string { - return "-/default/unenrollment/"; + return "/flows/-/default/unenrollment/"; } static configure(stageUuid: string, rest: string): string { - return `-/configure/${stageUuid}/${rest}`; + return `/flows/-/configure/${stageUuid}/${rest}`; } } From 469ba3a39188999bc0007261fc2b559110dffbab Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Mar 2021 10:07:23 +0100 Subject: [PATCH 04/60] web/flows: fix WebAuthn register stage Signed-off-by: Jens Langhammer --- .../WebAuthnAuthenticatorRegisterStage.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts b/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts index 84b10ca90..664086260 100644 --- a/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts +++ b/web/src/flows/stages/authenticator_webauthn/WebAuthnAuthenticatorRegisterStage.ts @@ -64,9 +64,9 @@ export class WebAuthnAuthenticatorRegisterStage extends BaseStage { // post the transformed credential data to the server for validation // and storing the public key try { - const formData = new FormData(); - formData.set("response", JSON.stringify(newAssertionForServer)); - await this.host?.submit(formData); + await this.host?.submit({ + response: newAssertionForServer + }); } catch (err) { throw new Error(gettext(`Server validation of credential failed: ${err}`)); } From 2fade4e604560db618e3fa96e44ad460fcc4d3f8 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Mar 2021 14:27:16 +0100 Subject: [PATCH 05/60] web/elements: add ModalForm Signed-off-by: Jens Langhammer --- web/src/elements/forms/Form.ts | 4 +- web/src/elements/forms/ModalForm.ts | 58 ++++++++++ web/src/pages/users/UserSettingsPage.ts | 2 +- .../pages/users/settings/BaseUserSettings.ts | 4 +- .../UserSettingsAuthenticatorWebAuthn.ts | 109 ++++++++++++++++++ ...serSettingsAuthenticatorWebAuthnDevices.ts | 71 ------------ 6 files changed, 173 insertions(+), 75 deletions(-) create mode 100644 web/src/elements/forms/ModalForm.ts create mode 100644 web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthn.ts delete mode 100644 web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthnDevices.ts diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index 823520a35..6d3b3ba05 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -17,14 +17,14 @@ export class Form extends LitElement { @property() send!: (data: Record) => Promise; - submit(ev: Event): void { + submit(ev: Event): Promise | undefined { ev.preventDefault(); const ironForm = this.shadowRoot?.querySelector("iron-form"); if (!ironForm) { return; } const data = ironForm.serializeForm(); - this.send(data).then(() => { + return this.send(data).then(() => { showMessage({ level_tag: "success", message: this.successMessage diff --git a/web/src/elements/forms/ModalForm.ts b/web/src/elements/forms/ModalForm.ts new file mode 100644 index 000000000..8538036ea --- /dev/null +++ b/web/src/elements/forms/ModalForm.ts @@ -0,0 +1,58 @@ +import { gettext } from "django"; +import { customElement, html, property, TemplateResult } from "lit-element"; +import { ModalButton } from "../buttons/ModalButton"; +import { Form } from "./Form"; + +@customElement("ak-forms-modal") +export class DeleteForm extends ModalButton { + + confirm(): void { + this.querySelectorAll
("ak-form").forEach(form => { + const formPromise = form.submit(new Event("submit")); + if (!formPromise) { + return; + } + formPromise.then(() => { + this.open = false; + }); + }); + } + + renderModalInner(): TemplateResult { + return html`
+
+

+ +

+
+
+
+
+
+
+
+ +
+
+
+
+
+
+ { + this.confirm(); + }} + class="pf-m-primary"> + +   + { + this.open = false; + }} + class="pf-m-secondary"> + ${gettext("Cancel")} + +
`; + } + +} diff --git a/web/src/pages/users/UserSettingsPage.ts b/web/src/pages/users/UserSettingsPage.ts index 75aa14574..d2fb255b0 100644 --- a/web/src/pages/users/UserSettingsPage.ts +++ b/web/src/pages/users/UserSettingsPage.ts @@ -22,7 +22,7 @@ import "./UserDetailsPage"; import "./UserTokenList"; import "./settings/UserSettingsAuthenticatorTOTP"; import "./settings/UserSettingsAuthenticatorStatic"; -import "./settings/UserSettingsAuthenticatorWebAuthnDevices"; +import "./settings/UserSettingsAuthenticatorWebAuthn"; import "./settings/UserSettingsPassword"; import "./settings/SourceSettingsOAuth"; diff --git a/web/src/pages/users/settings/BaseUserSettings.ts b/web/src/pages/users/settings/BaseUserSettings.ts index a4c6d5b5f..5fbd68a99 100644 --- a/web/src/pages/users/settings/BaseUserSettings.ts +++ b/web/src/pages/users/settings/BaseUserSettings.ts @@ -3,6 +3,8 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css"; import PFCard from "@patternfly/patternfly/components/Card/card.css"; import PFButton from "@patternfly/patternfly/components/Button/button.css"; import AKGlobal from "../../../authentik.css"; +import PFForm from "@patternfly/patternfly/components/Form/form.css"; +import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; export abstract class BaseUserSettings extends LitElement { @@ -10,7 +12,7 @@ export abstract class BaseUserSettings extends LitElement { objectId!: string; static get styles(): CSSResult[] { - return [PFBase, PFCard, PFButton, AKGlobal]; + return [PFBase, PFCard, PFButton, PFForm, PFFormControl, AKGlobal]; } } diff --git a/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthn.ts b/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthn.ts new file mode 100644 index 000000000..9a9425777 --- /dev/null +++ b/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthn.ts @@ -0,0 +1,109 @@ +import { CSSResult, customElement, html, TemplateResult } from "lit-element"; +import { gettext } from "django"; +import { AuthenticatorsApi, StagesApi, WebAuthnDevice } from "authentik-api"; +import { until } from "lit-html/directives/until"; +import { FlowURLManager } from "../../../api/legacy"; +import { DEFAULT_CONFIG } from "../../../api/Config"; +import { BaseUserSettings } from "./BaseUserSettings"; +import PFDataList from "@patternfly/patternfly/components/DataList/data-list.css"; +import "../../../elements/buttons/ModalButton"; +import "../../../elements/buttons/SpinnerButton"; +import "../../../elements/forms/DeleteForm"; +import "../../../elements/forms/Form"; +import "../../../elements/forms/ModalForm"; + +@customElement("ak-user-settings-authenticator-webauthn") +export class UserSettingsAuthenticatorWebAuthn extends BaseUserSettings { + + static get styles(): CSSResult[] { + return super.styles.concat(PFDataList); + } + + renderDelete(device: WebAuthnDevice): TemplateResult { + return html` { + return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsWebauthnDelete({ + id: device.pk || 0 + }); + }}> + + `; + } + + renderUpdate(device: WebAuthnDevice): TemplateResult { + return html` + + ${gettext("Update")} + + + ${gettext("Update")} + + { + return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsWebauthnUpdate({ + id: device.pk || 0, + data: data as WebAuthnDevice + }); + }}> + + + + + + +
`; + } + + render(): TemplateResult { + return html`
+
+ ${gettext("WebAuthn Devices")} +
+
+
    + ${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsWebauthnList({}).then((devices) => { + return devices.results.map((device) => { + return html`
  • +
    +
    +
    ${device.name || "-"}
    +
    + ${gettext(`Created ${device.createdOn?.toLocaleString()}`)} +
    +
    + ${this.renderUpdate(device)} + ${this.renderDelete(device)} +
    +
    +
    +
    • `; + }); + }))} +
+
+
+ ${until(new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnRead({ stageUuid: this.objectId}).then((stage) => { + if (stage.configureFlow) { + return html`${gettext("Configure WebAuthn")} + `; + } + return html``; + }))} +
+
`; + } + +} diff --git a/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthnDevices.ts b/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthnDevices.ts deleted file mode 100644 index e4a306103..000000000 --- a/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthnDevices.ts +++ /dev/null @@ -1,71 +0,0 @@ -import { customElement, html, TemplateResult } from "lit-element"; -import { gettext } from "django"; -import { AuthenticatorsApi, StagesApi } from "authentik-api"; -import { until } from "lit-html/directives/until"; -import { FlowURLManager, UserURLManager } from "../../../api/legacy"; -import { DEFAULT_CONFIG } from "../../../api/Config"; -import { BaseUserSettings } from "./BaseUserSettings"; -import "../../../elements/buttons/ModalButton"; -import "../../../elements/buttons/SpinnerButton"; -import "../../../elements/forms/DeleteForm"; - -@customElement("ak-user-settings-authenticator-webauthn") -export class UserSettingsAuthenticatorWebAuthnDevices extends BaseUserSettings { - - render(): TemplateResult { - return html`
-
- ${gettext("WebAuthn Devices")} -
-
-
    - ${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsWebauthnList({}).then((devices) => { - return devices.results.map((device) => { - return html`
  • -
    -
    -
    ${device.name || "-"}
    -
    - ${gettext(`Created ${device.createdOn?.toLocaleString()}`)} -
    -
    - - - ${gettext("Update")} - -
    -     - { - return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsWebauthnDelete({ - id: device.pk || 0 - }); - }}> - - -
    -
    -
    -
    • `; - }); - }))} -
-
-
- ${until(new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnRead({ stageUuid: this.objectId}).then((stage) => { - if (stage.configureFlow) { - return html`${gettext("Configure WebAuthn")} - `; - } - return html``; - }))} -
-
`; - } - -} From 02212406c4e1666221ffdf6181a28e7d1cce7fca Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Mar 2021 21:39:49 +0100 Subject: [PATCH 06/60] web: start migrating: groups form Signed-off-by: Jens Langhammer --- web/package-lock.json | 43 +++++++++++++++++++++++ web/package.json | 1 + web/src/authentik.css | 7 ++-- web/src/elements/forms/Form.ts | 35 ++++++++++++++----- web/src/elements/forms/ModalForm.ts | 4 +-- web/src/pages/groups/GroupForm.ts | 49 +++++++++++++++++++++++++++ web/src/pages/groups/GroupListPage.ts | 19 ++++++++--- web/src/pages/users/UserTokenList.ts | 2 +- 8 files changed, 141 insertions(+), 19 deletions(-) create mode 100644 web/src/pages/groups/GroupForm.ts diff --git a/web/package-lock.json b/web/package-lock.json index 4efea8bd9..6933a88ac 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -182,6 +182,16 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/iron-checked-element-behavior": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-checked-element-behavior/-/iron-checked-element-behavior-3.0.1.tgz", + "integrity": "sha512-aDr0cbCNVq49q+pOqa6CZutFh+wWpwPMLpEth9swx+GkAj+gCURhuQkaUYhIo5f2egDbEioR1aeHMnPlU9dQZA==", + "requires": { + "@polymer/iron-form-element-behavior": "^3.0.0-pre.26", + "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/iron-flex-layout": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/iron-flex-layout/-/iron-flex-layout-3.0.1.tgz", @@ -234,6 +244,30 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/paper-behaviors": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/paper-behaviors/-/paper-behaviors-3.0.1.tgz", + "integrity": "sha512-6knhj69fPJejv8qR0kCSUY+Q0XjaUf0OSnkjRjmTJPAwSrRYtgqE+l6P1FfA+py1X/cUjgne9EF5rMZAKJIg1g==", + "requires": { + "@polymer/iron-behaviors": "^3.0.0-pre.26", + "@polymer/iron-checked-element-behavior": "^3.0.0-pre.26", + "@polymer/paper-ripple": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/paper-checkbox": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@polymer/paper-checkbox/-/paper-checkbox-3.1.0.tgz", + "integrity": "sha512-kXm6yDG1tT8if0XuJ2cc9NF+g8Ev4wG+rnf0a+Sx+O7J6fn1jcnBlYn72FlrfjVjDQZDBFmT6nynhD5PvFw8iQ==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/iron-checked-element-behavior": "^3.0.0-pre.26", + "@polymer/paper-behaviors": "^3.0.0-pre.27", + "@polymer/paper-ripple": "^3.0.0-pre.26", + "@polymer/paper-styles": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/paper-input": { "version": "3.2.1", "resolved": "https://registry.npmjs.org/@polymer/paper-input/-/paper-input-3.2.1.tgz", @@ -248,6 +282,15 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/paper-ripple": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@polymer/paper-ripple/-/paper-ripple-3.0.2.tgz", + "integrity": "sha512-DnLNvYIMsiayeICroYxx6Q6Hg1cUU8HN2sbutXazlemAlGqdq80qz3TIaVdbpbt/pvjcFGX2HtntMlPstCge8Q==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/paper-styles": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/paper-styles/-/paper-styles-3.0.1.tgz", diff --git a/web/package.json b/web/package.json index 9921a4efa..235074cdd 100644 --- a/web/package.json +++ b/web/package.json @@ -13,6 +13,7 @@ "@fortawesome/fontawesome-free": "^5.15.3", "@patternfly/patternfly": "^4.90.5", "@polymer/iron-form": "^3.0.1", + "@polymer/paper-checkbox": "^3.1.0", "@polymer/paper-input": "^3.2.1", "@sentry/browser": "^6.2.3", "@sentry/tracing": "^6.2.3", diff --git a/web/src/authentik.css b/web/src/authentik.css index 3cf2133ce..29559ee42 100644 --- a/web/src/authentik.css +++ b/web/src/authentik.css @@ -103,8 +103,11 @@ body { } paper-input { - /* --paper-input-container-color: var(--ak-accent); */ - --paper-input-container-input-color: var(--ak-dark-foreground); + /* --paper-input-container-input-color: var(--ak-dark-foreground); */ + --primary-text-color: var(--ak-dark-foreground); + } + paper-checkbox { + --primary-text-color: var(--ak-dark-foreground); } /* Global page background colour */ diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index 6d3b3ba05..81907318f 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -2,40 +2,52 @@ import "@polymer/paper-input/paper-input"; import "@polymer/iron-form/iron-form"; import { PaperInputElement } from "@polymer/paper-input/paper-input"; import { showMessage } from "../../elements/messages/MessageContainer"; -import { customElement, html, LitElement, property, TemplateResult } from "lit-element"; +import { CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element"; +import PFBase from "@patternfly/patternfly/patternfly-base.css"; +import PFCard from "@patternfly/patternfly/components/Card/card.css"; +import PFButton from "@patternfly/patternfly/components/Button/button.css"; +import AKGlobal from "../../authentik.css"; +import PFForm from "@patternfly/patternfly/components/Form/form.css"; +import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; export interface ErrorResponse { [key: string]: string[]; } @customElement("ak-form") -export class Form extends LitElement { +export class Form extends LitElement { @property() successMessage = ""; @property() - send!: (data: Record) => Promise; + send!: (data: T) => Promise; - submit(ev: Event): Promise | undefined { + static get styles(): CSSResult[] { + return [PFBase, PFCard, PFButton, PFForm, PFFormControl, AKGlobal]; + } + + submit(ev: Event): Promise | undefined { ev.preventDefault(); const ironForm = this.shadowRoot?.querySelector("iron-form"); if (!ironForm) { + console.warn("authentik/forms: failed to find iron-form"); return; } - const data = ironForm.serializeForm(); - return this.send(data).then(() => { + const data = ironForm.serializeForm() as T; + return this.send(data).then((r) => { showMessage({ level_tag: "success", message: this.successMessage }); + return r; }).catch((ex: Response) => { if (ex.status > 399 && ex.status < 500) { return ex.json(); } return ex; - }).then((errorMessage?: ErrorResponse) => { - if (!errorMessage) return; + }).then((errorMessage: ErrorResponse) => { + if (!errorMessage) return errorMessage; const elements: PaperInputElement[] = ironForm._getSubmittableElements(); elements.forEach((element) => { const elementName = element.name; @@ -45,13 +57,18 @@ export class Form extends LitElement { element.invalid = true; } }); + return errorMessage; }); } + renderForm(): TemplateResult { + return html``; + } + render(): TemplateResult { return html` { this.submit(ev); }}> - + ${this.renderForm()} `; } diff --git a/web/src/elements/forms/ModalForm.ts b/web/src/elements/forms/ModalForm.ts index 8538036ea..aeaa38416 100644 --- a/web/src/elements/forms/ModalForm.ts +++ b/web/src/elements/forms/ModalForm.ts @@ -4,10 +4,10 @@ import { ModalButton } from "../buttons/ModalButton"; import { Form } from "./Form"; @customElement("ak-forms-modal") -export class DeleteForm extends ModalButton { +export class ModalForm extends ModalButton { confirm(): void { - this.querySelectorAll
("ak-form").forEach(form => { + this.querySelectorAll>("ak-form").forEach(form => { const formPromise = form.submit(new Event("submit")); if (!formPromise) { return; diff --git a/web/src/pages/groups/GroupForm.ts b/web/src/pages/groups/GroupForm.ts new file mode 100644 index 000000000..6e2cb3678 --- /dev/null +++ b/web/src/pages/groups/GroupForm.ts @@ -0,0 +1,49 @@ +import { CoreApi, Group } from "authentik-api"; +import { gettext } from "django"; +import { customElement, property } from "lit-element"; +import { html, TemplateResult } from "lit-html"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { Form } from "../../elements/forms/Form"; +import { ifDefined } from "lit-html/directives/if-defined"; +import "@polymer/paper-input/paper-input"; +import "@polymer/iron-form/iron-form"; +import '@polymer/paper-checkbox/paper-checkbox.js'; + +@customElement("ak-group-form") +export class GroupForm extends Form { + + @property({attribute: false}) + group?: Group; + + send = (data: Group): Promise => { + if (this.group) { + return new CoreApi(DEFAULT_CONFIG).coreGroupsUpdate({ + groupUuid: this.group.pk || "", + data: data + }); + } else { + return new CoreApi(DEFAULT_CONFIG).coreGroupsCreate({ + data: data + }); + } + }; + + renderForm(): TemplateResult { + return html` + + + + ${gettext("Is superuser")} + +

${gettext("Users added to this group will be superusers.")}

+ `; + } + +} diff --git a/web/src/pages/groups/GroupListPage.ts b/web/src/pages/groups/GroupListPage.ts index fd4bf00ae..cdaee5797 100644 --- a/web/src/pages/groups/GroupListPage.ts +++ b/web/src/pages/groups/GroupListPage.ts @@ -11,6 +11,8 @@ import { PAGE_SIZE } from "../../constants"; import { CoreApi, Group } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; import { AdminURLManager } from "../../api/legacy"; +import "../../elements/forms/ModalForm"; +import "./GroupForm"; @customElement("ak-group-list") export class GroupListPage extends TablePage { @@ -56,12 +58,19 @@ export class GroupListPage extends TablePage { html`${item.users.keys.length}`, html`${item.isSuperuser ? "Yes" : "No"}`, html` - - + + + ${gettext("Update")} + + + ${gettext("Update Group")} + + + + + { renderToolbar(): TemplateResult { return html` - + ${gettext("Create")} From 72cca0473a59c77add7aa76159bee7e9a9dc3d77 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Mar 2021 22:07:54 +0100 Subject: [PATCH 07/60] web/elements: throw error in form Signed-off-by: Jens Langhammer --- web/src/elements/forms/Form.ts | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index 81907318f..a5cc50006 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -10,10 +10,18 @@ import AKGlobal from "../../authentik.css"; import PFForm from "@patternfly/patternfly/components/Form/form.css"; import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; -export interface ErrorResponse { +interface ErrorResponse { [key: string]: string[]; } +export class APIError extends Error { + + constructor(public response: ErrorResponse) { + super(); + } + +} + @customElement("ak-form") export class Form extends LitElement { @@ -27,7 +35,7 @@ export class Form extends LitElement { return [PFBase, PFCard, PFButton, PFForm, PFFormControl, AKGlobal]; } - submit(ev: Event): Promise | undefined { + submit(ev: Event): Promise | undefined { ev.preventDefault(); const ironForm = this.shadowRoot?.querySelector("iron-form"); if (!ironForm) { @@ -57,7 +65,7 @@ export class Form extends LitElement { element.invalid = true; } }); - return errorMessage; + throw new APIError(errorMessage); }); } From 2e58982419eb307b1c17fd93889889086efd4f34 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Mar 2021 22:08:09 +0100 Subject: [PATCH 08/60] web/elements: fix detection of inner forms, catch errors and don't close modal Signed-off-by: Jens Langhammer --- web/src/elements/forms/ModalForm.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/web/src/elements/forms/ModalForm.ts b/web/src/elements/forms/ModalForm.ts index aeaa38416..194c7b21e 100644 --- a/web/src/elements/forms/ModalForm.ts +++ b/web/src/elements/forms/ModalForm.ts @@ -7,13 +7,15 @@ import { Form } from "./Form"; export class ModalForm extends ModalButton { confirm(): void { - this.querySelectorAll>("ak-form").forEach(form => { + this.querySelectorAll>("[slot=form]").forEach(form => { const formPromise = form.submit(new Event("submit")); if (!formPromise) { return; } - formPromise.then(() => { + formPromise.then((a) => { this.open = false; + }).catch((e) => { + console.log(e); }); }); } From 32fb90e056b8d2668cfebc0cbf181be033a921a5 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 27 Mar 2021 15:53:54 +0100 Subject: [PATCH 09/60] core: include full users in group API Signed-off-by: Jens Langhammer --- authentik/core/api/groups.py | 4 ++ swagger.yaml | 117 ++++++++++++++++++++++++----------- 2 files changed, 86 insertions(+), 35 deletions(-) diff --git a/authentik/core/api/groups.py b/authentik/core/api/groups.py index 2ca259fb4..801d5e618 100644 --- a/authentik/core/api/groups.py +++ b/authentik/core/api/groups.py @@ -2,16 +2,20 @@ from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet +from authentik.core.api.users import UserSerializer from authentik.core.models import Group class GroupSerializer(ModelSerializer): """Group Serializer""" + users = UserSerializer(many=True) + class Meta: model = Group fields = ["pk", "name", "is_superuser", "parent", "users", "attributes"] + depth = 2 class GroupViewSet(ModelViewSet): diff --git a/swagger.yaml b/swagger.yaml index da9fcb68f..876f360ca 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -10934,42 +10934,7 @@ definitions: format: uuid readOnly: true uniqueItems: true - Group: - description: Group Serializer - required: - - name - - parent - - users - type: object - properties: - pk: - title: Group uuid - type: string - format: uuid - readOnly: true - name: - title: Name - type: string - maxLength: 80 - minLength: 1 - is_superuser: - title: Is superuser - description: Users added to this group will be superusers. - type: boolean - parent: - title: Parent - type: string - format: uuid - users: - type: array - items: - type: integer - uniqueItems: true - attributes: - title: Attributes - type: object User: - title: User description: User Serializer required: - username @@ -11020,6 +10985,88 @@ definitions: attributes: title: Attributes type: object + Group: + description: Group Serializer + required: + - name + - users + type: object + properties: + pk: + title: Group uuid + type: string + format: uuid + readOnly: true + name: + title: Name + type: string + maxLength: 80 + minLength: 1 + is_superuser: + title: Is superuser + description: Users added to this group will be superusers. + type: boolean + parent: + description: Custom Group model which supports a basic hierarchy + required: + - name + type: object + properties: + group_uuid: + title: Group uuid + type: string + format: uuid + readOnly: true + name: + title: Name + type: string + maxLength: 80 + minLength: 1 + is_superuser: + title: Is superuser + description: Users added to this group will be superusers. + type: boolean + attributes: + title: Attributes + type: object + parent: + description: Custom Group model which supports a basic hierarchy + required: + - name + - parent + type: object + properties: + group_uuid: + title: Group uuid + type: string + format: uuid + readOnly: true + name: + title: Name + type: string + maxLength: 80 + minLength: 1 + is_superuser: + title: Is superuser + description: Users added to this group will be superusers. + type: boolean + attributes: + title: Attributes + type: object + parent: + title: Parent + type: string + format: uuid + readOnly: true + readOnly: true + users: + description: '' + type: array + items: + $ref: '#/definitions/User' + attributes: + title: Attributes + type: object Token: description: Token Serializer required: From 2e6a264f98c0456cf462857406d833009b5e103d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 27 Mar 2021 23:38:53 +0100 Subject: [PATCH 10/60] web: migrate group forms Signed-off-by: Jens Langhammer --- web/package-lock.json | 159 ++++++++++++++++++++++++++ web/package.json | 4 + web/src/elements/forms/Form.ts | 11 +- web/src/pages/groups/GroupForm.ts | 38 +++++- web/src/pages/groups/GroupListPage.ts | 2 +- 5 files changed, 209 insertions(+), 5 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 9c5b8d550..f125fff3b 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -192,6 +192,25 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/iron-dropdown": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-dropdown/-/iron-dropdown-3.0.1.tgz", + "integrity": "sha512-22yLhepfcKjuQMfFmRHi/9MPKTqkzgRrmWWW0P5uqK++xle53k2QBO5VYUAYiCN3ZcxIi9lEhZ9YWGeQj2JBig==", + "requires": { + "@polymer/iron-behaviors": "^3.0.0-pre.26", + "@polymer/iron-overlay-behavior": "^3.0.0-pre.27", + "@polymer/neon-animation": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-fit-behavior": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@polymer/iron-fit-behavior/-/iron-fit-behavior-3.1.0.tgz", + "integrity": "sha512-ABcgIYqrjhmUT8tiuolqeGttF/8pd3sEymUDrO1vXbZu4FWIvoLNndrMDFvs++AGd12Mjf5pYy84NJc6dB8Vig==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/iron-flex-layout": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/iron-flex-layout/-/iron-flex-layout-3.0.1.tgz", @@ -217,6 +236,25 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/iron-icon": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-icon/-/iron-icon-3.0.1.tgz", + "integrity": "sha512-QLPwirk+UPZNaLnMew9VludXA4CWUCenRewgEcGYwdzVgDPCDbXxy6vRJjmweZobMQv/oVLppT2JZtJFnPxX6g==", + "requires": { + "@polymer/iron-flex-layout": "^3.0.0-pre.26", + "@polymer/iron-meta": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-iconset-svg": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-iconset-svg/-/iron-iconset-svg-3.0.1.tgz", + "integrity": "sha512-XNwURbNHRw6u2fJe05O5fMYye6GSgDlDqCO+q6K1zAnKIrpgZwf2vTkBd5uCcZwsN0FyCB3mvNZx4jkh85dRDw==", + "requires": { + "@polymer/iron-meta": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/iron-input": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/iron-input/-/iron-input-3.0.1.tgz", @@ -227,6 +265,28 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/iron-list": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@polymer/iron-list/-/iron-list-3.1.0.tgz", + "integrity": "sha512-Eiv6xd3h3oPmn8SXFntXVfC3ZnegH+KHAxiKLKcOASFSRY3mHnr2AdcnExUJ9ItoCMA5UzKaM/0U22eWzGERtA==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/iron-resizable-behavior": "^3.0.0-pre.26", + "@polymer/iron-scroll-target-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-menu-behavior": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@polymer/iron-menu-behavior/-/iron-menu-behavior-3.0.2.tgz", + "integrity": "sha512-8dpASkFNBIkxAJWsFLWIO1M7tKM0+wKs3PqdeF/dDdBciwoaaFgC2K1XCZFZnbe2t9/nJgemXxVugGZAWpYCGg==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/iron-flex-layout": "^3.0.0-pre.26", + "@polymer/iron-selector": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/iron-meta": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/iron-meta/-/iron-meta-3.0.1.tgz", @@ -235,6 +295,41 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/iron-overlay-behavior": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@polymer/iron-overlay-behavior/-/iron-overlay-behavior-3.0.3.tgz", + "integrity": "sha512-Q/Fp0+uOQQ145ebZ7T8Cxl4m1tUKYjyymkjcL2rXUm+aDQGb1wA1M1LYxUF5YBqd+9lipE0PTIiYwA2ZL/sznA==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/iron-fit-behavior": "^3.0.0-pre.26", + "@polymer/iron-resizable-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-resizable-behavior": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-resizable-behavior/-/iron-resizable-behavior-3.0.1.tgz", + "integrity": "sha512-FyHxRxFspVoRaeZSWpT3y0C9awomb4tXXolIJcZ7RvXhMP632V5lez+ch5G5SwK0LpnAPkg35eB0LPMFv+YMMQ==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-scroll-target-behavior": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-scroll-target-behavior/-/iron-scroll-target-behavior-3.0.1.tgz", + "integrity": "sha512-xg1WanG25BIkQE8rhuReqY9zx1K5M7F+YAIYpswEp5eyDIaZ1Y3vUmVeQ3KG+hiSugzI1M752azXN7kvyhOBcQ==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-selector": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-selector/-/iron-selector-3.0.1.tgz", + "integrity": "sha512-sBVk2uas6prW0glUe2xEJJYlvxmYzM40Au9OKbfDK2Qekou/fLKcBRyIYI39kuI8zWRaip8f3CI8qXcUHnKb1A==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/iron-validatable-behavior": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/iron-validatable-behavior/-/iron-validatable-behavior-3.0.1.tgz", @@ -244,6 +339,16 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/neon-animation": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/neon-animation/-/neon-animation-3.0.1.tgz", + "integrity": "sha512-cDDc0llpVCe0ATbDS3clDthI54Bc8YwZIeTGGmBJleKOvbRTUC5+ssJmRL+VwVh+VM5FlnQlx760ppftY3uprg==", + "requires": { + "@polymer/iron-resizable-behavior": "^3.0.0-pre.26", + "@polymer/iron-selector": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/paper-behaviors": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/paper-behaviors/-/paper-behaviors-3.0.1.tgz", @@ -268,6 +373,24 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/paper-dropdown-menu": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@polymer/paper-dropdown-menu/-/paper-dropdown-menu-3.2.0.tgz", + "integrity": "sha512-2ohwSHF+RLSK6kA0UkkMiMQF6EZcaEYWAA25kfisI6DWie7yozKrpQNsqvwfOEHU6DdDMIotrOtH1TM88YS8Zg==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/iron-form-element-behavior": "^3.0.0-pre.26", + "@polymer/iron-icon": "^3.0.0-pre.26", + "@polymer/iron-iconset-svg": "^3.0.0-pre.26", + "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", + "@polymer/paper-behaviors": "^3.0.0-pre.27", + "@polymer/paper-input": "^3.1.0", + "@polymer/paper-menu-button": "^3.1.0", + "@polymer/paper-ripple": "^3.0.0-pre.26", + "@polymer/paper-styles": "^3.0.0-pre.26", + "@polymer/polymer": "^3.3.1" + } + }, "@polymer/paper-input": { "version": "3.2.1", "resolved": "https://registry.npmjs.org/@polymer/paper-input/-/paper-input-3.2.1.tgz", @@ -282,6 +405,42 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/paper-item": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/paper-item/-/paper-item-3.0.1.tgz", + "integrity": "sha512-KTk2N+GsYiI/HuubL3sxebZ6tteQbBOAp4QVLAnbjSPmwl+mJSDWk+omuadesU0bpkCwaWVs3fHuQsmXxy4pkw==", + "requires": { + "@polymer/iron-behaviors": "^3.0.0-pre.26", + "@polymer/iron-flex-layout": "^3.0.0-pre.26", + "@polymer/paper-styles": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/paper-listbox": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/paper-listbox/-/paper-listbox-3.0.1.tgz", + "integrity": "sha512-vMLWFpYcggAPmEDBmK+96fFefacOG3GLB1EguTn8+ZkqI+328hNfw1MzHjH68rgCIIUtjmm+9qgB1Sy/MN0a/A==", + "requires": { + "@polymer/iron-behaviors": "^3.0.0-pre.26", + "@polymer/iron-menu-behavior": "^3.0.0-pre.26", + "@polymer/paper-styles": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/paper-menu-button": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@polymer/paper-menu-button/-/paper-menu-button-3.1.0.tgz", + "integrity": "sha512-q0G0/rvYD/FFmIBMGCQWjfXzRqwFw9+WHSYV4uOQzM1Ln8LMXSAd+2CENsbVwtMh6fmBePj15ZlU8SM2dt1WDQ==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/iron-behaviors": "^3.0.0-pre.26", + "@polymer/iron-dropdown": "^3.0.0-pre.26", + "@polymer/iron-fit-behavior": "^3.1.0", + "@polymer/neon-animation": "^3.0.0-pre.26", + "@polymer/paper-styles": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/paper-ripple": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/@polymer/paper-ripple/-/paper-ripple-3.0.2.tgz", diff --git a/web/package.json b/web/package.json index ec0f39b67..40d4c5203 100644 --- a/web/package.json +++ b/web/package.json @@ -14,7 +14,10 @@ "@patternfly/patternfly": "^4.90.5", "@polymer/iron-form": "^3.0.1", "@polymer/paper-checkbox": "^3.1.0", + "@polymer/paper-dropdown-menu": "^3.2.0", "@polymer/paper-input": "^3.2.1", + "@polymer/paper-item": "^3.0.1", + "@polymer/paper-listbox": "^3.0.1", "@sentry/browser": "^6.2.3", "@sentry/tracing": "^6.2.3", "@types/chart.js": "^2.9.31", @@ -28,6 +31,7 @@ "flowchart.js": "^1.15.0", "lit-element": "^2.4.0", "lit-html": "^1.3.0", + "multiselect-combo-box": "^2.5.0-beta.3", "rapidoc": "^8.4.9", "rollup": "^2.42.4", "rollup-plugin-copy": "^3.4.0", diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index a5cc50006..fd12a6785 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -2,13 +2,14 @@ import "@polymer/paper-input/paper-input"; import "@polymer/iron-form/iron-form"; import { PaperInputElement } from "@polymer/paper-input/paper-input"; import { showMessage } from "../../elements/messages/MessageContainer"; -import { CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element"; +import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element"; import PFBase from "@patternfly/patternfly/patternfly-base.css"; import PFCard from "@patternfly/patternfly/components/Card/card.css"; import PFButton from "@patternfly/patternfly/components/Button/button.css"; import AKGlobal from "../../authentik.css"; import PFForm from "@patternfly/patternfly/components/Form/form.css"; import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; +import { MessageLevel } from "../messages/Message"; interface ErrorResponse { [key: string]: string[]; @@ -32,7 +33,11 @@ export class Form extends LitElement { send!: (data: T) => Promise; static get styles(): CSSResult[] { - return [PFBase, PFCard, PFButton, PFForm, PFFormControl, AKGlobal]; + return [PFBase, PFCard, PFButton, PFForm, PFFormControl, AKGlobal, css` + select[multiple] { + height: 15em; + } + `]; } submit(ev: Event): Promise | undefined { @@ -45,7 +50,7 @@ export class Form extends LitElement { const data = ironForm.serializeForm() as T; return this.send(data).then((r) => { showMessage({ - level_tag: "success", + level: MessageLevel.success, message: this.successMessage }); return r; diff --git a/web/src/pages/groups/GroupForm.ts b/web/src/pages/groups/GroupForm.ts index 6e2cb3678..6ad02c63f 100644 --- a/web/src/pages/groups/GroupForm.ts +++ b/web/src/pages/groups/GroupForm.ts @@ -7,7 +7,11 @@ import { Form } from "../../elements/forms/Form"; import { ifDefined } from "lit-html/directives/if-defined"; import "@polymer/paper-input/paper-input"; import "@polymer/iron-form/iron-form"; -import '@polymer/paper-checkbox/paper-checkbox.js'; +import '@polymer/paper-checkbox/paper-checkbox'; +import '@polymer/paper-dropdown-menu/paper-dropdown-menu'; +import '@polymer/paper-listbox/paper-listbox'; +import '@polymer/paper-item/paper-item'; +import { until } from "lit-html/directives/until"; @customElement("ak-group-form") export class GroupForm extends Form { @@ -43,6 +47,38 @@ export class GroupForm extends Form { ${gettext("Is superuser")}

${gettext("Users added to this group will be superusers.")}

+ + + ${gettext("No parent")} + ${until(new CoreApi(DEFAULT_CONFIG).coreGroupsList({}).then(groups => { + return groups.results.map(group => { + return html`${group.name}`; + }) + }), html``)} + + +
+
+ +
+
+
+ +

${gettext("Hold control/command to select multiple items.")}

+
+
+
`; } diff --git a/web/src/pages/groups/GroupListPage.ts b/web/src/pages/groups/GroupListPage.ts index cdaee5797..c5183ba8e 100644 --- a/web/src/pages/groups/GroupListPage.ts +++ b/web/src/pages/groups/GroupListPage.ts @@ -55,7 +55,7 @@ export class GroupListPage extends TablePage { return [ html`${item.name}`, html`${item.parent || "-"}`, - html`${item.users.keys.length}`, + html`${item.users?.keys.length}`, html`${item.isSuperuser ? "Yes" : "No"}`, html` From 926636c331b206e85139179fd10607ff108ebc1a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 27 Mar 2021 23:39:28 +0100 Subject: [PATCH 11/60] web: fix error handling in forms for non-server errors Signed-off-by: Jens Langhammer --- web/src/elements/forms/Form.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index fd12a6785..6a7c84282 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -59,8 +59,11 @@ export class Form extends LitElement { return ex.json(); } return ex; - }).then((errorMessage: ErrorResponse) => { + }).then((errorMessage: ErrorResponse | Error) => { if (!errorMessage) return errorMessage; + if (errorMessage instanceof Error) { + throw errorMessage; + } const elements: PaperInputElement[] = ironForm._getSubmittableElements(); elements.forEach((element) => { const elementName = element.name; From bd9c0efab73c51199aaa0c3ad3ccc590dd4e28e8 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 28 Mar 2021 22:03:48 +0200 Subject: [PATCH 12/60] core: use only user ids for group Signed-off-by: Jens Langhammer --- authentik/core/api/groups.py | 4 -- swagger.yaml | 117 +++++++++++------------------------ 2 files changed, 35 insertions(+), 86 deletions(-) diff --git a/authentik/core/api/groups.py b/authentik/core/api/groups.py index 801d5e618..2ca259fb4 100644 --- a/authentik/core/api/groups.py +++ b/authentik/core/api/groups.py @@ -2,20 +2,16 @@ from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet -from authentik.core.api.users import UserSerializer from authentik.core.models import Group class GroupSerializer(ModelSerializer): """Group Serializer""" - users = UserSerializer(many=True) - class Meta: model = Group fields = ["pk", "name", "is_superuser", "parent", "users", "attributes"] - depth = 2 class GroupViewSet(ModelViewSet): diff --git a/swagger.yaml b/swagger.yaml index 876f360ca..da9fcb68f 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -10934,7 +10934,42 @@ definitions: format: uuid readOnly: true uniqueItems: true + Group: + description: Group Serializer + required: + - name + - parent + - users + type: object + properties: + pk: + title: Group uuid + type: string + format: uuid + readOnly: true + name: + title: Name + type: string + maxLength: 80 + minLength: 1 + is_superuser: + title: Is superuser + description: Users added to this group will be superusers. + type: boolean + parent: + title: Parent + type: string + format: uuid + users: + type: array + items: + type: integer + uniqueItems: true + attributes: + title: Attributes + type: object User: + title: User description: User Serializer required: - username @@ -10985,88 +11020,6 @@ definitions: attributes: title: Attributes type: object - Group: - description: Group Serializer - required: - - name - - users - type: object - properties: - pk: - title: Group uuid - type: string - format: uuid - readOnly: true - name: - title: Name - type: string - maxLength: 80 - minLength: 1 - is_superuser: - title: Is superuser - description: Users added to this group will be superusers. - type: boolean - parent: - description: Custom Group model which supports a basic hierarchy - required: - - name - type: object - properties: - group_uuid: - title: Group uuid - type: string - format: uuid - readOnly: true - name: - title: Name - type: string - maxLength: 80 - minLength: 1 - is_superuser: - title: Is superuser - description: Users added to this group will be superusers. - type: boolean - attributes: - title: Attributes - type: object - parent: - description: Custom Group model which supports a basic hierarchy - required: - - name - - parent - type: object - properties: - group_uuid: - title: Group uuid - type: string - format: uuid - readOnly: true - name: - title: Name - type: string - maxLength: 80 - minLength: 1 - is_superuser: - title: Is superuser - description: Users added to this group will be superusers. - type: boolean - attributes: - title: Attributes - type: object - parent: - title: Parent - type: string - format: uuid - readOnly: true - readOnly: true - users: - description: '' - type: array - items: - $ref: '#/definitions/User' - attributes: - title: Attributes - type: object Token: description: Token Serializer required: From 768d72ec24b702bdba0c1d7138fefb9b8225a8a9 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 28 Mar 2021 22:07:11 +0200 Subject: [PATCH 13/60] web/admin: implement groupform using webcomponents Signed-off-by: Jens Langhammer --- web/package-lock.json | 310 ---------------------------- web/package.json | 6 - web/src/elements/forms/Form.ts | 54 +++-- web/src/elements/forms/ModalForm.ts | 4 +- web/src/elements/forms/utils.ts | 16 ++ web/src/pages/groups/GroupForm.ts | 87 ++++---- 6 files changed, 91 insertions(+), 386 deletions(-) create mode 100644 web/src/elements/forms/utils.ts diff --git a/web/package-lock.json b/web/package-lock.json index f125fff3b..1026420cd 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -133,27 +133,6 @@ "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.90.5.tgz", "integrity": "sha512-Fe0C8UkzSjtacQ+fHXlFB/LHzrv/c2K4z479C6dboOgkGQE1FyB0wt1NBfxij0D++rhOy04OOYdE+Tr0JSlZKw==" }, - "@polymer/font-roboto": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/@polymer/font-roboto/-/font-roboto-3.0.2.tgz", - "integrity": "sha512-tx5TauYSmzsIvmSqepUPDYbs4/Ejz2XbZ1IkD7JEGqkdNUJlh+9KU85G56Tfdk/xjEZ8zorFfN09OSwiMrIQWA==" - }, - "@polymer/iron-a11y-announcer": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@polymer/iron-a11y-announcer/-/iron-a11y-announcer-3.1.0.tgz", - "integrity": "sha512-lc5i4NKB8kSQHH0Hwu8WS3ym93m+J69OHJWSSBxwd17FI+h2wmgxDzeG9LI4ojMMck17/uc2pLe7g/UHt5/K/A==", - "requires": { - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-a11y-keys-behavior": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-a11y-keys-behavior/-/iron-a11y-keys-behavior-3.0.1.tgz", - "integrity": "sha512-lnrjKq3ysbBPT/74l0Fj0U9H9C35Tpw2C/tpJ8a+5g8Y3YJs1WSZYnEl1yOkw6sEyaxOq/1DkzH0+60gGu5/PQ==", - "requires": { - "@polymer/polymer": "^3.0.0" - } - }, "@polymer/iron-ajax": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/iron-ajax/-/iron-ajax-3.0.1.tgz", @@ -162,63 +141,6 @@ "@polymer/polymer": "^3.0.0" } }, - "@polymer/iron-autogrow-textarea": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@polymer/iron-autogrow-textarea/-/iron-autogrow-textarea-3.0.3.tgz", - "integrity": "sha512-5r0VkWrIlm0JIp5E5wlnvkw7slK72lFRZXncmrsLZF+6n1dg2rI8jt7xpFzSmUWrqpcyXwyKaGaDvUjl3j4JLA==", - "requires": { - "@polymer/iron-behaviors": "^3.0.0-pre.26", - "@polymer/iron-flex-layout": "^3.0.0-pre.26", - "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-behaviors": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-behaviors/-/iron-behaviors-3.0.1.tgz", - "integrity": "sha512-IMEwcv1lhf1HSQxuyWOUIL0lOBwmeaoSTpgCJeP9IBYnuB1SPQngmfRuHKgK6/m9LQ9F9miC7p3HeQQUdKAE0w==", - "requires": { - "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-checked-element-behavior": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-checked-element-behavior/-/iron-checked-element-behavior-3.0.1.tgz", - "integrity": "sha512-aDr0cbCNVq49q+pOqa6CZutFh+wWpwPMLpEth9swx+GkAj+gCURhuQkaUYhIo5f2egDbEioR1aeHMnPlU9dQZA==", - "requires": { - "@polymer/iron-form-element-behavior": "^3.0.0-pre.26", - "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-dropdown": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-dropdown/-/iron-dropdown-3.0.1.tgz", - "integrity": "sha512-22yLhepfcKjuQMfFmRHi/9MPKTqkzgRrmWWW0P5uqK++xle53k2QBO5VYUAYiCN3ZcxIi9lEhZ9YWGeQj2JBig==", - "requires": { - "@polymer/iron-behaviors": "^3.0.0-pre.26", - "@polymer/iron-overlay-behavior": "^3.0.0-pre.27", - "@polymer/neon-animation": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-fit-behavior": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@polymer/iron-fit-behavior/-/iron-fit-behavior-3.1.0.tgz", - "integrity": "sha512-ABcgIYqrjhmUT8tiuolqeGttF/8pd3sEymUDrO1vXbZu4FWIvoLNndrMDFvs++AGd12Mjf5pYy84NJc6dB8Vig==", - "requires": { - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-flex-layout": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-flex-layout/-/iron-flex-layout-3.0.1.tgz", - "integrity": "sha512-7gB869czArF+HZcPTVSgvA7tXYFze9EKckvM95NB7SqYF+NnsQyhoXgKnpFwGyo95lUjUW9TFDLUwDXnCYFtkw==", - "requires": { - "@polymer/polymer": "^3.0.0" - } - }, "@polymer/iron-form": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/iron-form/-/iron-form-3.0.1.tgz", @@ -228,238 +150,6 @@ "@polymer/polymer": "^3.0.0" } }, - "@polymer/iron-form-element-behavior": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-form-element-behavior/-/iron-form-element-behavior-3.0.1.tgz", - "integrity": "sha512-G/e2KXyL5AY7mMjmomHkGpgS0uAf4ovNpKhkuUTRnMuMJuf589bKqE85KN4ovE1Tzhv2hJoh/igyD6ekHiYU1A==", - "requires": { - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-icon": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-icon/-/iron-icon-3.0.1.tgz", - "integrity": "sha512-QLPwirk+UPZNaLnMew9VludXA4CWUCenRewgEcGYwdzVgDPCDbXxy6vRJjmweZobMQv/oVLppT2JZtJFnPxX6g==", - "requires": { - "@polymer/iron-flex-layout": "^3.0.0-pre.26", - "@polymer/iron-meta": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-iconset-svg": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-iconset-svg/-/iron-iconset-svg-3.0.1.tgz", - "integrity": "sha512-XNwURbNHRw6u2fJe05O5fMYye6GSgDlDqCO+q6K1zAnKIrpgZwf2vTkBd5uCcZwsN0FyCB3mvNZx4jkh85dRDw==", - "requires": { - "@polymer/iron-meta": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-input": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-input/-/iron-input-3.0.1.tgz", - "integrity": "sha512-WLx13kEcbH9GKbj9+pWR6pbJkA5kxn3796ynx6eQd2rueMyUfVTR3GzOvadBKsciUuIuzrxpBWZ2+3UcueVUQQ==", - "requires": { - "@polymer/iron-a11y-announcer": "^3.0.0-pre.26", - "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-list": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@polymer/iron-list/-/iron-list-3.1.0.tgz", - "integrity": "sha512-Eiv6xd3h3oPmn8SXFntXVfC3ZnegH+KHAxiKLKcOASFSRY3mHnr2AdcnExUJ9ItoCMA5UzKaM/0U22eWzGERtA==", - "requires": { - "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", - "@polymer/iron-resizable-behavior": "^3.0.0-pre.26", - "@polymer/iron-scroll-target-behavior": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-menu-behavior": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/@polymer/iron-menu-behavior/-/iron-menu-behavior-3.0.2.tgz", - "integrity": "sha512-8dpASkFNBIkxAJWsFLWIO1M7tKM0+wKs3PqdeF/dDdBciwoaaFgC2K1XCZFZnbe2t9/nJgemXxVugGZAWpYCGg==", - "requires": { - "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", - "@polymer/iron-flex-layout": "^3.0.0-pre.26", - "@polymer/iron-selector": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-meta": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-meta/-/iron-meta-3.0.1.tgz", - "integrity": "sha512-pWguPugiLYmWFV9UWxLWzZ6gm4wBwQdDy4VULKwdHCqR7OP7u98h+XDdGZsSlDPv6qoryV/e3tGHlTIT0mbzJA==", - "requires": { - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-overlay-behavior": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@polymer/iron-overlay-behavior/-/iron-overlay-behavior-3.0.3.tgz", - "integrity": "sha512-Q/Fp0+uOQQ145ebZ7T8Cxl4m1tUKYjyymkjcL2rXUm+aDQGb1wA1M1LYxUF5YBqd+9lipE0PTIiYwA2ZL/sznA==", - "requires": { - "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", - "@polymer/iron-fit-behavior": "^3.0.0-pre.26", - "@polymer/iron-resizable-behavior": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-resizable-behavior": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-resizable-behavior/-/iron-resizable-behavior-3.0.1.tgz", - "integrity": "sha512-FyHxRxFspVoRaeZSWpT3y0C9awomb4tXXolIJcZ7RvXhMP632V5lez+ch5G5SwK0LpnAPkg35eB0LPMFv+YMMQ==", - "requires": { - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-scroll-target-behavior": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-scroll-target-behavior/-/iron-scroll-target-behavior-3.0.1.tgz", - "integrity": "sha512-xg1WanG25BIkQE8rhuReqY9zx1K5M7F+YAIYpswEp5eyDIaZ1Y3vUmVeQ3KG+hiSugzI1M752azXN7kvyhOBcQ==", - "requires": { - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-selector": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-selector/-/iron-selector-3.0.1.tgz", - "integrity": "sha512-sBVk2uas6prW0glUe2xEJJYlvxmYzM40Au9OKbfDK2Qekou/fLKcBRyIYI39kuI8zWRaip8f3CI8qXcUHnKb1A==", - "requires": { - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/iron-validatable-behavior": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/iron-validatable-behavior/-/iron-validatable-behavior-3.0.1.tgz", - "integrity": "sha512-wwpYh6wOa4fNI+jH5EYKC7TVPYQ2OfgQqocWat7GsNWcsblKYhLYbwsvEY5nO0n2xKqNfZzDLrUom5INJN7msQ==", - "requires": { - "@polymer/iron-meta": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/neon-animation": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/neon-animation/-/neon-animation-3.0.1.tgz", - "integrity": "sha512-cDDc0llpVCe0ATbDS3clDthI54Bc8YwZIeTGGmBJleKOvbRTUC5+ssJmRL+VwVh+VM5FlnQlx760ppftY3uprg==", - "requires": { - "@polymer/iron-resizable-behavior": "^3.0.0-pre.26", - "@polymer/iron-selector": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/paper-behaviors": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/paper-behaviors/-/paper-behaviors-3.0.1.tgz", - "integrity": "sha512-6knhj69fPJejv8qR0kCSUY+Q0XjaUf0OSnkjRjmTJPAwSrRYtgqE+l6P1FfA+py1X/cUjgne9EF5rMZAKJIg1g==", - "requires": { - "@polymer/iron-behaviors": "^3.0.0-pre.26", - "@polymer/iron-checked-element-behavior": "^3.0.0-pre.26", - "@polymer/paper-ripple": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/paper-checkbox": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@polymer/paper-checkbox/-/paper-checkbox-3.1.0.tgz", - "integrity": "sha512-kXm6yDG1tT8if0XuJ2cc9NF+g8Ev4wG+rnf0a+Sx+O7J6fn1jcnBlYn72FlrfjVjDQZDBFmT6nynhD5PvFw8iQ==", - "requires": { - "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", - "@polymer/iron-checked-element-behavior": "^3.0.0-pre.26", - "@polymer/paper-behaviors": "^3.0.0-pre.27", - "@polymer/paper-ripple": "^3.0.0-pre.26", - "@polymer/paper-styles": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/paper-dropdown-menu": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/@polymer/paper-dropdown-menu/-/paper-dropdown-menu-3.2.0.tgz", - "integrity": "sha512-2ohwSHF+RLSK6kA0UkkMiMQF6EZcaEYWAA25kfisI6DWie7yozKrpQNsqvwfOEHU6DdDMIotrOtH1TM88YS8Zg==", - "requires": { - "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", - "@polymer/iron-form-element-behavior": "^3.0.0-pre.26", - "@polymer/iron-icon": "^3.0.0-pre.26", - "@polymer/iron-iconset-svg": "^3.0.0-pre.26", - "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", - "@polymer/paper-behaviors": "^3.0.0-pre.27", - "@polymer/paper-input": "^3.1.0", - "@polymer/paper-menu-button": "^3.1.0", - "@polymer/paper-ripple": "^3.0.0-pre.26", - "@polymer/paper-styles": "^3.0.0-pre.26", - "@polymer/polymer": "^3.3.1" - } - }, - "@polymer/paper-input": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/@polymer/paper-input/-/paper-input-3.2.1.tgz", - "integrity": "sha512-6ghgwQKM6mS0hAQxQqj+tkeEY1VUBqAsrasAm8V5RpNcfSWQC/hhRFxU0beGuKTAhndzezDzWYP6Zz4b8fExGg==", - "requires": { - "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", - "@polymer/iron-autogrow-textarea": "^3.0.0-pre.26", - "@polymer/iron-behaviors": "^3.0.0-pre.26", - "@polymer/iron-form-element-behavior": "^3.0.0-pre.26", - "@polymer/iron-input": "^3.0.0-pre.26", - "@polymer/paper-styles": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/paper-item": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/paper-item/-/paper-item-3.0.1.tgz", - "integrity": "sha512-KTk2N+GsYiI/HuubL3sxebZ6tteQbBOAp4QVLAnbjSPmwl+mJSDWk+omuadesU0bpkCwaWVs3fHuQsmXxy4pkw==", - "requires": { - "@polymer/iron-behaviors": "^3.0.0-pre.26", - "@polymer/iron-flex-layout": "^3.0.0-pre.26", - "@polymer/paper-styles": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/paper-listbox": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/paper-listbox/-/paper-listbox-3.0.1.tgz", - "integrity": "sha512-vMLWFpYcggAPmEDBmK+96fFefacOG3GLB1EguTn8+ZkqI+328hNfw1MzHjH68rgCIIUtjmm+9qgB1Sy/MN0a/A==", - "requires": { - "@polymer/iron-behaviors": "^3.0.0-pre.26", - "@polymer/iron-menu-behavior": "^3.0.0-pre.26", - "@polymer/paper-styles": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/paper-menu-button": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@polymer/paper-menu-button/-/paper-menu-button-3.1.0.tgz", - "integrity": "sha512-q0G0/rvYD/FFmIBMGCQWjfXzRqwFw9+WHSYV4uOQzM1Ln8LMXSAd+2CENsbVwtMh6fmBePj15ZlU8SM2dt1WDQ==", - "requires": { - "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", - "@polymer/iron-behaviors": "^3.0.0-pre.26", - "@polymer/iron-dropdown": "^3.0.0-pre.26", - "@polymer/iron-fit-behavior": "^3.1.0", - "@polymer/neon-animation": "^3.0.0-pre.26", - "@polymer/paper-styles": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/paper-ripple": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/@polymer/paper-ripple/-/paper-ripple-3.0.2.tgz", - "integrity": "sha512-DnLNvYIMsiayeICroYxx6Q6Hg1cUU8HN2sbutXazlemAlGqdq80qz3TIaVdbpbt/pvjcFGX2HtntMlPstCge8Q==", - "requires": { - "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, - "@polymer/paper-styles": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@polymer/paper-styles/-/paper-styles-3.0.1.tgz", - "integrity": "sha512-y6hmObLqlCx602TQiSBKHqjwkE7xmDiFkoxdYGaNjtv4xcysOTdVJsDR/R9UHwIaxJ7gHlthMSykir1nv78++g==", - "requires": { - "@polymer/font-roboto": "^3.0.1", - "@polymer/iron-flex-layout": "^3.0.0-pre.26", - "@polymer/polymer": "^3.0.0" - } - }, "@polymer/polymer": { "version": "3.4.1", "resolved": "https://registry.npmjs.org/@polymer/polymer/-/polymer-3.4.1.tgz", diff --git a/web/package.json b/web/package.json index 40d4c5203..c1c65e5c5 100644 --- a/web/package.json +++ b/web/package.json @@ -13,11 +13,6 @@ "@fortawesome/fontawesome-free": "^5.15.3", "@patternfly/patternfly": "^4.90.5", "@polymer/iron-form": "^3.0.1", - "@polymer/paper-checkbox": "^3.1.0", - "@polymer/paper-dropdown-menu": "^3.2.0", - "@polymer/paper-input": "^3.2.1", - "@polymer/paper-item": "^3.0.1", - "@polymer/paper-listbox": "^3.0.1", "@sentry/browser": "^6.2.3", "@sentry/tracing": "^6.2.3", "@types/chart.js": "^2.9.31", @@ -31,7 +26,6 @@ "flowchart.js": "^1.15.0", "lit-element": "^2.4.0", "lit-html": "^1.3.0", - "multiselect-combo-box": "^2.5.0-beta.3", "rapidoc": "^8.4.9", "rollup": "^2.42.4", "rollup-plugin-copy": "^3.4.0", diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index 6a7c84282..5028579f9 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -10,6 +10,7 @@ import AKGlobal from "../../authentik.css"; import PFForm from "@patternfly/patternfly/components/Form/form.css"; import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; import { MessageLevel } from "../messages/Message"; +import { IronFormElement } from "@polymer/iron-form/iron-form"; interface ErrorResponse { [key: string]: string[]; @@ -40,6 +41,23 @@ export class Form extends LitElement { `]; } + serializeForm(form: IronFormElement): T { + const elements = form._getSubmittableElements(); + const json: { [key: string]: unknown } = {}; + for (let i = 0; i < elements.length; i++) { + const element = elements[i] as HTMLInputElement; + const values = form._serializeElementValues(element); + if (element.tagName.toLowerCase() === "select" && "multiple" in element.attributes) { + json[element.name] = values; + } else { + for (let v = 0; v < values.length; v++) { + form._addSerializedElement(json, element.name, values[v]); + } + } + } + return json as unknown as T; + } + submit(ev: Event): Promise | undefined { ev.preventDefault(); const ironForm = this.shadowRoot?.querySelector("iron-form"); @@ -47,7 +65,7 @@ export class Form extends LitElement { console.warn("authentik/forms: failed to find iron-form"); return; } - const data = ironForm.serializeForm() as T; + const data = this.serializeForm(ironForm); return this.send(data).then((r) => { showMessage({ level: MessageLevel.success, @@ -56,24 +74,24 @@ export class Form extends LitElement { return r; }).catch((ex: Response) => { if (ex.status > 399 && ex.status < 500) { - return ex.json(); + return ex.json().then((errorMessage: ErrorResponse) => { + if (!errorMessage) return errorMessage; + if (errorMessage instanceof Error) { + throw errorMessage; + } + const elements: PaperInputElement[] = ironForm._getSubmittableElements(); + elements.forEach((element) => { + const elementName = element.name; + if (!elementName) return; + if (elementName in errorMessage) { + element.errorMessage = errorMessage[elementName].join(", "); + element.invalid = true; + } + }); + throw new APIError(errorMessage); + }); } - return ex; - }).then((errorMessage: ErrorResponse | Error) => { - if (!errorMessage) return errorMessage; - if (errorMessage instanceof Error) { - throw errorMessage; - } - const elements: PaperInputElement[] = ironForm._getSubmittableElements(); - elements.forEach((element) => { - const elementName = element.name; - if (!elementName) return; - if (elementName in errorMessage) { - element.errorMessage = errorMessage[elementName].join(", "); - element.invalid = true; - } - }); - throw new APIError(errorMessage); + throw ex; }); } diff --git a/web/src/elements/forms/ModalForm.ts b/web/src/elements/forms/ModalForm.ts index 194c7b21e..488e4ebcf 100644 --- a/web/src/elements/forms/ModalForm.ts +++ b/web/src/elements/forms/ModalForm.ts @@ -1,5 +1,5 @@ import { gettext } from "django"; -import { customElement, html, property, TemplateResult } from "lit-element"; +import { customElement, html, TemplateResult } from "lit-element"; import { ModalButton } from "../buttons/ModalButton"; import { Form } from "./Form"; @@ -12,7 +12,7 @@ export class ModalForm extends ModalButton { if (!formPromise) { return; } - formPromise.then((a) => { + formPromise.then(() => { this.open = false; }).catch((e) => { console.log(e); diff --git a/web/src/elements/forms/utils.ts b/web/src/elements/forms/utils.ts new file mode 100644 index 000000000..79ff0dc68 --- /dev/null +++ b/web/src/elements/forms/utils.ts @@ -0,0 +1,16 @@ +import { TemplateResult, html } from "lit-html"; + +export function formGroup(label: string, body: TemplateResult): TemplateResult { + return html`
+
+ +
+
+
+ ${body} +
+
+
`; +} diff --git a/web/src/pages/groups/GroupForm.ts b/web/src/pages/groups/GroupForm.ts index 6ad02c63f..996f016d4 100644 --- a/web/src/pages/groups/GroupForm.ts +++ b/web/src/pages/groups/GroupForm.ts @@ -4,14 +4,9 @@ import { customElement, property } from "lit-element"; import { html, TemplateResult } from "lit-html"; import { DEFAULT_CONFIG } from "../../api/Config"; import { Form } from "../../elements/forms/Form"; -import { ifDefined } from "lit-html/directives/if-defined"; -import "@polymer/paper-input/paper-input"; -import "@polymer/iron-form/iron-form"; -import '@polymer/paper-checkbox/paper-checkbox'; -import '@polymer/paper-dropdown-menu/paper-dropdown-menu'; -import '@polymer/paper-listbox/paper-listbox'; -import '@polymer/paper-item/paper-item'; import { until } from "lit-html/directives/until"; +import { formGroup } from "../../elements/forms/utils"; +import { ifDefined } from "lit-html/directives/if-defined"; @customElement("ak-group-form") export class GroupForm extends Form { @@ -19,6 +14,8 @@ export class GroupForm extends Form { @property({attribute: false}) group?: Group; + successMessage = gettext("Successfully updated group"); + send = (data: Group): Promise => { if (this.group) { return new CoreApi(DEFAULT_CONFIG).coreGroupsUpdate({ @@ -34,51 +31,41 @@ export class GroupForm extends Form { renderForm(): TemplateResult { return html`
- - - - ${gettext("Is superuser")} - -

${gettext("Users added to this group will be superusers.")}

- - - ${gettext("No parent")} - ${until(new CoreApi(DEFAULT_CONFIG).coreGroupsList({}).then(groups => { - return groups.results.map(group => { - return html`${group.name}`; - }) - }), html``)} - - -
-
-
+

${gettext("Users added to this group will be superusers.")}

+ `)} + ${formGroup(gettext("Parent"), html` + + `)} + ${formGroup(gettext("Members"), html` + +

${gettext("Hold control/command to select multiple items.")}

+ `)} `; } From fbc33815a328a74529bbcfb2fcd87e0180cf5690 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 28 Mar 2021 22:33:27 +0200 Subject: [PATCH 14/60] core: fix user view imports Signed-off-by: Jens Langhammer --- authentik/core/views/user.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/authentik/core/views/user.py b/authentik/core/views/user.py index 6c5a9d7d4..968547434 100644 --- a/authentik/core/views/user.py +++ b/authentik/core/views/user.py @@ -1,22 +1,17 @@ """authentik core user views""" -from typing import Any - from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import ( PermissionRequiredMixin as DjangoPermissionRequiredMixin, ) from django.contrib.messages.views import SuccessMessageMixin from django.http.response import HttpResponse -from django.urls import reverse_lazy from django.utils.translation import gettext as _ from django.views.generic import UpdateView -from django.views.generic.base import TemplateView from guardian.mixins import PermissionRequiredMixin from guardian.shortcuts import get_objects_for_user from authentik.core.forms.token import UserTokenForm from authentik.core.models import Token, TokenIntents -from authentik.flows.models import Flow, FlowDesignation from authentik.lib.views import CreateAssignPermView From 76e571ea0aa78731259deb087637ce657cf6e2c6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 10:09:43 +0200 Subject: [PATCH 15/60] web: use custom-element as wrapper Signed-off-by: Jens Langhammer --- web/package-lock.json | 108 ++++++++++++++++++ web/package.json | 1 + .../elements/forms/HorizontalFormElement.ts | 62 ++++++++++ web/src/elements/forms/utils.ts | 16 --- web/src/pages/groups/GroupForm.ts | 72 ++++++------ 5 files changed, 207 insertions(+), 52 deletions(-) create mode 100644 web/src/elements/forms/HorizontalFormElement.ts delete mode 100644 web/src/elements/forms/utils.ts diff --git a/web/package-lock.json b/web/package-lock.json index 90af1fe52..be1559cb1 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -133,6 +133,27 @@ "resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-4.90.5.tgz", "integrity": "sha512-Fe0C8UkzSjtacQ+fHXlFB/LHzrv/c2K4z479C6dboOgkGQE1FyB0wt1NBfxij0D++rhOy04OOYdE+Tr0JSlZKw==" }, + "@polymer/font-roboto": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@polymer/font-roboto/-/font-roboto-3.0.2.tgz", + "integrity": "sha512-tx5TauYSmzsIvmSqepUPDYbs4/Ejz2XbZ1IkD7JEGqkdNUJlh+9KU85G56Tfdk/xjEZ8zorFfN09OSwiMrIQWA==" + }, + "@polymer/iron-a11y-announcer": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@polymer/iron-a11y-announcer/-/iron-a11y-announcer-3.1.0.tgz", + "integrity": "sha512-lc5i4NKB8kSQHH0Hwu8WS3ym93m+J69OHJWSSBxwd17FI+h2wmgxDzeG9LI4ojMMck17/uc2pLe7g/UHt5/K/A==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-a11y-keys-behavior": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-a11y-keys-behavior/-/iron-a11y-keys-behavior-3.0.1.tgz", + "integrity": "sha512-lnrjKq3ysbBPT/74l0Fj0U9H9C35Tpw2C/tpJ8a+5g8Y3YJs1WSZYnEl1yOkw6sEyaxOq/1DkzH0+60gGu5/PQ==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/iron-ajax": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/iron-ajax/-/iron-ajax-3.0.1.tgz", @@ -141,6 +162,34 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/iron-autogrow-textarea": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@polymer/iron-autogrow-textarea/-/iron-autogrow-textarea-3.0.3.tgz", + "integrity": "sha512-5r0VkWrIlm0JIp5E5wlnvkw7slK72lFRZXncmrsLZF+6n1dg2rI8jt7xpFzSmUWrqpcyXwyKaGaDvUjl3j4JLA==", + "requires": { + "@polymer/iron-behaviors": "^3.0.0-pre.26", + "@polymer/iron-flex-layout": "^3.0.0-pre.26", + "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-behaviors": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-behaviors/-/iron-behaviors-3.0.1.tgz", + "integrity": "sha512-IMEwcv1lhf1HSQxuyWOUIL0lOBwmeaoSTpgCJeP9IBYnuB1SPQngmfRuHKgK6/m9LQ9F9miC7p3HeQQUdKAE0w==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-flex-layout": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-flex-layout/-/iron-flex-layout-3.0.1.tgz", + "integrity": "sha512-7gB869czArF+HZcPTVSgvA7tXYFze9EKckvM95NB7SqYF+NnsQyhoXgKnpFwGyo95lUjUW9TFDLUwDXnCYFtkw==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/iron-form": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/@polymer/iron-form/-/iron-form-3.0.1.tgz", @@ -150,6 +199,65 @@ "@polymer/polymer": "^3.0.0" } }, + "@polymer/iron-form-element-behavior": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-form-element-behavior/-/iron-form-element-behavior-3.0.1.tgz", + "integrity": "sha512-G/e2KXyL5AY7mMjmomHkGpgS0uAf4ovNpKhkuUTRnMuMJuf589bKqE85KN4ovE1Tzhv2hJoh/igyD6ekHiYU1A==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-input": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-input/-/iron-input-3.0.1.tgz", + "integrity": "sha512-WLx13kEcbH9GKbj9+pWR6pbJkA5kxn3796ynx6eQd2rueMyUfVTR3GzOvadBKsciUuIuzrxpBWZ2+3UcueVUQQ==", + "requires": { + "@polymer/iron-a11y-announcer": "^3.0.0-pre.26", + "@polymer/iron-validatable-behavior": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-meta": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-meta/-/iron-meta-3.0.1.tgz", + "integrity": "sha512-pWguPugiLYmWFV9UWxLWzZ6gm4wBwQdDy4VULKwdHCqR7OP7u98h+XDdGZsSlDPv6qoryV/e3tGHlTIT0mbzJA==", + "requires": { + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/iron-validatable-behavior": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/iron-validatable-behavior/-/iron-validatable-behavior-3.0.1.tgz", + "integrity": "sha512-wwpYh6wOa4fNI+jH5EYKC7TVPYQ2OfgQqocWat7GsNWcsblKYhLYbwsvEY5nO0n2xKqNfZzDLrUom5INJN7msQ==", + "requires": { + "@polymer/iron-meta": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/paper-input": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/@polymer/paper-input/-/paper-input-3.2.1.tgz", + "integrity": "sha512-6ghgwQKM6mS0hAQxQqj+tkeEY1VUBqAsrasAm8V5RpNcfSWQC/hhRFxU0beGuKTAhndzezDzWYP6Zz4b8fExGg==", + "requires": { + "@polymer/iron-a11y-keys-behavior": "^3.0.0-pre.26", + "@polymer/iron-autogrow-textarea": "^3.0.0-pre.26", + "@polymer/iron-behaviors": "^3.0.0-pre.26", + "@polymer/iron-form-element-behavior": "^3.0.0-pre.26", + "@polymer/iron-input": "^3.0.0-pre.26", + "@polymer/paper-styles": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, + "@polymer/paper-styles": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@polymer/paper-styles/-/paper-styles-3.0.1.tgz", + "integrity": "sha512-y6hmObLqlCx602TQiSBKHqjwkE7xmDiFkoxdYGaNjtv4xcysOTdVJsDR/R9UHwIaxJ7gHlthMSykir1nv78++g==", + "requires": { + "@polymer/font-roboto": "^3.0.1", + "@polymer/iron-flex-layout": "^3.0.0-pre.26", + "@polymer/polymer": "^3.0.0" + } + }, "@polymer/polymer": { "version": "3.4.1", "resolved": "https://registry.npmjs.org/@polymer/polymer/-/polymer-3.4.1.tgz", diff --git a/web/package.json b/web/package.json index 669cb25ec..8add33fd6 100644 --- a/web/package.json +++ b/web/package.json @@ -13,6 +13,7 @@ "@fortawesome/fontawesome-free": "^5.15.3", "@patternfly/patternfly": "^4.90.5", "@polymer/iron-form": "^3.0.1", + "@polymer/paper-input": "^3.2.1", "@sentry/browser": "^6.2.3", "@sentry/tracing": "^6.2.3", "@types/chart.js": "^2.9.31", diff --git a/web/src/elements/forms/HorizontalFormElement.ts b/web/src/elements/forms/HorizontalFormElement.ts new file mode 100644 index 000000000..20c03a174 --- /dev/null +++ b/web/src/elements/forms/HorizontalFormElement.ts @@ -0,0 +1,62 @@ +import { customElement, LitElement, CSSResult, property, css } from "lit-element"; +import { TemplateResult, html } from "lit-html"; +import PFForm from "@patternfly/patternfly/components/Form/form.css"; +import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; + +@customElement("ak-form-element-horizontal") +export class HorizontalFormElement extends LitElement { + + static get styles(): CSSResult[] { + return [PFForm, PFFormControl, css` + slot { + display: flex; + flex-direction: row; + align-items: center; + justify-content: space-around; + } + .pf-c-form__group { + display: grid; + grid-template-columns: var(--pf-c-form--m-horizontal__group-label--md--GridColumnWidth) var(--pf-c-form--m-horizontal__group-control--md--GridColumnWidth); + } + .pf-c-form__group-label { + padding-top: var(--pf-c-form--m-horizontal__group-label--md--PaddingTop); + } + `]; + } + + @property() + label: string = ""; + + @property({ type: Boolean }) + required = false; + + @property() + errorMessage: string = ""; + + @property() + invalid: boolean = false; + + updated(): void { + this.querySelectorAll("input[autofocus]").forEach(input => { + input.focus(); + }); + } + + render(): TemplateResult { + return html`
+
+ +
+
+
+ + ${this.invalid ? html`

${this.errorMessage}

` : html``} +
+
+
`; + } + +} diff --git a/web/src/elements/forms/utils.ts b/web/src/elements/forms/utils.ts deleted file mode 100644 index 79ff0dc68..000000000 --- a/web/src/elements/forms/utils.ts +++ /dev/null @@ -1,16 +0,0 @@ -import { TemplateResult, html } from "lit-html"; - -export function formGroup(label: string, body: TemplateResult): TemplateResult { - return html`
-
- -
-
-
- ${body} -
-
-
`; -} diff --git a/web/src/pages/groups/GroupForm.ts b/web/src/pages/groups/GroupForm.ts index 996f016d4..0770351c8 100644 --- a/web/src/pages/groups/GroupForm.ts +++ b/web/src/pages/groups/GroupForm.ts @@ -5,8 +5,8 @@ import { html, TemplateResult } from "lit-html"; import { DEFAULT_CONFIG } from "../../api/Config"; import { Form } from "../../elements/forms/Form"; import { until } from "lit-html/directives/until"; -import { formGroup } from "../../elements/forms/utils"; import { ifDefined } from "lit-html/directives/if-defined"; +import "../../elements/forms/HorizontalFormElement"; @customElement("ak-group-form") export class GroupForm extends Form { @@ -31,42 +31,42 @@ export class GroupForm extends Form { renderForm(): TemplateResult { return html`
- ${formGroup(gettext("Name"), html` - - `)} - ${formGroup("", html` -
- - -
-

${gettext("Users added to this group will be superusers.")}

- `)} - ${formGroup(gettext("Parent"), html` - + + +
+ + +
+

${gettext("Users added to this group will be superusers.")}

+ + + + + + - `)} - ${formGroup(gettext("Members"), html` - -

${gettext("Hold control/command to select multiple items.")}

- `)} - `; + return html``; + }); + }))} + +

${gettext("Hold control/command to select multiple items.")}

+
+ `; } } From 12bfa404c847b9dbf24675af6f04e46800eb2b17 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 11:57:53 +0200 Subject: [PATCH 16/60] web: rudimentary lazy loading for modals Signed-off-by: Jens Langhammer --- web/src/elements/buttons/ModalButton.ts | 5 +++++ web/src/elements/forms/Form.ts | 4 ++++ web/src/elements/forms/HorizontalFormElement.ts | 8 +------- web/src/pages/groups/GroupForm.ts | 2 +- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/web/src/elements/buttons/ModalButton.ts b/web/src/elements/buttons/ModalButton.ts index 34061b451..a9e6703b2 100644 --- a/web/src/elements/buttons/ModalButton.ts +++ b/web/src/elements/buttons/ModalButton.ts @@ -136,6 +136,11 @@ export class ModalButton extends LitElement { if (!this.href) { this.updateHandlers(); this.open = true; + this.querySelectorAll("*").forEach(child => { + if ("requestUpdate" in child) { + (child as LitElement).requestUpdate(); + } + }); } else { const request = new Request(this.href); fetch(request, { diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index 5028579f9..bb7689e7e 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -100,6 +100,10 @@ export class Form extends LitElement { } render(): TemplateResult { + const rect = this.getBoundingClientRect(); + if (rect.x + rect.y + rect.width + rect.height === 0) { + return html``; + } return html` { this.submit(ev); }}> ${this.renderForm()} diff --git a/web/src/elements/forms/HorizontalFormElement.ts b/web/src/elements/forms/HorizontalFormElement.ts index 20c03a174..a38e4e3f5 100644 --- a/web/src/elements/forms/HorizontalFormElement.ts +++ b/web/src/elements/forms/HorizontalFormElement.ts @@ -8,12 +8,6 @@ export class HorizontalFormElement extends LitElement { static get styles(): CSSResult[] { return [PFForm, PFFormControl, css` - slot { - display: flex; - flex-direction: row; - align-items: center; - justify-content: space-around; - } .pf-c-form__group { display: grid; grid-template-columns: var(--pf-c-form--m-horizontal__group-label--md--GridColumnWidth) var(--pf-c-form--m-horizontal__group-control--md--GridColumnWidth); @@ -51,8 +45,8 @@ export class HorizontalFormElement extends LitElement {
+
- ${this.invalid ? html`

${this.errorMessage}

` : html``}
diff --git a/web/src/pages/groups/GroupForm.ts b/web/src/pages/groups/GroupForm.ts index 0770351c8..69f87619f 100644 --- a/web/src/pages/groups/GroupForm.ts +++ b/web/src/pages/groups/GroupForm.ts @@ -34,7 +34,7 @@ export class GroupForm extends Form { - +
diff --git a/web/src/pages/sources/SAMLSourceViewPage.ts b/web/src/pages/sources/SAMLSourceViewPage.ts index 7e4ca6dfa..d3e87052c 100644 --- a/web/src/pages/sources/SAMLSourceViewPage.ts +++ b/web/src/pages/sources/SAMLSourceViewPage.ts @@ -12,8 +12,6 @@ import PFFlex from "@patternfly/patternfly/utilities/Flex/flex.css"; import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css"; import AKGlobal from "../../authentik.css"; import PFBase from "@patternfly/patternfly/patternfly-base.css"; -import CodeMirrorStyle from "codemirror/lib/codemirror.css"; -import CodeMirrorTheme from "codemirror/theme/monokai.css"; import "../../elements/buttons/ModalButton"; import "../../elements/buttons/SpinnerButton"; @@ -25,6 +23,7 @@ import { SAMLSource, SourcesApi } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; import { AdminURLManager, AppURLManager } from "../../api/legacy"; import { EVENT_REFRESH } from "../../constants"; +import { ifDefined } from "lit-html/directives/if-defined"; @customElement("ak-source-saml-view") export class SAMLSourceViewPage extends Page { @@ -51,7 +50,7 @@ export class SAMLSourceViewPage extends Page { source?: SAMLSource; static get styles(): CSSResult[] { - return [PFBase, PFPage, PFFlex, PFDisplay, PFGallery, PFContent, PFCard, PFDescriptionList, PFSizing, CodeMirrorStyle, CodeMirrorTheme, AKGlobal]; + return [PFBase, PFPage, PFFlex, PFDisplay, PFGallery, PFContent, PFCard, PFDescriptionList, PFSizing, AKGlobal]; } constructor() { @@ -138,7 +137,7 @@ export class SAMLSourceViewPage extends Page { ${until(new SourcesApi(DEFAULT_CONFIG).sourcesSamlMetadata({ slug: this.source.slug, }).then(m => { - return html``; + return html``; }) )} From 3cc7d54cc1fe4281c55ae07ca7a848e3941b3e02 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 12:28:06 +0200 Subject: [PATCH 20/60] policies: use GroupSerializer for PolicyBinding API Signed-off-by: Jens Langhammer --- authentik/policies/api.py | 3 +++ swagger.yaml | 53 +-------------------------------------- 2 files changed, 4 insertions(+), 52 deletions(-) diff --git a/authentik/policies/api.py b/authentik/policies/api.py index 42ce8bc9f..d06740ab4 100644 --- a/authentik/policies/api.py +++ b/authentik/policies/api.py @@ -17,6 +17,7 @@ from rest_framework.viewsets import GenericViewSet, ModelViewSet from structlog.stdlib import get_logger from authentik.core.api.applications import user_app_cache_key +from authentik.core.api.groups import GroupSerializer from authentik.core.api.utils import ( CacheSerializer, MetaNameSerializer, @@ -176,6 +177,8 @@ class PolicyBindingSerializer(ModelSerializer): required=True, ) + group = GroupSerializer(required=False) + class Meta: model = PolicyBinding diff --git a/swagger.yaml b/swagger.yaml index da9fcb68f..264adfc9c 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -12216,58 +12216,7 @@ definitions: type: boolean readOnly: true group: - description: Custom Group model which supports a basic hierarchy - required: - - name - type: object - properties: - group_uuid: - title: Group uuid - type: string - format: uuid - readOnly: true - name: - title: Name - type: string - maxLength: 80 - minLength: 1 - is_superuser: - title: Is superuser - description: Users added to this group will be superusers. - type: boolean - attributes: - title: Attributes - type: object - parent: - description: Custom Group model which supports a basic hierarchy - required: - - name - - parent - type: object - properties: - group_uuid: - title: Group uuid - type: string - format: uuid - readOnly: true - name: - title: Name - type: string - maxLength: 80 - minLength: 1 - is_superuser: - title: Is superuser - description: Users added to this group will be superusers. - type: boolean - attributes: - title: Attributes - type: object - parent: - title: Parent - type: string - format: uuid - readOnly: true - readOnly: true + $ref: '#/definitions/Group' user: description: Custom User model to allow easier adding of user-based settings required: From 583b6cc20be23094d463a581bad2047a25367c4b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 14:42:28 +0200 Subject: [PATCH 21/60] web/admin: remove site-shell Signed-off-by: Jens Langhammer --- authentik/admin/views/utils.py | 10 -- web/src/pages/generic/SiteShell.ts | 173 ----------------------------- 2 files changed, 183 deletions(-) delete mode 100644 web/src/pages/generic/SiteShell.ts diff --git a/authentik/admin/views/utils.py b/authentik/admin/views/utils.py index c7ebe9eaf..5c5df69dd 100644 --- a/authentik/admin/views/utils.py +++ b/authentik/admin/views/utils.py @@ -11,16 +11,6 @@ from authentik.lib.utils.reflection import all_subclasses from authentik.lib.views import CreateAssignPermView -class DeleteMessageView(SuccessMessageMixin, DeleteView): - """DeleteView which shows `self.success_message` on successful deletion""" - - success_url = reverse_lazy("authentik_core:if-admin") - - def delete(self, request, *args, **kwargs): - messages.success(self.request, self.success_message) - return super().delete(request, *args, **kwargs) - - class InheritanceCreateView(CreateAssignPermView): """CreateView for objects using InheritanceManager""" diff --git a/web/src/pages/generic/SiteShell.ts b/web/src/pages/generic/SiteShell.ts deleted file mode 100644 index 34ab7eaf2..000000000 --- a/web/src/pages/generic/SiteShell.ts +++ /dev/null @@ -1,173 +0,0 @@ -import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element"; -import { SpinnerSize } from "../../elements/Spinner"; -import { showMessage } from "../../elements/messages/MessageContainer"; -import { gettext } from "django"; -import { SentryIgnoredError } from "../../common/errors"; -import { unsafeHTML } from "lit-html/directives/unsafe-html"; -import PFBase from "@patternfly/patternfly/patternfly-base.css"; -import PFButton from "@patternfly/patternfly/components/Button/button.css"; -import PFModalBox from "@patternfly/patternfly/components/ModalBox/modal-box.css"; -import PFForm from "@patternfly/patternfly/components/Form/form.css"; -import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; -import PFBullseye from "@patternfly/patternfly/layouts/Bullseye/bullseye.css"; -import PFBackdrop from "@patternfly/patternfly/components/Backdrop/backdrop.css"; -import PFPage from "@patternfly/patternfly/components/Page/page.css"; -import PFStack from "@patternfly/patternfly/layouts/Stack/stack.css"; -import PFCard from "@patternfly/patternfly/components/Card/card.css"; -import PFContent from "@patternfly/patternfly/components/Content/content.css"; -import AKGlobal from "../../authentik.css"; -import { EVENT_REFRESH } from "../../constants"; -import { MessageLevel } from "../../elements/messages/Message"; - -@customElement("ak-site-shell") -export class SiteShell extends LitElement { - @property() - set url(value: string) { - this._url = value; - this.loadContent(); - } - - _url?: string; - - @property({type: Boolean}) - loading = false; - - @property({type: String}) - body = ""; - - static get styles(): CSSResult[] { - return [PFBase, PFButton, PFModalBox, PFForm, PFFormControl, PFBullseye, PFBackdrop, PFPage, PFStack, PFCard, PFContent, AKGlobal].concat( - css` - :host, - ::slotted(*) { - height: 100%; - } - .pf-l-bullseye { - position: absolute; - top: 0; - left: 0; - width: 100%; - } - ` - ); - } - - constructor() { - super(); - this.addEventListener(EVENT_REFRESH, () => { - this.loadContent(); - }); - } - - loadContent(): void { - const bodySlot = this.querySelector("[slot=body]"); - if (!bodySlot) { - return; - } - if (!this._url) { - return; - } - if (this.loading) { - return; - } - this.loading = true; - fetch(this._url) - .then((response) => { - if (response.ok) { - return response; - } - console.debug(`authentik/site-shell: Request failed ${this._url}`); - showMessage({ - level: MessageLevel.error, - message: gettext(`Request failed: ${response.statusText}`), - }); - this.loading = false; - throw new SentryIgnoredError("Request failed"); - }) - .then((response) => response.text()) - .then((text) => { - this.body = text; - }) - .then(() => { - setTimeout(() => { - this.loading = false; - }, 100); - }); - } - - updateHandlers(): void { - // Ensure anchors only change the hash - this.shadowRoot?.querySelectorAll("a:not(.ak-root-link)").forEach((a) => { - if (a.href === "") { - return; - } - if (a.href.startsWith("#")) { - return; - } - try { - const url = new URL(a.href); - const qs = url.search || ""; - const hash = (url.hash || "#").substring(2, Infinity); - a.href = `#${url.pathname}${qs}${hash}`; - } catch (e) { - console.debug(`authentik/site-shell: error ${e}`); - a.href = `#${a.href}`; - } - }); - // Create refresh buttons - this.shadowRoot?.querySelectorAll("[role=ak-refresh]").forEach((rt) => { - rt.addEventListener("click", () => { - this.loadContent(); - }); - }); - // Make get forms (search bar) notify us on submit so we can change the hash - this.shadowRoot?.querySelectorAll("form[method=get]").forEach((form) => { - form.addEventListener("submit", (e) => { - e.preventDefault(); - const formData = new FormData(form); - const qs = new URLSearchParams((formData)).toString(); // eslint-disable-line - window.location.hash = `#${this._url}?${qs}`; - }); - }); - // Make forms with POST Method have a correct action set - this.shadowRoot?.querySelectorAll("form[method=post]").forEach((form) => { - form.addEventListener("submit", (e) => { - e.preventDefault(); - const formData = new FormData(form); - fetch(this._url ? this._url : form.action, { - method: form.method, - body: formData, - }) - .then((response) => { - return response.text(); - }) - .then((data) => { - this.body = data; - this.updateHandlers(); - }) - .catch((e) => { - showMessage({ - level: MessageLevel.error, - message: "Unexpected error" - }); - console.error(e); - }); - }); - }); - } - - render(): TemplateResult { - return html` ${this.loading ? - html`
-
- -
-
` - : ""} - ${unsafeHTML(this.body)}`; - } - - updated(): void { - this.updateHandlers(); - } -} From 0793fff2224ac03306a9aa2f2d64d5093ff77d3a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 15:36:35 +0200 Subject: [PATCH 22/60] *: simplify API permissions checking, add API for user recovery Signed-off-by: Jens Langhammer --- authentik/api/decorators.py | 28 ++++++++++++++ authentik/core/api/applications.py | 15 +++----- authentik/core/api/users.py | 38 ++++++++++++++++++- authentik/events/api/event.py | 4 +- .../events/api/notification_transport.py | 9 ++--- authentik/flows/api/flows.py | 19 ++++------ .../migrations/0017_auto_20210329_1334.py | 25 ++++++++++++ authentik/flows/models.py | 2 + authentik/policies/api.py | 3 ++ .../migrations/0006_auto_20210329_1334.py | 25 ++++++++++++ authentik/policies/models.py | 5 +++ swagger.yaml | 28 ++++++++++++++ 12 files changed, 173 insertions(+), 28 deletions(-) create mode 100644 authentik/api/decorators.py create mode 100644 authentik/flows/migrations/0017_auto_20210329_1334.py create mode 100644 authentik/policies/migrations/0006_auto_20210329_1334.py diff --git a/authentik/api/decorators.py b/authentik/api/decorators.py new file mode 100644 index 000000000..fd89c01dc --- /dev/null +++ b/authentik/api/decorators.py @@ -0,0 +1,28 @@ +"""API Decorators""" +from functools import wraps +from typing import Callable + +from rest_framework.request import Request +from rest_framework.response import Response +from rest_framework.viewsets import ModelViewSet + + +def permission_required(perm: str, *other_perms: str): + """Check permissions for a single custom action""" + + def wrapper_outter(func: Callable): + """Check permissions for a single custom action""" + + @wraps(func) + def wrapper(self: ModelViewSet, request: Request, *args, **kwargs) -> Response: + obj = self.get_object() + if not request.user.has_perm(perm, obj): + return self.permission_denied(request) + for other_perm in other_perms: + if not request.user.has_perm(other_perm): + return self.permission_denied(request) + return func(self, request, *args, **kwargs) + + return wrapper + + return wrapper_outter diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py index eae9fc986..66076fe6c 100644 --- a/authentik/core/api/applications.py +++ b/authentik/core/api/applications.py @@ -1,12 +1,9 @@ """Application API Views""" from django.core.cache import cache from django.db.models import QuerySet -from django.http.response import Http404 from drf_yasg2.utils import swagger_auto_schema -from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action from rest_framework.fields import SerializerMethodField -from rest_framework.generics import get_object_or_404 from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ModelSerializer @@ -15,6 +12,7 @@ from rest_framework_guardian.filters import ObjectPermissionsFilter from structlog.stdlib import get_logger from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h +from authentik.api.decorators import permission_required from authentik.core.api.providers import ProviderSerializer from authentik.core.models import Application from authentik.events.models import EventAction @@ -110,16 +108,15 @@ class ApplicationViewSet(ModelViewSet): serializer = self.get_serializer(allowed_applications, many=True) return self.get_paginated_response(serializer.data) + @permission_required( + "authentik_core.view_application", "authentik_events.view_event" + ) @swagger_auto_schema(responses={200: CoordinateSerializer(many=True)}) @action(detail=True) + # pylint: disable=unused-argument def metrics(self, request: Request, slug: str): """Metrics for application logins""" - app = get_object_or_404( - get_objects_for_user(request.user, "authentik_core.view_application"), - slug=slug, - ) - if not request.user.has_perm("authentik_events.view_event"): - raise Http404 + app = self.get_object() return Response( get_events_per_1h( action=EventAction.AUTHORIZE_APPLICATION, diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index c8c04082c..2c9e0adcd 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -1,5 +1,7 @@ """User API Views""" from django.db.models.base import Model +from django.urls import reverse_lazy +from django.utils.http import urlencode from drf_yasg2.utils import swagger_auto_schema, swagger_serializer_method from guardian.utils import get_anonymous_user from rest_framework.decorators import action @@ -10,11 +12,12 @@ from rest_framework.serializers import BooleanField, ModelSerializer, Serializer from rest_framework.viewsets import ModelViewSet from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h +from authentik.api.decorators import permission_required from authentik.core.middleware import ( SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER, ) -from authentik.core.models import User +from authentik.core.models import Token, TokenIntents, User from authentik.events.models import EventAction @@ -54,6 +57,18 @@ class SessionUserSerializer(Serializer): raise NotImplementedError +class UserRecoverySerializer(Serializer): + """Recovery link for a user to reset their password""" + + link = CharField() + + def create(self, validated_data: dict) -> Model: + raise NotImplementedError + + def update(self, instance: Model, validated_data: dict) -> Model: + raise NotImplementedError + + class UserMetricsSerializer(Serializer): """User Metrics""" @@ -116,6 +131,7 @@ class UserViewSet(ModelViewSet): serializer.is_valid() return Response(serializer.data) + @permission_required("authentik_core.view_user", "authentik_events.view_event") @swagger_auto_schema(responses={200: UserMetricsSerializer(many=False)}) @action(detail=False) def metrics(self, request: Request) -> Response: @@ -123,3 +139,23 @@ class UserViewSet(ModelViewSet): serializer = UserMetricsSerializer(True) serializer.context["request"] = request return Response(serializer.data) + + @permission_required("authentik_core.reset_user_password") + @swagger_auto_schema( + responses={"200": UserRecoverySerializer(many=False)}, + ) + @action(detail=True) + # pylint: disable=invalid-name, unused-argument + def recovery(self, request: Request, pk: int) -> Response: + """Create a temporary link that a user can use to recover their accounts""" + user: User = self.get_object() + token, __ = Token.objects.get_or_create( + identifier=f"{user.uid}-password-reset", + user=user, + intent=TokenIntents.INTENT_RECOVERY, + ) + querystring = urlencode({"token": token.key}) + link = request.build_absolute_uri( + reverse_lazy("authentik_flows:default-recovery") + f"?{querystring}" + ) + return Response({"link": link}) diff --git a/authentik/events/api/event.py b/authentik/events/api/event.py index 75cfbeae9..3eb7230bc 100644 --- a/authentik/events/api/event.py +++ b/authentik/events/api/event.py @@ -3,6 +3,7 @@ import django_filters from django.db.models.aggregates import Count from django.db.models.fields.json import KeyTextTransform from drf_yasg2.utils import swagger_auto_schema +from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action from rest_framework.fields import CharField, DictField, IntegerField from rest_framework.request import Request @@ -132,7 +133,8 @@ class EventViewSet(ReadOnlyModelViewSet): filtered_action = request.query_params.get("action", EventAction.LOGIN) top_n = request.query_params.get("top_n", 15) return Response( - Event.objects.filter(action=filtered_action) + get_objects_for_user(request.user, "authentik_events.view_event") + .filter(action=filtered_action) .exclude(context__authorized_application=None) .annotate(application=KeyTextTransform("authorized_application", "context")) .annotate(user_pk=KeyTextTransform("pk", "user")) diff --git a/authentik/events/api/notification_transport.py b/authentik/events/api/notification_transport.py index e951f2a9f..b36b2dd71 100644 --- a/authentik/events/api/notification_transport.py +++ b/authentik/events/api/notification_transport.py @@ -1,7 +1,6 @@ """NotificationTransport API Views""" from django.http.response import Http404 from drf_yasg2.utils import no_body, swagger_auto_schema -from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action from rest_framework.fields import CharField, ListField, SerializerMethodField from rest_framework.request import Request @@ -9,6 +8,7 @@ from rest_framework.response import Response from rest_framework.serializers import ModelSerializer, Serializer from rest_framework.viewsets import ModelViewSet +from authentik.api.decorators import permission_required from authentik.events.models import ( Notification, NotificationSeverity, @@ -57,18 +57,17 @@ class NotificationTransportViewSet(ModelViewSet): queryset = NotificationTransport.objects.all() serializer_class = NotificationTransportSerializer + @permission_required("authentik_events.change_notificationtransport") @swagger_auto_schema( responses={200: NotificationTransportTestSerializer(many=False)}, request_body=no_body, ) @action(detail=True, methods=["post"]) - # pylint: disable=invalid-name + # pylint: disable=invalid-name, unused-argument def test(self, request: Request, pk=None) -> Response: """Send example notification using selected transport. Requires Modify permissions.""" - transports = get_objects_for_user( - request.user, "authentik_events.change_notificationtransport" - ).filter(pk=pk) + transports = self.get_object() if not transports.exists(): raise Http404 transport: NotificationTransport = transports.first() diff --git a/authentik/flows/api/flows.py b/authentik/flows/api/flows.py index a87aff0b3..c2a886e4c 100644 --- a/authentik/flows/api/flows.py +++ b/authentik/flows/api/flows.py @@ -3,13 +3,11 @@ from dataclasses import dataclass from django.core.cache import cache from django.db.models import Model -from django.http.response import HttpResponseBadRequest, JsonResponse -from django.shortcuts import get_object_or_404 +from django.http.response import JsonResponse from drf_yasg2 import openapi from drf_yasg2.utils import no_body, swagger_auto_schema from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action -from rest_framework.exceptions import PermissionDenied from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ( @@ -21,6 +19,7 @@ from rest_framework.serializers import ( from rest_framework.viewsets import ModelViewSet from structlog.stdlib import get_logger +from authentik.api.decorators import permission_required from authentik.core.api.utils import CacheSerializer from authentik.flows.models import Flow from authentik.flows.planner import cache_key @@ -89,12 +88,14 @@ class FlowViewSet(ModelViewSet): search_fields = ["name", "slug", "designation", "title"] filterset_fields = ["flow_uuid", "name", "slug", "designation"] + @permission_required("authentik_flows.view_flow_cache") @swagger_auto_schema(responses={200: CacheSerializer(many=False)}) @action(detail=False) def cache_info(self, request: Request) -> Response: """Info about cached flows""" return Response(data={"count": len(cache.keys("flow_*"))}) + @permission_required("authentik_flows.clear_flow_cache") @swagger_auto_schema( request_body=no_body, responses={204: "Successfully cleared cache", 400: "Bad request"}, @@ -102,13 +103,12 @@ class FlowViewSet(ModelViewSet): @action(detail=False, methods=["POST"]) def cache_clear(self, request: Request) -> Response: """Clear flow cache""" - if not request.user.is_superuser: - return HttpResponseBadRequest() keys = cache.keys("flow_*") cache.delete_many(keys) LOGGER.debug("Cleared flow cache", keys=len(keys)) return Response(status=204) + @permission_required("authentik_flows.export_flow") @swagger_auto_schema( responses={ "200": openapi.Response( @@ -121,8 +121,6 @@ class FlowViewSet(ModelViewSet): def export(self, request: Request, slug: str) -> Response: """Export flow to .akflow file""" flow = self.get_object() - if not request.user.has_perm("authentik_flows.export_flow", flow): - raise PermissionDenied() exporter = FlowExporter(flow) response = JsonResponse(exporter.export(), encoder=DataclassEncoder, safe=False) response["Content-Disposition"] = f'attachment; filename="{flow.slug}.akflow"' @@ -130,13 +128,10 @@ class FlowViewSet(ModelViewSet): @swagger_auto_schema(responses={200: FlowDiagramSerializer()}) @action(detail=True, methods=["get"]) + # pylint: disable=unused-argument def diagram(self, request: Request, slug: str) -> Response: """Return diagram for flow with slug `slug`, in the format used by flowchart.js""" - flow = get_object_or_404( - get_objects_for_user(request.user, "authentik_flows.view_flow").filter( - slug=slug - ) - ) + flow = self.get_object() header = [ DiagramElement("st", "start", "Start"), ] diff --git a/authentik/flows/migrations/0017_auto_20210329_1334.py b/authentik/flows/migrations/0017_auto_20210329_1334.py new file mode 100644 index 000000000..bcaf18eef --- /dev/null +++ b/authentik/flows/migrations/0017_auto_20210329_1334.py @@ -0,0 +1,25 @@ +# Generated by Django 3.1.7 on 2021-03-29 13:34 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_flows", "0016_auto_20201202_1307"), + ] + + operations = [ + migrations.AlterModelOptions( + name="flow", + options={ + "permissions": [ + ("export_flow", "Can export a Flow"), + ("view_flow_cache", "View Flow's cache metrics"), + ("clear_flow_cache", "Clear Flow's cache metrics"), + ], + "verbose_name": "Flow", + "verbose_name_plural": "Flows", + }, + ), + ] diff --git a/authentik/flows/models.py b/authentik/flows/models.py index 136882acd..3db3db439 100644 --- a/authentik/flows/models.py +++ b/authentik/flows/models.py @@ -158,6 +158,8 @@ class Flow(SerializerModel, PolicyBindingModel): permissions = [ ("export_flow", "Can export a Flow"), + ("view_flow_cache", "View Flow's cache metrics"), + ("clear_flow_cache", "Clear Flow's cache metrics"), ] diff --git a/authentik/policies/api.py b/authentik/policies/api.py index 42ce8bc9f..c59cacfed 100644 --- a/authentik/policies/api.py +++ b/authentik/policies/api.py @@ -16,6 +16,7 @@ from rest_framework.serializers import ( from rest_framework.viewsets import GenericViewSet, ModelViewSet from structlog.stdlib import get_logger +from authentik.api.decorators import permission_required from authentik.core.api.applications import user_app_cache_key from authentik.core.api.utils import ( CacheSerializer, @@ -142,12 +143,14 @@ class PolicyViewSet( ) return Response(TypeCreateSerializer(data, many=True).data) + @permission_required("authentik_policies.view_policy_cache") @swagger_auto_schema(responses={200: CacheSerializer(many=False)}) @action(detail=False) def cache_info(self, request: Request) -> Response: """Info about cached policies""" return Response(data={"count": len(cache.keys("policy_*"))}) + @permission_required("authentik_policies.clear_policy_cache") @swagger_auto_schema( request_body=no_body, responses={204: "Successfully cleared cache", 400: "Bad request"}, diff --git a/authentik/policies/migrations/0006_auto_20210329_1334.py b/authentik/policies/migrations/0006_auto_20210329_1334.py new file mode 100644 index 000000000..e35b550a0 --- /dev/null +++ b/authentik/policies/migrations/0006_auto_20210329_1334.py @@ -0,0 +1,25 @@ +# Generated by Django 3.1.7 on 2021-03-29 13:34 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_policies", "0005_binding_group"), + ] + + operations = [ + migrations.AlterModelOptions( + name="policy", + options={ + "base_manager_name": "objects", + "permissions": [ + ("view_policy_cache", "View Policy's cache metrics"), + ("clear_policy_cache", "Clear Policy's cache metrics"), + ], + "verbose_name": "Policy", + "verbose_name_plural": "Policies", + }, + ), + ] diff --git a/authentik/policies/models.py b/authentik/policies/models.py index 9ad95422a..7e34131c3 100644 --- a/authentik/policies/models.py +++ b/authentik/policies/models.py @@ -149,3 +149,8 @@ class Policy(SerializerModel, CreatedUpdatedModel): verbose_name = _("Policy") verbose_name_plural = _("Policies") + + permissions = [ + ("view_policy_cache", "View Policy's cache metrics"), + ("clear_policy_cache", "Clear Policy's cache metrics"), + ] diff --git a/swagger.yaml b/swagger.yaml index da9fcb68f..27d16815e 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -1726,6 +1726,24 @@ paths: description: A unique integer value identifying this User. required: true type: integer + /core/users/{id}/recovery/: + get: + operationId: core_users_recovery + description: Create a temporary link that a user can use to recover their accounts + parameters: [] + responses: + '200': + description: Recovery link for a user to reset their password + schema: + $ref: '#/definitions/UserRecovery' + tags: + - core + parameters: + - name: id + in: path + description: A unique integer value identifying this User. + required: true + type: integer /crypto/certificatekeypairs/: get: operationId: crypto_certificatekeypairs_list @@ -11120,6 +11138,16 @@ definitions: items: $ref: '#/definitions/Coordinate' readOnly: true + UserRecovery: + description: Recovery link for a user to reset their password + required: + - link + type: object + properties: + link: + title: Link + type: string + minLength: 1 CertificateKeyPair: description: CertificateKeyPair Serializer required: From 0804b5e6c524157de6e320b59e2a4c667cace659 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 15:53:56 +0200 Subject: [PATCH 23/60] web: shrink flow build by not including router Signed-off-by: Jens Langhammer --- web/src/constants.ts | 1 + web/src/elements/router/RouterOutlet.ts | 4 +--- web/src/flows/FlowExecutor.ts | 2 +- web/src/interfaces/AdminInterface.ts | 3 --- web/src/routes.ts | 1 - 5 files changed, 3 insertions(+), 8 deletions(-) diff --git a/web/src/constants.ts b/web/src/constants.ts index 04f480d9c..e21c53ad4 100644 --- a/web/src/constants.ts +++ b/web/src/constants.ts @@ -9,3 +9,4 @@ export const EVENT_REFRESH = "ak-refresh"; export const EVENT_NOTIFICATION_TOGGLE = "ak-notification-toggle"; export const EVENT_SIDEBAR_TOGGLE = "ak-sidebar-toggle"; export const EVENT_API_DRAWER_REFRESH = "ak-api-drawer-refresh"; +export const TITLE_SUFFIX = "authentik"; diff --git a/web/src/elements/router/RouterOutlet.ts b/web/src/elements/router/RouterOutlet.ts index d702b389e..545117762 100644 --- a/web/src/elements/router/RouterOutlet.ts +++ b/web/src/elements/router/RouterOutlet.ts @@ -4,11 +4,9 @@ import { ROUTES } from "../../routes"; import { RouteMatch } from "./RouteMatch"; import AKGlobal from "../../authentik.css"; -import "../../pages/generic/SiteShell"; import "./Router404"; import { Page } from "../Page"; - -export const TITLE_SUFFIX = "authentik"; +import { TITLE_SUFFIX } from "../../constants"; @customElement("ak-router-outlet") export class RouterOutlet extends LitElement { diff --git a/web/src/flows/FlowExecutor.ts b/web/src/flows/FlowExecutor.ts index 10297e2b4..5e397f922 100644 --- a/web/src/flows/FlowExecutor.ts +++ b/web/src/flows/FlowExecutor.ts @@ -39,9 +39,9 @@ import { Challenge, ChallengeTypeEnum, Config, FlowsApi, RootApi } from "authent import { DEFAULT_CONFIG } from "../api/Config"; import { ifDefined } from "lit-html/directives/if-defined"; import { until } from "lit-html/directives/until"; -import { TITLE_SUFFIX } from "../elements/router/RouterOutlet"; import { AccessDeniedChallenge } from "./access_denied/FlowAccessDenied"; import { SpinnerSize } from "../elements/Spinner"; +import { TITLE_SUFFIX } from "../constants"; @customElement("ak-flow-executor") export class FlowExecutor extends LitElement implements StageHost { diff --git a/web/src/interfaces/AdminInterface.ts b/web/src/interfaces/AdminInterface.ts index 0418c459e..b710f7320 100644 --- a/web/src/interfaces/AdminInterface.ts +++ b/web/src/interfaces/AdminInterface.ts @@ -1,8 +1,5 @@ import "construct-style-sheets-polyfill"; -// Elements that are used by SiteShell pages -// And can't dynamically be imported -import "../elements/CodeMirror"; import "../elements/messages/MessageContainer"; import { customElement } from "lit-element"; import { me } from "../api/Users"; diff --git a/web/src/routes.ts b/web/src/routes.ts index ef93147b2..9e716cd90 100644 --- a/web/src/routes.ts +++ b/web/src/routes.ts @@ -11,7 +11,6 @@ import "./pages/events/RuleListPage"; import "./pages/events/TransportListPage"; import "./pages/flows/FlowListPage"; import "./pages/flows/FlowViewPage"; -import "./pages/generic/SiteShell"; import "./pages/groups/GroupListPage"; import "./pages/LibraryPage"; import "./pages/outposts/OutpostListPage"; From fac8d531636750a2209f7d568b5b241ce79e777e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 15:57:38 +0200 Subject: [PATCH 24/60] web/admin: fix message when object is created Signed-off-by: Jens Langhammer --- web/src/elements/forms/Form.ts | 6 +++++- web/src/pages/groups/GroupForm.ts | 8 +++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index bb7689e7e..56b63c581 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -41,6 +41,10 @@ export class Form extends LitElement { `]; } + getSuccessMessage(): string { + return this.successMessage; + } + serializeForm(form: IronFormElement): T { const elements = form._getSubmittableElements(); const json: { [key: string]: unknown } = {}; @@ -69,7 +73,7 @@ export class Form extends LitElement { return this.send(data).then((r) => { showMessage({ level: MessageLevel.success, - message: this.successMessage + message: this.getSuccessMessage() }); return r; }).catch((ex: Response) => { diff --git a/web/src/pages/groups/GroupForm.ts b/web/src/pages/groups/GroupForm.ts index aa3c1adf6..57c46c36d 100644 --- a/web/src/pages/groups/GroupForm.ts +++ b/web/src/pages/groups/GroupForm.ts @@ -16,7 +16,13 @@ export class GroupForm extends Form { @property({attribute: false}) group?: Group; - successMessage = gettext("Successfully updated group"); + getSuccessMessage(): string { + if (this.group) { + return gettext("Successfully updated group"); + } else { + return gettext("Successfully created group"); + } + } send = (data: Group): Promise => { if (this.group) { From 526af265369372e14b43d011552b7d2e3c13f3cc Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 16:16:27 +0200 Subject: [PATCH 25/60] web/admin: migrate user forms to web Signed-off-by: Jens Langhammer --- authentik/admin/forms/users.py | 22 ------- authentik/admin/urls.py | 9 --- authentik/admin/views/users.py | 74 ------------------------ authentik/admin/views/utils.py | 5 +- web/src/api/legacy.ts | 4 -- web/src/elements/buttons/ActionButton.ts | 3 +- web/src/pages/groups/GroupForm.ts | 4 +- web/src/pages/groups/GroupListPage.ts | 2 +- web/src/pages/users/UserForm.ts | 68 ++++++++++++++++++++++ web/src/pages/users/UserListPage.ts | 54 ++++++++++++----- web/src/pages/users/UserViewPage.ts | 44 +++++++++----- 11 files changed, 145 insertions(+), 144 deletions(-) delete mode 100644 authentik/admin/forms/users.py delete mode 100644 authentik/admin/views/users.py create mode 100644 web/src/pages/users/UserForm.ts diff --git a/authentik/admin/forms/users.py b/authentik/admin/forms/users.py deleted file mode 100644 index b7c3cc8d7..000000000 --- a/authentik/admin/forms/users.py +++ /dev/null @@ -1,22 +0,0 @@ -"""authentik administrative user forms""" - -from django import forms - -from authentik.admin.fields import CodeMirrorWidget, YAMLField -from authentik.core.models import User - - -class UserForm(forms.ModelForm): - """Update User Details""" - - class Meta: - - model = User - fields = ["username", "name", "email", "is_active", "attributes"] - widgets = { - "name": forms.TextInput, - "attributes": CodeMirrorWidget, - } - field_classes = { - "attributes": YAMLField, - } diff --git a/authentik/admin/urls.py b/authentik/admin/urls.py index 217145e3c..f581a0a89 100644 --- a/authentik/admin/urls.py +++ b/authentik/admin/urls.py @@ -18,7 +18,6 @@ from authentik.admin.views import ( stages_bindings, stages_invitations, stages_prompts, - users, ) from authentik.providers.saml.views.metadata import MetadataImportView @@ -152,14 +151,6 @@ urlpatterns = [ property_mappings.PropertyMappingTestView.as_view(), name="property-mapping-test", ), - # Users - path("users/create/", users.UserCreateView.as_view(), name="user-create"), - path("users//update/", users.UserUpdateView.as_view(), name="user-update"), - path( - "users//reset/", - users.UserPasswordResetView.as_view(), - name="user-password-reset", - ), # Certificate-Key Pairs path( "crypto/certificates/create/", diff --git a/authentik/admin/views/users.py b/authentik/admin/views/users.py deleted file mode 100644 index 760c67725..000000000 --- a/authentik/admin/views/users.py +++ /dev/null @@ -1,74 +0,0 @@ -"""authentik User administration""" -from django.contrib import messages -from django.contrib.auth.mixins import LoginRequiredMixin -from django.contrib.auth.mixins import ( - PermissionRequiredMixin as DjangoPermissionRequiredMixin, -) -from django.contrib.messages.views import SuccessMessageMixin -from django.http import HttpRequest, HttpResponse -from django.shortcuts import redirect -from django.urls import reverse_lazy -from django.utils.http import urlencode -from django.utils.translation import gettext as _ -from django.views.generic import DetailView, UpdateView -from guardian.mixins import PermissionRequiredMixin - -from authentik.admin.forms.users import UserForm -from authentik.core.models import Token, User -from authentik.lib.views import CreateAssignPermView - - -class UserCreateView( - SuccessMessageMixin, - LoginRequiredMixin, - DjangoPermissionRequiredMixin, - CreateAssignPermView, -): - """Create user""" - - model = User - form_class = UserForm - permission_required = "authentik_core.add_user" - - template_name = "generic/create.html" - success_url = reverse_lazy("authentik_core:if-admin") - success_message = _("Successfully created User") - - -class UserUpdateView( - SuccessMessageMixin, - LoginRequiredMixin, - PermissionRequiredMixin, - UpdateView, -): - """Update user""" - - model = User - form_class = UserForm - permission_required = "authentik_core.change_user" - - # By default the object's name is user which is used by other checks - context_object_name = "object" - template_name = "generic/update.html" - success_url = reverse_lazy("authentik_core:if-admin") - success_message = _("Successfully updated User") - - -class UserPasswordResetView(LoginRequiredMixin, PermissionRequiredMixin, DetailView): - """Get Password reset link for user""" - - model = User - permission_required = "authentik_core.reset_user_password" - - def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse: - """Create token for user and return link""" - super().get(request, *args, **kwargs) - token, __ = Token.objects.get_or_create( - identifier="password-reset-temp", user=self.object - ) - querystring = urlencode({"token": token.key}) - link = request.build_absolute_uri( - reverse_lazy("authentik_flows:default-recovery") + f"?{querystring}" - ) - messages.success(request, _("Password reset link: %(link)s" % {"link": link})) - return redirect("/") diff --git a/authentik/admin/views/utils.py b/authentik/admin/views/utils.py index 5c5df69dd..4c2fe7a38 100644 --- a/authentik/admin/views/utils.py +++ b/authentik/admin/views/utils.py @@ -1,11 +1,8 @@ """authentik admin util views""" from typing import Any -from django.contrib import messages -from django.contrib.messages.views import SuccessMessageMixin from django.http import Http404 -from django.urls import reverse_lazy -from django.views.generic import DeleteView, UpdateView +from django.views.generic import UpdateView from authentik.lib.utils.reflection import all_subclasses from authentik.lib.views import CreateAssignPermView diff --git a/web/src/api/legacy.ts b/web/src/api/legacy.ts index 7e8504907..e921b689e 100644 --- a/web/src/api/legacy.ts +++ b/web/src/api/legacy.ts @@ -68,10 +68,6 @@ export class AdminURLManager { return `/administration/events/transports/${rest}`; } - static users(rest: string): string { - return `/administration/users/${rest}`; - } - } export class UserURLManager { diff --git a/web/src/elements/buttons/ActionButton.ts b/web/src/elements/buttons/ActionButton.ts index 6e3826f01..ed5e38263 100644 --- a/web/src/elements/buttons/ActionButton.ts +++ b/web/src/elements/buttons/ActionButton.ts @@ -23,8 +23,7 @@ export class ActionButton extends SpinnerButton { this.setLoading(); this.apiRequest().then(() => { this.setDone(SUCCESS_CLASS); - }) - .catch((e: Error | Response) => { + }).catch((e: Error | Response) => { if (e instanceof Error) { showMessage({ level: MessageLevel.error, diff --git a/web/src/pages/groups/GroupForm.ts b/web/src/pages/groups/GroupForm.ts index 57c46c36d..d173f9326 100644 --- a/web/src/pages/groups/GroupForm.ts +++ b/web/src/pages/groups/GroupForm.ts @@ -18,9 +18,9 @@ export class GroupForm extends Form { getSuccessMessage(): string { if (this.group) { - return gettext("Successfully updated group"); + return gettext("Successfully updated group."); } else { - return gettext("Successfully created group"); + return gettext("Successfully created group."); } } diff --git a/web/src/pages/groups/GroupListPage.ts b/web/src/pages/groups/GroupListPage.ts index d505e11a3..294750a69 100644 --- a/web/src/pages/groups/GroupListPage.ts +++ b/web/src/pages/groups/GroupListPage.ts @@ -66,7 +66,7 @@ export class GroupListPage extends TablePage { - diff --git a/web/src/pages/users/UserForm.ts b/web/src/pages/users/UserForm.ts new file mode 100644 index 000000000..0cc8c565b --- /dev/null +++ b/web/src/pages/users/UserForm.ts @@ -0,0 +1,68 @@ +import { CoreApi, User } from "authentik-api"; +import { gettext } from "django"; +import { customElement, property } from "lit-element"; +import { html, TemplateResult } from "lit-html"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { Form } from "../../elements/forms/Form"; +import { ifDefined } from "lit-html/directives/if-defined"; +import "../../elements/forms/HorizontalFormElement"; +import "../../elements/CodeMirror"; +import YAML from "yaml"; + +@customElement("ak-user-form") +export class UserForm extends Form { + + @property({ attribute: false }) + user?: User; + + getSuccessMessage(): string { + if (this.user) { + return gettext("Successfully updated user."); + } else { + return gettext("Successfully created user."); + } + } + + send = (data: User): Promise => { + if (this.user) { + return new CoreApi(DEFAULT_CONFIG).coreUsersUpdate({ + id: this.user.pk || 0, + data: data + }); + } else { + return new CoreApi(DEFAULT_CONFIG).coreUsersCreate({ + data: data + }); + } + }; + + renderForm(): TemplateResult { + return html`
+ + +

${gettext("Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.")}

+ + + +

${gettext("User's display name.")}

+ + + + + +
+ + +
+

${gettext("Designates whether this user should be treated as active. Unselect this instead of deleting accounts.")}

+ + + + + +
`; + } + +} diff --git a/web/src/pages/users/UserListPage.ts b/web/src/pages/users/UserListPage.ts index cdc0b4360..b0fd53486 100644 --- a/web/src/pages/users/UserListPage.ts +++ b/web/src/pages/users/UserListPage.ts @@ -3,16 +3,18 @@ import { customElement, html, property, TemplateResult } from "lit-element"; import { AKResponse } from "../../api/Client"; import { TablePage } from "../../elements/table/TablePage"; -import "../../elements/buttons/ModalButton"; +import "../../elements/forms/ModalForm"; import "../../elements/buttons/Dropdown"; import "../../elements/buttons/ActionButton"; import { TableColumn } from "../../elements/table/Table"; import { PAGE_SIZE } from "../../constants"; import { CoreApi, User } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; -import { AdminURLManager } from "../../api/legacy"; import "../../elements/forms/DeleteForm"; import "./UserActiveForm"; +import "./UserForm"; +import { showMessage } from "../../elements/messages/MessageContainer"; +import { MessageLevel } from "../../elements/messages/Message"; @customElement("ak-user-list") export class UserListPage extends TablePage { @@ -59,12 +61,19 @@ export class UserListPage extends TablePage { html`${item.isActive ? "Yes" : "No"}`, html`${item.lastLogin?.toLocaleString()}`, html` - - + + + ${gettext("Update")} + + + ${gettext("Update User")} + + + + + + ${super.renderToolbar()} `; } + } diff --git a/web/src/pages/users/UserViewPage.ts b/web/src/pages/users/UserViewPage.ts index a1c59160a..e29acc762 100644 --- a/web/src/pages/users/UserViewPage.ts +++ b/web/src/pages/users/UserViewPage.ts @@ -12,7 +12,9 @@ import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css"; import PFBase from "@patternfly/patternfly/patternfly-base.css"; import AKGlobal from "../../authentik.css"; -import "../../elements/buttons/ModalButton"; +import "../../elements/forms/ModalForm"; +import "./UserForm"; +import "../../elements/buttons/ActionButton"; import "../../elements/buttons/SpinnerButton"; import "../../elements/CodeMirror"; import "../../elements/Tabs"; @@ -24,8 +26,9 @@ import "../../elements/charts/UserChart"; import { Page } from "../../elements/Page"; import { CoreApi, User } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; -import { AdminURLManager } from "../../api/legacy"; import { EVENT_REFRESH } from "../../constants"; +import { showMessage } from "../../elements/messages/MessageContainer"; +import { MessageLevel } from "../../elements/messages/Message"; @customElement("ak-user-view") export class UserViewPage extends Page { @@ -131,20 +134,35 @@ export class UserViewPage extends Page {
- - + + + ${gettext("Update")} + + + ${gettext("Update User")} + + + + +
- - - ${gettext("Reset Password")} - -
- + { + return new CoreApi(DEFAULT_CONFIG).coreUsersRecovery({ + id: this.user?.pk || 0, + }).then(rec => { + showMessage({ + level: MessageLevel.success, + message: gettext("Successfully generated recovery link"), + description: rec.link + }); + }); + }}> + ${gettext("Reset Password")} +
From a9db538c63b82d64182689cf2d45a6d6a2461967 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 16:23:43 +0200 Subject: [PATCH 26/60] web/admin: fix missing css for descriptor list in cert list Signed-off-by: Jens Langhammer --- web/src/pages/crypto/CertificateKeyPairListPage.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/web/src/pages/crypto/CertificateKeyPairListPage.ts b/web/src/pages/crypto/CertificateKeyPairListPage.ts index 8e0cedbb6..8b2ab5835 100644 --- a/web/src/pages/crypto/CertificateKeyPairListPage.ts +++ b/web/src/pages/crypto/CertificateKeyPairListPage.ts @@ -1,7 +1,8 @@ import { gettext } from "django"; -import { customElement, html, property, TemplateResult } from "lit-element"; +import { CSSResult, customElement, html, property, TemplateResult } from "lit-element"; import { AKResponse } from "../../api/Client"; import { TablePage } from "../../elements/table/TablePage"; +import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css"; import { CryptoApi, CertificateKeyPair } from "authentik-api"; @@ -33,6 +34,10 @@ export class CertificateKeyPairListPage extends TablePage { @property() order = "name"; + static get styles(): CSSResult[] { + return super.styles.concat(PFDescriptionList); + } + apiEndpoint(page: number): Promise> { return new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsList({ ordering: this.order, From 5d370120756bccd221a50ba7cd91ebf06d504047 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 17:28:28 +0200 Subject: [PATCH 27/60] api: allow @permission_required with no object permission Signed-off-by: Jens Langhammer --- authentik/api/decorators.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/authentik/api/decorators.py b/authentik/api/decorators.py index fd89c01dc..539553dad 100644 --- a/authentik/api/decorators.py +++ b/authentik/api/decorators.py @@ -1,13 +1,13 @@ """API Decorators""" from functools import wraps -from typing import Callable +from typing import Callable, Optional from rest_framework.request import Request from rest_framework.response import Response from rest_framework.viewsets import ModelViewSet -def permission_required(perm: str, *other_perms: str): +def permission_required(perm: Optional[str] = None, *other_perms: str): """Check permissions for a single custom action""" def wrapper_outter(func: Callable): @@ -15,9 +15,10 @@ def permission_required(perm: str, *other_perms: str): @wraps(func) def wrapper(self: ModelViewSet, request: Request, *args, **kwargs) -> Response: - obj = self.get_object() - if not request.user.has_perm(perm, obj): - return self.permission_denied(request) + if perm: + obj = self.get_object() + if not request.user.has_perm(perm, obj): + return self.permission_denied(request) for other_perm in other_perms: if not request.user.has_perm(other_perm): return self.permission_denied(request) From a445b035231db0ba38fd6a78fa4f1f23ce1ae633 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 17:33:27 +0200 Subject: [PATCH 28/60] crypto: add API to generate keypair Signed-off-by: Jens Langhammer --- authentik/crypto/api.py | 49 ++++++++++++++++++++++++++++++++++++++++- swagger.yaml | 35 +++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 1 deletion(-) diff --git a/authentik/crypto/api.py b/authentik/crypto/api.py index e26cd79cf..eaba2075b 100644 --- a/authentik/crypto/api.py +++ b/authentik/crypto/api.py @@ -3,14 +3,22 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.serialization import load_pem_private_key from cryptography.x509 import load_pem_x509_certificate from django.db.models import Model +from django.utils.translation import gettext_lazy as _ from drf_yasg2.utils import swagger_auto_schema from rest_framework.decorators import action -from rest_framework.fields import CharField, DateTimeField, SerializerMethodField +from rest_framework.fields import ( + CharField, + DateTimeField, + IntegerField, + SerializerMethodField, +) from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ModelSerializer, Serializer, ValidationError from rest_framework.viewsets import ModelViewSet +from authentik.api.decorators import permission_required +from authentik.crypto.builder import CertificateBuilder from authentik.crypto.models import CertificateKeyPair from authentik.events.models import Event, EventAction @@ -83,12 +91,51 @@ class CertificateDataSerializer(Serializer): raise NotImplementedError +class CertificateGenerationSerializer(Serializer): + """Certificate generation parameters""" + + common_name = CharField() + subject_alt_name = CharField( + required=False, allow_blank=True, label=_("Subject-alt name") + ) + validity_days = IntegerField(initial=365) + + def create(self, validated_data: dict) -> Model: + raise NotImplementedError + + def update(self, instance: Model, validated_data: dict) -> Model: + raise NotImplementedError + + class CertificateKeyPairViewSet(ModelViewSet): """CertificateKeyPair Viewset""" queryset = CertificateKeyPair.objects.all() serializer_class = CertificateKeyPairSerializer + @permission_required(None, "authentik_crypto.add_certificatekeypair") + @swagger_auto_schema( + request_body=CertificateGenerationSerializer(), + responses={200: CertificateKeyPairSerializer}, + ) + @action(detail=False, methods=["POST"]) + def generate(self, request: Request) -> Response: + """Generate a new, self-signed certificate-key pair""" + data = CertificateGenerationSerializer(data=request.data) + if not data.is_valid(): + return Response(data.errors, status=400) + builder = CertificateBuilder() + builder.common_name = data.validated_data["common_name"] + builder.build( + subject_alt_names=data.validated_data.get("subject_alt_name", "").split( + "," + ), + validity_days=int(data.validated_data["validity_days"]), + ) + instance = builder.save() + serializer = self.get_serializer(instance) + return Response(serializer.data) + @swagger_auto_schema(responses={200: CertificateDataSerializer(many=False)}) @action(detail=True) # pylint: disable=invalid-name, unused-argument diff --git a/swagger.yaml b/swagger.yaml index 911e341d9..63b99ce7e 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -1826,6 +1826,24 @@ paths: tags: - crypto parameters: [] + /crypto/certificatekeypairs/generate/: + post: + operationId: crypto_certificatekeypairs_generate + description: Generate a new, self-signed certificate-key pair + parameters: + - name: data + in: body + required: true + schema: + $ref: '#/definitions/CertificateGeneration' + responses: + '200': + description: CertificateKeyPair Serializer + schema: + $ref: '#/definitions/CertificateKeyPair' + tags: + - crypto + parameters: [] /crypto/certificatekeypairs/{kp_uuid}/: get: operationId: crypto_certificatekeypairs_read @@ -11191,6 +11209,23 @@ definitions: title: Private key available type: boolean readOnly: true + CertificateGeneration: + description: Certificate generation parameters + required: + - common_name + - validity_days + type: object + properties: + common_name: + title: Common name + type: string + minLength: 1 + subject_alt_name: + title: Subject-alt name + type: string + validity_days: + title: Validity days + type: integer CertificateData: description: Get CertificateKeyPair's data type: object From b3d54b7620e499e667ea385dcc1eb4383ad156e9 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 17:33:55 +0200 Subject: [PATCH 29/60] api: cleanup args for @permission_required Signed-off-by: Jens Langhammer --- authentik/api/decorators.py | 11 +++++++---- authentik/core/api/users.py | 2 +- authentik/crypto/api.py | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/authentik/api/decorators.py b/authentik/api/decorators.py index 539553dad..00a53ed0f 100644 --- a/authentik/api/decorators.py +++ b/authentik/api/decorators.py @@ -7,7 +7,9 @@ from rest_framework.response import Response from rest_framework.viewsets import ModelViewSet -def permission_required(perm: Optional[str] = None, *other_perms: str): +def permission_required( + perm: Optional[str] = None, other_perms: Optional[list[str]] = None +): """Check permissions for a single custom action""" def wrapper_outter(func: Callable): @@ -19,9 +21,10 @@ def permission_required(perm: Optional[str] = None, *other_perms: str): obj = self.get_object() if not request.user.has_perm(perm, obj): return self.permission_denied(request) - for other_perm in other_perms: - if not request.user.has_perm(other_perm): - return self.permission_denied(request) + if other_perms: + for other_perm in other_perms: + if not request.user.has_perm(other_perm): + return self.permission_denied(request) return func(self, request, *args, **kwargs) return wrapper diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index 2c9e0adcd..f36d852a0 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -131,7 +131,7 @@ class UserViewSet(ModelViewSet): serializer.is_valid() return Response(serializer.data) - @permission_required("authentik_core.view_user", "authentik_events.view_event") + @permission_required("authentik_core.view_user", ["authentik_events.view_event"]) @swagger_auto_schema(responses={200: UserMetricsSerializer(many=False)}) @action(detail=False) def metrics(self, request: Request) -> Response: diff --git a/authentik/crypto/api.py b/authentik/crypto/api.py index eaba2075b..237548a6a 100644 --- a/authentik/crypto/api.py +++ b/authentik/crypto/api.py @@ -113,7 +113,7 @@ class CertificateKeyPairViewSet(ModelViewSet): queryset = CertificateKeyPair.objects.all() serializer_class = CertificateKeyPairSerializer - @permission_required(None, "authentik_crypto.add_certificatekeypair") + @permission_required(None, ["authentik_crypto.add_certificatekeypair"]) @swagger_auto_schema( request_body=CertificateGenerationSerializer(), responses={200: CertificateKeyPairSerializer}, From dfff2a1134224e253bd08999a3e1da12fa978b91 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 17:34:24 +0200 Subject: [PATCH 30/60] web/admin: migrate crypto/certificatekeypair to web Signed-off-by: Jens Langhammer --- .../certificatekeypair/generate.html | 14 ---- authentik/admin/urls.py | 17 ---- authentik/admin/views/certificate_key_pair.py | 81 ------------------- authentik/core/api/applications.py | 2 +- authentik/crypto/forms.py | 64 --------------- authentik/crypto/tests.py | 19 ----- web/src/api/legacy.ts | 4 - web/src/elements/Divider.ts | 37 +++++++++ .../pages/crypto/CertificateGenerateForm.ts | 37 +++++++++ .../pages/crypto/CertificateKeyPairForm.ts | 56 +++++++++++++ .../crypto/CertificateKeyPairListPage.ts | 56 +++++++++---- 11 files changed, 170 insertions(+), 217 deletions(-) delete mode 100644 authentik/admin/templates/administration/certificatekeypair/generate.html delete mode 100644 authentik/admin/views/certificate_key_pair.py delete mode 100644 authentik/crypto/forms.py create mode 100644 web/src/elements/Divider.ts create mode 100644 web/src/pages/crypto/CertificateGenerateForm.ts create mode 100644 web/src/pages/crypto/CertificateKeyPairForm.ts diff --git a/authentik/admin/templates/administration/certificatekeypair/generate.html b/authentik/admin/templates/administration/certificatekeypair/generate.html deleted file mode 100644 index 6af5c916c..000000000 --- a/authentik/admin/templates/administration/certificatekeypair/generate.html +++ /dev/null @@ -1,14 +0,0 @@ -{% extends base_template|default:"generic/form.html" %} - -{% load authentik_utils %} -{% load i18n %} - -{% block above_form %} -

- {% trans 'Generate Certificate-Key Pair' %} -

-{% endblock %} - -{% block action %} -{% trans 'Generate Certificate-Key Pair' %} -{% endblock %} diff --git a/authentik/admin/urls.py b/authentik/admin/urls.py index f581a0a89..59c29d726 100644 --- a/authentik/admin/urls.py +++ b/authentik/admin/urls.py @@ -3,7 +3,6 @@ from django.urls import path from authentik.admin.views import ( applications, - certificate_key_pair, events_notifications_rules, events_notifications_transports, flows, @@ -151,22 +150,6 @@ urlpatterns = [ property_mappings.PropertyMappingTestView.as_view(), name="property-mapping-test", ), - # Certificate-Key Pairs - path( - "crypto/certificates/create/", - certificate_key_pair.CertificateKeyPairCreateView.as_view(), - name="certificatekeypair-create", - ), - path( - "crypto/certificates/generate/", - certificate_key_pair.CertificateKeyPairGenerateView.as_view(), - name="certificatekeypair-generate", - ), - path( - "crypto/certificates//update/", - certificate_key_pair.CertificateKeyPairUpdateView.as_view(), - name="certificatekeypair-update", - ), # Outposts path( "outposts/create/", diff --git a/authentik/admin/views/certificate_key_pair.py b/authentik/admin/views/certificate_key_pair.py deleted file mode 100644 index a08d334b2..000000000 --- a/authentik/admin/views/certificate_key_pair.py +++ /dev/null @@ -1,81 +0,0 @@ -"""authentik CertificateKeyPair administration""" -from django.contrib.auth.mixins import LoginRequiredMixin -from django.contrib.auth.mixins import ( - PermissionRequiredMixin as DjangoPermissionRequiredMixin, -) -from django.contrib.messages.views import SuccessMessageMixin -from django.http.response import HttpResponse -from django.urls import reverse_lazy -from django.utils.translation import gettext as _ -from django.views.generic import UpdateView -from django.views.generic.edit import FormView -from guardian.mixins import PermissionRequiredMixin - -from authentik.crypto.builder import CertificateBuilder -from authentik.crypto.forms import ( - CertificateKeyPairForm, - CertificateKeyPairGenerateForm, -) -from authentik.crypto.models import CertificateKeyPair -from authentik.lib.views import CreateAssignPermView - - -class CertificateKeyPairCreateView( - SuccessMessageMixin, - LoginRequiredMixin, - DjangoPermissionRequiredMixin, - CreateAssignPermView, -): - """Create new CertificateKeyPair""" - - model = CertificateKeyPair - form_class = CertificateKeyPairForm - permission_required = "authentik_crypto.add_certificatekeypair" - - template_name = "generic/create.html" - success_url = reverse_lazy("authentik_core:if-admin") - success_message = _("Successfully created Certificate-Key Pair") - - -class CertificateKeyPairGenerateView( - SuccessMessageMixin, - LoginRequiredMixin, - DjangoPermissionRequiredMixin, - FormView, -): - """Generate new CertificateKeyPair""" - - model = CertificateKeyPair - form_class = CertificateKeyPairGenerateForm - permission_required = "authentik_crypto.add_certificatekeypair" - - template_name = "administration/certificatekeypair/generate.html" - success_url = reverse_lazy("authentik_core:if-admin") - success_message = _("Successfully generated Certificate-Key Pair") - - def form_valid(self, form: CertificateKeyPairGenerateForm) -> HttpResponse: - builder = CertificateBuilder() - builder.common_name = form.data["common_name"] - builder.build( - subject_alt_names=form.data.get("subject_alt_name", "").split(","), - validity_days=int(form.data["validity_days"]), - ) - builder.save() - return super().form_valid(form) - - -class CertificateKeyPairUpdateView( - SuccessMessageMixin, - LoginRequiredMixin, - PermissionRequiredMixin, - UpdateView, -): - """Update certificatekeypair""" - - model = CertificateKeyPair - form_class = CertificateKeyPairForm - permission_required = "authentik_crypto.change_certificatekeypair" - - template_name = "generic/update.html" - success_url = reverse_lazy("authentik_core:if-admin") - success_message = _("Successfully updated Certificate-Key Pair") diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py index 66076fe6c..13ce217c0 100644 --- a/authentik/core/api/applications.py +++ b/authentik/core/api/applications.py @@ -109,7 +109,7 @@ class ApplicationViewSet(ModelViewSet): return self.get_paginated_response(serializer.data) @permission_required( - "authentik_core.view_application", "authentik_events.view_event" + "authentik_core.view_application", ["authentik_events.view_event"] ) @swagger_auto_schema(responses={200: CoordinateSerializer(many=True)}) @action(detail=True) diff --git a/authentik/crypto/forms.py b/authentik/crypto/forms.py deleted file mode 100644 index f289cc207..000000000 --- a/authentik/crypto/forms.py +++ /dev/null @@ -1,64 +0,0 @@ -"""authentik Crypto forms""" -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives.serialization import load_pem_private_key -from cryptography.x509 import load_pem_x509_certificate -from django import forms -from django.utils.translation import gettext_lazy as _ - -from authentik.crypto.models import CertificateKeyPair - - -class CertificateKeyPairGenerateForm(forms.Form): - """CertificateKeyPair generation form""" - - common_name = forms.CharField() - subject_alt_name = forms.CharField(required=False, label=_("Subject-alt name")) - validity_days = forms.IntegerField(initial=365) - - -class CertificateKeyPairForm(forms.ModelForm): - """CertificateKeyPair Form""" - - def clean_certificate_data(self): - """Verify that input is a valid PEM x509 Certificate""" - certificate_data = self.cleaned_data["certificate_data"] - try: - load_pem_x509_certificate( - certificate_data.encode("utf-8"), default_backend() - ) - except ValueError: - raise forms.ValidationError("Unable to load certificate.") - return certificate_data - - def clean_key_data(self): - """Verify that input is a valid PEM RSA Key""" - key_data = self.cleaned_data["key_data"] - # Since this field is optional, data can be empty. - if key_data != "": - try: - load_pem_private_key( - str.encode("\n".join([x.strip() for x in key_data.split("\n")])), - password=None, - backend=default_backend(), - ) - except ValueError: - raise forms.ValidationError("Unable to load private key.") - return key_data - - class Meta: - - model = CertificateKeyPair - fields = [ - "name", - "certificate_data", - "key_data", - ] - widgets = { - "name": forms.TextInput(), - "certificate_data": forms.Textarea(attrs={"class": "monospaced"}), - "key_data": forms.Textarea(attrs={"class": "monospaced"}), - } - labels = { - "certificate_data": _("Certificate"), - "key_data": _("Private Key"), - } diff --git a/authentik/crypto/tests.py b/authentik/crypto/tests.py index 1b43806d2..f42f32172 100644 --- a/authentik/crypto/tests.py +++ b/authentik/crypto/tests.py @@ -2,31 +2,12 @@ from django.test import TestCase from authentik.crypto.api import CertificateKeyPairSerializer -from authentik.crypto.forms import CertificateKeyPairForm from authentik.crypto.models import CertificateKeyPair class TestCrypto(TestCase): """Test Crypto validation""" - def test_form(self): - """Test form validation""" - keypair = CertificateKeyPair.objects.first() - self.assertTrue( - CertificateKeyPairForm( - { - "name": keypair.name, - "certificate_data": keypair.certificate_data, - "key_data": keypair.key_data, - } - ).is_valid() - ) - self.assertFalse( - CertificateKeyPairForm( - {"name": keypair.name, "certificate_data": "test", "key_data": "test"} - ).is_valid() - ) - def test_serializer(self): """Test API Validation""" keypair = CertificateKeyPair.objects.first() diff --git a/web/src/api/legacy.ts b/web/src/api/legacy.ts index e921b689e..76dbcd62b 100644 --- a/web/src/api/legacy.ts +++ b/web/src/api/legacy.ts @@ -4,10 +4,6 @@ export class AdminURLManager { return `/administration/applications/${rest}`; } - static cryptoCertificates(rest: string): string { - return `/administration/crypto/certificates/${rest}`; - } - static policies(rest: string): string { return `/administration/policies/${rest}`; } diff --git a/web/src/elements/Divider.ts b/web/src/elements/Divider.ts new file mode 100644 index 000000000..d354139f2 --- /dev/null +++ b/web/src/elements/Divider.ts @@ -0,0 +1,37 @@ +import { css, CSSResult, customElement, html, LitElement, TemplateResult } from "lit-element"; +import PFBase from "@patternfly/patternfly/patternfly-base.css"; +import AKGlobal from "../authentik.css"; + +@customElement("ak-divider") +export class Divider extends LitElement { + + static get styles(): CSSResult[] { + return [PFBase, AKGlobal, css` + .separator { + display: flex; + align-items: center; + text-align: center; + } + + .separator::before, + .separator::after { + content: ''; + flex: 1; + border-bottom: 1px solid var(--pf-global--Color--100); + } + + .separator:not(:empty)::before { + margin-right: .25em; + } + + .separator:not(:empty)::after { + margin-left: .25em; + } + `]; + } + + render(): TemplateResult { + return html`
`; + } + +} diff --git a/web/src/pages/crypto/CertificateGenerateForm.ts b/web/src/pages/crypto/CertificateGenerateForm.ts new file mode 100644 index 000000000..f435b434a --- /dev/null +++ b/web/src/pages/crypto/CertificateGenerateForm.ts @@ -0,0 +1,37 @@ +import { CertificateGeneration, CryptoApi } from "authentik-api"; +import { gettext } from "django"; +import { customElement, property } from "lit-element"; +import { html, TemplateResult } from "lit-html"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { Form } from "../../elements/forms/Form"; +import "../../elements/forms/HorizontalFormElement"; + +@customElement("ak-crypto-certificate-generate-form") +export class CertificateKeyPairForm extends Form { + + getSuccessMessage(): string { + return gettext("Successfully generated certificate-key pair."); + } + + send = (data: CertificateGeneration): Promise => { + return new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsGenerate({ + data: data + }); + }; + + renderForm(): TemplateResult { + return html`
+ + + + + +

${gettext("Optional, comma-separated SubjectAlt Names.")}

+ + + + +
`; + } + +} diff --git a/web/src/pages/crypto/CertificateKeyPairForm.ts b/web/src/pages/crypto/CertificateKeyPairForm.ts new file mode 100644 index 000000000..9ccb58e39 --- /dev/null +++ b/web/src/pages/crypto/CertificateKeyPairForm.ts @@ -0,0 +1,56 @@ +import { CertificateKeyPair, CoreApi, CryptoApi, Group } from "authentik-api"; +import { gettext } from "django"; +import { customElement, property } from "lit-element"; +import { html, TemplateResult } from "lit-html"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { Form } from "../../elements/forms/Form"; +import { ifDefined } from "lit-html/directives/if-defined"; +import "../../elements/forms/HorizontalFormElement"; +import "../../elements/CodeMirror"; +import "../../elements/Divider"; + +@customElement("ak-crypto-certificate-form") +export class CertificateKeyPairForm extends Form { + + @property({attribute: false}) + keyPair?: CertificateKeyPair; + + getSuccessMessage(): string { + if (this.keyPair) { + return gettext("Successfully updated certificate-key pair."); + } else { + return gettext("Successfully created certificate-key pair."); + } + } + + send = (data: CertificateKeyPair): Promise => { + if (this.keyPair) { + return new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsPartialUpdate({ + kpUuid: this.keyPair.pk || "", + data: data + }); + } else { + return new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsCreate({ + data: data + }); + } + }; + + renderForm(): TemplateResult { + return html`
+ + + + ${this.keyPair ? html`${gettext("Only change the fields below if you want to overwrite their values.")}` : html``} + + +

${gettext("PEM-encoded Certificate data.")}

+ + + +

${gettext("Optional Private Key. If this is set, you can use this keypair for encryption.")}

+ +
`; + } + +} diff --git a/web/src/pages/crypto/CertificateKeyPairListPage.ts b/web/src/pages/crypto/CertificateKeyPairListPage.ts index 8b2ab5835..d08ddba34 100644 --- a/web/src/pages/crypto/CertificateKeyPairListPage.ts +++ b/web/src/pages/crypto/CertificateKeyPairListPage.ts @@ -6,12 +6,13 @@ import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList import { CryptoApi, CertificateKeyPair } from "authentik-api"; -import "../../elements/buttons/ModalButton"; +import "../../elements/forms/ModalForm"; import "../../elements/buttons/SpinnerButton"; import "../../elements/forms/DeleteForm"; +import "./CertificateKeyPairForm"; +import "./CertificateGenerateForm"; import { TableColumn } from "../../elements/table/Table"; import { PAGE_SIZE } from "../../constants"; -import { AdminURLManager } from "../../api/legacy"; import { DEFAULT_CONFIG } from "../../api/Config"; @customElement("ak-crypto-certificate-list") @@ -62,12 +63,19 @@ export class CertificateKeyPairListPage extends TablePage { html`${gettext(item.privateKeyAvailable ? "Yes" : "No")}`, html`${item.certExpiry?.toLocaleString()}`, html` - - + + + ${gettext("Update")} + + + ${gettext("Update Certificate-Key Pair")} + + + + + { renderToolbar(): TemplateResult { return html` - - + + ${gettext("Create")} - -
- - - + + + ${gettext("Create Certificate-Key Pair")} + + + + + + + ${gettext("Generate")} - -
- + + + ${gettext("Generate Certificate-Key Pair")} + + + + + ${super.renderToolbar()} `; } From fc17580d9afb40f1cc393c015a18cf167c626a0b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 17:36:52 +0200 Subject: [PATCH 31/60] web: only show message on server error Signed-off-by: Jens Langhammer --- web/src/elements/messages/Middleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/elements/messages/Middleware.ts b/web/src/elements/messages/Middleware.ts index b01861950..320cdc74f 100644 --- a/web/src/elements/messages/Middleware.ts +++ b/web/src/elements/messages/Middleware.ts @@ -6,7 +6,7 @@ import { showMessage } from "./MessageContainer"; export class MessageMiddleware implements Middleware { post(context: ResponseContext): Promise { - if (!context.response.ok) { + if (context.response.status >= 500) { showMessage({ level: MessageLevel.error, message: gettext("API request failed"), From 372cf4a8cb8f9632160b87912a2dc71c5b5a01d9 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 18:05:06 +0200 Subject: [PATCH 32/60] api: add error responses to swagger schema Signed-off-by: Jens Langhammer --- authentik/api/schema.py | 107 ++ authentik/api/v2/urls.py | 2 +- authentik/root/settings.py | 1 + swagger.yaml | 3742 +++++++++++++++++++++++++++++++++++- 4 files changed, 3850 insertions(+), 2 deletions(-) create mode 100644 authentik/api/schema.py diff --git a/authentik/api/schema.py b/authentik/api/schema.py new file mode 100644 index 000000000..56eb17c42 --- /dev/null +++ b/authentik/api/schema.py @@ -0,0 +1,107 @@ +"""Error Response schema, from https://github.com/axnsan12/drf-yasg/issues/224""" +from drf_yasg2 import openapi +from drf_yasg2.inspectors.view import SwaggerAutoSchema +from drf_yasg2.utils import force_real_str, is_list_view +from rest_framework import exceptions, status +from rest_framework.settings import api_settings + + +class ErrorResponseAutoSchema(SwaggerAutoSchema): + """Inspector which includes an error schema""" + + def get_generic_error_schema(self): + """Get a generic error schema""" + return openapi.Schema( + "Generic API Error", + type=openapi.TYPE_OBJECT, + properties={ + "errors": openapi.Schema( + type=openapi.TYPE_OBJECT, + properties={ + "detail": openapi.Schema( + type=openapi.TYPE_STRING, description="Error details" + ), + "code": openapi.Schema( + type=openapi.TYPE_STRING, description="Error code" + ), + }, + ) + }, + required=["detail"], + ) + + def get_validation_error_schema(self): + """Get a generic validation error schema""" + return openapi.Schema( + "Validation Error", + type=openapi.TYPE_OBJECT, + properties={ + api_settings.NON_FIELD_ERRORS_KEY: openapi.Schema( + description="List of validation errors not related to any field", + type=openapi.TYPE_ARRAY, + items=openapi.Schema(type=openapi.TYPE_STRING), + ), + }, + additional_properties=openapi.Schema( + description=( + "A list of error messages for each " + "field that triggered a validation error" + ), + type=openapi.TYPE_ARRAY, + items=openapi.Schema(type=openapi.TYPE_STRING), + ), + ) + + def get_response_serializers(self): + responses = super().get_response_serializers() + definitions = self.components.with_scope( + openapi.SCHEMA_DEFINITIONS + ) # type: openapi.ReferenceResolver + + definitions.setdefault("GenericError", self.get_generic_error_schema) + definitions.setdefault("ValidationError", self.get_validation_error_schema) + definitions.setdefault("APIException", self.get_generic_error_schema) + + if self.get_request_serializer() or self.get_query_serializer(): + responses.setdefault( + exceptions.ValidationError.status_code, + openapi.Response( + description=force_real_str( + exceptions.ValidationError.default_detail + ), + schema=openapi.SchemaRef(definitions, "ValidationError"), + ), + ) + + security = self.get_security() + if security is None or len(security) > 0: + # Note: 401 error codes are coerced into 403 see + # rest_framework/views.py:433:handle_exception + # This is b/c the API uses token auth which doesn't have WWW-Authenticate header + responses.setdefault( + status.HTTP_403_FORBIDDEN, + openapi.Response( + description="Authentication credentials were invalid, absent or insufficient.", + schema=openapi.SchemaRef(definitions, "GenericError"), + ), + ) + if not is_list_view(self.path, self.method, self.view): + responses.setdefault( + exceptions.PermissionDenied.status_code, + openapi.Response( + description="Permission denied.", + schema=openapi.SchemaRef(definitions, "APIException"), + ), + ) + responses.setdefault( + exceptions.NotFound.status_code, + openapi.Response( + description=( + "Object does not exist or caller " + "has insufficient permissions to access it." + ), + schema=openapi.SchemaRef(definitions, "APIException"), + ), + ) + + return responses diff --git a/authentik/api/v2/urls.py b/authentik/api/v2/urls.py index 4c45e5697..573e615e1 100644 --- a/authentik/api/v2/urls.py +++ b/authentik/api/v2/urls.py @@ -189,7 +189,7 @@ router.register("policies/dummy", DummyPolicyViewSet) info = openapi.Info( title="authentik API", - default_version="v2", + default_version="v2beta", contact=openapi.Contact(email="hello@beryju.org"), license=openapi.License( name="GNU GPLv3", url="https://github.com/BeryJu/authentik/blob/master/LICENSE" diff --git a/authentik/root/settings.py b/authentik/root/settings.py index 945b89abc..e2d2e8755 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -137,6 +137,7 @@ INSTALLED_APPS = [ GUARDIAN_MONKEY_PATCH = False SWAGGER_SETTINGS = { + "DEFAULT_AUTO_SCHEMA_CLASS": "authentik.api.schema.ErrorResponseAutoSchema", "DEFAULT_INFO": "authentik.api.v2.urls.info", "DEFAULT_PAGINATOR_INSPECTORS": [ "authentik.api.pagination_schema.PaginationInspector", diff --git a/swagger.yaml b/swagger.yaml index 63b99ce7e..19efba957 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -6,7 +6,7 @@ info: license: name: GNU GPLv3 url: https://github.com/BeryJu/authentik/blob/master/LICENSE - version: v2 + version: v2beta basePath: /api/v2beta consumes: - application/json @@ -30,6 +30,10 @@ paths: description: Login Metrics per 1h schema: $ref: '#/definitions/LoginMetrics' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - admin parameters: [] @@ -46,6 +50,10 @@ paths: type: array items: $ref: '#/definitions/Task' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - admin parameters: [] @@ -57,6 +65,15 @@ paths: responses: '201': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - admin parameters: @@ -94,6 +111,10 @@ paths: description: Get running and latest version. schema: $ref: '#/definitions/Version' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - admin parameters: [] @@ -162,6 +183,10 @@ paths: description: '' type: object properties: {} + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - admin parameters: [] @@ -233,6 +258,10 @@ paths: type: array items: $ref: '#/definitions/StaticDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - authenticators parameters: [] @@ -246,6 +275,15 @@ paths: description: '' schema: $ref: '#/definitions/StaticDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators parameters: @@ -322,6 +360,10 @@ paths: type: array items: $ref: '#/definitions/TOTPDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - authenticators parameters: [] @@ -335,6 +377,15 @@ paths: description: '' schema: $ref: '#/definitions/TOTPDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators parameters: @@ -411,6 +462,10 @@ paths: type: array items: $ref: '#/definitions/WebAuthnDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - authenticators parameters: [] @@ -424,6 +479,15 @@ paths: description: '' schema: $ref: '#/definitions/WebAuthnDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators parameters: @@ -500,6 +564,10 @@ paths: type: array items: $ref: '#/definitions/StaticDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - authenticators post: @@ -516,6 +584,14 @@ paths: description: '' schema: $ref: '#/definitions/StaticDevice' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - authenticators parameters: [] @@ -529,6 +605,15 @@ paths: description: '' schema: $ref: '#/definitions/StaticDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators put: @@ -545,6 +630,19 @@ paths: description: '' schema: $ref: '#/definitions/StaticDevice' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators patch: @@ -561,6 +659,19 @@ paths: description: '' schema: $ref: '#/definitions/StaticDevice' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators delete: @@ -570,6 +681,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators parameters: @@ -646,6 +766,10 @@ paths: type: array items: $ref: '#/definitions/TOTPDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - authenticators post: @@ -662,6 +786,14 @@ paths: description: '' schema: $ref: '#/definitions/TOTPDevice' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - authenticators parameters: [] @@ -675,6 +807,15 @@ paths: description: '' schema: $ref: '#/definitions/TOTPDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators put: @@ -691,6 +832,19 @@ paths: description: '' schema: $ref: '#/definitions/TOTPDevice' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators patch: @@ -707,6 +861,19 @@ paths: description: '' schema: $ref: '#/definitions/TOTPDevice' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators delete: @@ -716,6 +883,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators parameters: @@ -792,6 +968,10 @@ paths: type: array items: $ref: '#/definitions/WebAuthnDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - authenticators post: @@ -808,6 +988,14 @@ paths: description: '' schema: $ref: '#/definitions/WebAuthnDevice' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - authenticators parameters: [] @@ -821,6 +1009,15 @@ paths: description: '' schema: $ref: '#/definitions/WebAuthnDevice' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators put: @@ -837,6 +1034,19 @@ paths: description: '' schema: $ref: '#/definitions/WebAuthnDevice' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators patch: @@ -853,6 +1063,19 @@ paths: description: '' schema: $ref: '#/definitions/WebAuthnDevice' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators delete: @@ -862,6 +1085,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - authenticators parameters: @@ -933,6 +1165,10 @@ paths: type: array items: $ref: '#/definitions/Application' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core post: @@ -949,6 +1185,14 @@ paths: description: '' schema: $ref: '#/definitions/Application' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core parameters: [] @@ -962,6 +1206,15 @@ paths: description: '' schema: $ref: '#/definitions/Application' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core put: @@ -978,6 +1231,19 @@ paths: description: '' schema: $ref: '#/definitions/Application' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core patch: @@ -994,6 +1260,19 @@ paths: description: '' schema: $ref: '#/definitions/Application' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core delete: @@ -1003,6 +1282,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core parameters: @@ -1026,6 +1314,15 @@ paths: type: array items: $ref: '#/definitions/Coordinate' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core parameters: @@ -1109,6 +1406,10 @@ paths: type: array items: $ref: '#/definitions/Group' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core post: @@ -1125,6 +1426,14 @@ paths: description: '' schema: $ref: '#/definitions/Group' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core parameters: [] @@ -1138,6 +1447,15 @@ paths: description: '' schema: $ref: '#/definitions/Group' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core put: @@ -1154,6 +1472,19 @@ paths: description: '' schema: $ref: '#/definitions/Group' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core patch: @@ -1170,6 +1501,19 @@ paths: description: '' schema: $ref: '#/definitions/Group' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core delete: @@ -1179,6 +1523,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core parameters: @@ -1271,6 +1624,10 @@ paths: type: array items: $ref: '#/definitions/Token' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core post: @@ -1287,6 +1644,14 @@ paths: description: '' schema: $ref: '#/definitions/Token' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core parameters: [] @@ -1300,6 +1665,15 @@ paths: description: '' schema: $ref: '#/definitions/Token' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core put: @@ -1316,6 +1690,19 @@ paths: description: '' schema: $ref: '#/definitions/Token' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core patch: @@ -1332,6 +1719,19 @@ paths: description: '' schema: $ref: '#/definitions/Token' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core delete: @@ -1341,6 +1741,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core parameters: @@ -1360,6 +1769,15 @@ paths: description: Show token's current key schema: $ref: '#/definitions/TokenView' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core parameters: @@ -1442,6 +1860,10 @@ paths: type: array items: $ref: '#/definitions/UserConsent' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core parameters: [] @@ -1455,6 +1877,15 @@ paths: description: '' schema: $ref: '#/definitions/UserConsent' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core delete: @@ -1464,6 +1895,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core parameters: @@ -1550,6 +1990,10 @@ paths: type: array items: $ref: '#/definitions/User' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core post: @@ -1566,6 +2010,14 @@ paths: description: '' schema: $ref: '#/definitions/User' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core parameters: [] @@ -1616,6 +2068,10 @@ paths: original user in the `original` property. schema: $ref: '#/definitions/SessionUser' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core parameters: [] @@ -1664,6 +2120,10 @@ paths: description: User Metrics schema: $ref: '#/definitions/UserMetrics' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - core parameters: [] @@ -1677,6 +2137,15 @@ paths: description: '' schema: $ref: '#/definitions/User' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core put: @@ -1693,6 +2162,19 @@ paths: description: '' schema: $ref: '#/definitions/User' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core patch: @@ -1709,6 +2191,19 @@ paths: description: '' schema: $ref: '#/definitions/User' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core delete: @@ -1718,6 +2213,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core parameters: @@ -1736,6 +2240,15 @@ paths: description: Recovery link for a user to reset their password schema: $ref: '#/definitions/UserRecovery' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - core parameters: @@ -1807,6 +2320,10 @@ paths: type: array items: $ref: '#/definitions/CertificateKeyPair' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - crypto post: @@ -1823,6 +2340,14 @@ paths: description: '' schema: $ref: '#/definitions/CertificateKeyPair' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - crypto parameters: [] @@ -1841,6 +2366,14 @@ paths: description: CertificateKeyPair Serializer schema: $ref: '#/definitions/CertificateKeyPair' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - crypto parameters: [] @@ -1854,6 +2387,15 @@ paths: description: '' schema: $ref: '#/definitions/CertificateKeyPair' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - crypto put: @@ -1870,6 +2412,19 @@ paths: description: '' schema: $ref: '#/definitions/CertificateKeyPair' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - crypto patch: @@ -1886,6 +2441,19 @@ paths: description: '' schema: $ref: '#/definitions/CertificateKeyPair' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - crypto delete: @@ -1895,6 +2463,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - crypto parameters: @@ -1914,6 +2491,15 @@ paths: description: Get CertificateKeyPair's data schema: $ref: '#/definitions/CertificateData' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - crypto parameters: @@ -1933,6 +2519,15 @@ paths: description: Get CertificateKeyPair's data schema: $ref: '#/definitions/CertificateData' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - crypto parameters: @@ -2040,6 +2635,10 @@ paths: type: array items: $ref: '#/definitions/Event' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - events parameters: [] @@ -2116,6 +2715,14 @@ paths: type: array items: $ref: '#/definitions/EventTopPerUser' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - events parameters: [] @@ -2129,6 +2736,15 @@ paths: description: '' schema: $ref: '#/definitions/Event' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events parameters: @@ -2226,6 +2842,10 @@ paths: type: array items: $ref: '#/definitions/Notification' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - events parameters: [] @@ -2239,6 +2859,15 @@ paths: description: '' schema: $ref: '#/definitions/Notification' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events put: @@ -2255,6 +2884,19 @@ paths: description: '' schema: $ref: '#/definitions/Notification' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events patch: @@ -2271,6 +2913,19 @@ paths: description: '' schema: $ref: '#/definitions/Notification' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events delete: @@ -2280,6 +2935,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events parameters: @@ -2352,6 +3016,10 @@ paths: type: array items: $ref: '#/definitions/NotificationRule' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - events post: @@ -2368,6 +3036,14 @@ paths: description: '' schema: $ref: '#/definitions/NotificationRule' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - events parameters: [] @@ -2381,6 +3057,15 @@ paths: description: '' schema: $ref: '#/definitions/NotificationRule' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events put: @@ -2397,6 +3082,19 @@ paths: description: '' schema: $ref: '#/definitions/NotificationRule' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events patch: @@ -2413,6 +3111,19 @@ paths: description: '' schema: $ref: '#/definitions/NotificationRule' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events delete: @@ -2422,6 +3133,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events parameters: @@ -2494,6 +3214,10 @@ paths: type: array items: $ref: '#/definitions/NotificationTransport' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - events post: @@ -2510,6 +3234,14 @@ paths: description: '' schema: $ref: '#/definitions/NotificationTransport' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - events parameters: [] @@ -2523,6 +3255,15 @@ paths: description: '' schema: $ref: '#/definitions/NotificationTransport' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events put: @@ -2539,6 +3280,19 @@ paths: description: '' schema: $ref: '#/definitions/NotificationTransport' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events patch: @@ -2555,6 +3309,19 @@ paths: description: '' schema: $ref: '#/definitions/NotificationTransport' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events delete: @@ -2564,6 +3331,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events parameters: @@ -2585,6 +3361,15 @@ paths: description: Notification test serializer schema: $ref: '#/definitions/NotificationTransportTest' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - events parameters: @@ -2697,6 +3482,10 @@ paths: type: array items: $ref: '#/definitions/FlowStageBinding' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - flows post: @@ -2713,6 +3502,14 @@ paths: description: '' schema: $ref: '#/definitions/FlowStageBinding' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - flows parameters: [] @@ -2726,6 +3523,15 @@ paths: description: '' schema: $ref: '#/definitions/FlowStageBinding' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows put: @@ -2742,6 +3548,19 @@ paths: description: '' schema: $ref: '#/definitions/FlowStageBinding' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows patch: @@ -2758,6 +3577,19 @@ paths: description: '' schema: $ref: '#/definitions/FlowStageBinding' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows delete: @@ -2767,6 +3599,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows parameters: @@ -2792,6 +3633,15 @@ paths: is currently active schema: $ref: '#/definitions/Challenge' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows post: @@ -2815,6 +3665,19 @@ paths: is currently active schema: $ref: '#/definitions/Challenge' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows parameters: @@ -2905,6 +3768,10 @@ paths: type: array items: $ref: '#/definitions/Flow' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - flows post: @@ -2921,6 +3788,14 @@ paths: description: '' schema: $ref: '#/definitions/Flow' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - flows parameters: [] @@ -2934,6 +3809,10 @@ paths: description: Successfully cleared cache '400': description: Bad request + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - flows parameters: [] @@ -2987,6 +3866,10 @@ paths: description: Generic cache stats for an object schema: $ref: '#/definitions/Cache' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - flows parameters: [] @@ -3000,6 +3883,15 @@ paths: description: '' schema: $ref: '#/definitions/Flow' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows put: @@ -3016,6 +3908,19 @@ paths: description: '' schema: $ref: '#/definitions/Flow' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows patch: @@ -3032,6 +3937,19 @@ paths: description: '' schema: $ref: '#/definitions/Flow' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows delete: @@ -3041,6 +3959,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows parameters: @@ -3062,6 +3989,15 @@ paths: description: response of the flow's /diagram/ action schema: $ref: '#/definitions/FlowDiagram' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows parameters: @@ -3082,6 +4018,15 @@ paths: description: File Attachment schema: type: file + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - flows parameters: @@ -3165,6 +4110,10 @@ paths: type: array items: $ref: '#/definitions/ExpiringBaseGrantModel' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - oauth2 parameters: [] @@ -3178,6 +4127,15 @@ paths: description: '' schema: $ref: '#/definitions/ExpiringBaseGrantModel' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - oauth2 delete: @@ -3187,6 +4145,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - oauth2 parameters: @@ -3268,6 +4235,10 @@ paths: type: array items: $ref: '#/definitions/ExpiringBaseGrantModel' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - oauth2 parameters: [] @@ -3281,6 +4252,15 @@ paths: description: '' schema: $ref: '#/definitions/ExpiringBaseGrantModel' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - oauth2 delete: @@ -3290,6 +4270,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - oauth2 parameters: @@ -3366,6 +4355,10 @@ paths: type: array items: $ref: '#/definitions/Outpost' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts post: @@ -3382,6 +4375,14 @@ paths: description: '' schema: $ref: '#/definitions/Outpost' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts parameters: [] @@ -3395,6 +4396,15 @@ paths: description: '' schema: $ref: '#/definitions/Outpost' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts put: @@ -3411,6 +4421,19 @@ paths: description: '' schema: $ref: '#/definitions/Outpost' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts patch: @@ -3427,6 +4450,19 @@ paths: description: '' schema: $ref: '#/definitions/Outpost' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts delete: @@ -3436,6 +4472,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts parameters: @@ -3458,6 +4503,15 @@ paths: type: array items: $ref: '#/definitions/OutpostHealth' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts parameters: @@ -3530,6 +4584,10 @@ paths: type: array items: $ref: '#/definitions/ProxyOutpostConfig' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts post: @@ -3546,6 +4604,14 @@ paths: description: '' schema: $ref: '#/definitions/ProxyOutpostConfig' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts parameters: [] @@ -3559,6 +4625,15 @@ paths: description: '' schema: $ref: '#/definitions/ProxyOutpostConfig' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts put: @@ -3575,6 +4650,19 @@ paths: description: '' schema: $ref: '#/definitions/ProxyOutpostConfig' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts patch: @@ -3591,6 +4679,19 @@ paths: description: '' schema: $ref: '#/definitions/ProxyOutpostConfig' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts delete: @@ -3600,6 +4701,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts parameters: @@ -3676,6 +4786,10 @@ paths: type: array items: $ref: '#/definitions/ServiceConnection' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts post: @@ -3692,6 +4806,14 @@ paths: description: '' schema: $ref: '#/definitions/ServiceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts parameters: [] @@ -3733,6 +4855,10 @@ paths: type: array items: $ref: '#/definitions/TypeCreate' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts parameters: [] @@ -3746,6 +4872,15 @@ paths: description: '' schema: $ref: '#/definitions/ServiceConnection' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts put: @@ -3762,6 +4897,19 @@ paths: description: '' schema: $ref: '#/definitions/ServiceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts patch: @@ -3778,6 +4926,19 @@ paths: description: '' schema: $ref: '#/definitions/ServiceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts delete: @@ -3787,6 +4948,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts parameters: @@ -3806,6 +4976,15 @@ paths: description: Serializer for Service connection state schema: $ref: '#/definitions/ServiceConnectionState' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts parameters: @@ -3878,6 +5057,10 @@ paths: type: array items: $ref: '#/definitions/DockerServiceConnection' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts post: @@ -3894,6 +5077,14 @@ paths: description: '' schema: $ref: '#/definitions/DockerServiceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts parameters: [] @@ -3907,6 +5098,15 @@ paths: description: '' schema: $ref: '#/definitions/DockerServiceConnection' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts put: @@ -3923,6 +5123,19 @@ paths: description: '' schema: $ref: '#/definitions/DockerServiceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts patch: @@ -3939,6 +5152,19 @@ paths: description: '' schema: $ref: '#/definitions/DockerServiceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts delete: @@ -3948,6 +5174,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts parameters: @@ -4020,6 +5255,10 @@ paths: type: array items: $ref: '#/definitions/KubernetesServiceConnection' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts post: @@ -4036,6 +5275,14 @@ paths: description: '' schema: $ref: '#/definitions/KubernetesServiceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - outposts parameters: [] @@ -4049,6 +5296,15 @@ paths: description: '' schema: $ref: '#/definitions/KubernetesServiceConnection' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts put: @@ -4065,6 +5321,19 @@ paths: description: '' schema: $ref: '#/definitions/KubernetesServiceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts patch: @@ -4081,6 +5350,19 @@ paths: description: '' schema: $ref: '#/definitions/KubernetesServiceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts delete: @@ -4090,6 +5372,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - outposts parameters: @@ -4172,6 +5463,10 @@ paths: type: array items: $ref: '#/definitions/Policy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -4185,6 +5480,10 @@ paths: description: Successfully cleared cache '400': description: Bad request + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -4228,6 +5527,10 @@ paths: description: Generic cache stats for an object schema: $ref: '#/definitions/Cache' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -4274,6 +5577,10 @@ paths: type: array items: $ref: '#/definitions/TypeCreate' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -4287,6 +5594,15 @@ paths: description: '' schema: $ref: '#/definitions/Policy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -4296,6 +5612,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -4393,6 +5718,10 @@ paths: type: array items: $ref: '#/definitions/PolicyBinding' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -4409,6 +5738,14 @@ paths: description: '' schema: $ref: '#/definitions/PolicyBinding' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -4422,6 +5759,15 @@ paths: description: '' schema: $ref: '#/definitions/PolicyBinding' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -4438,6 +5784,19 @@ paths: description: '' schema: $ref: '#/definitions/PolicyBinding' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -4454,6 +5813,19 @@ paths: description: '' schema: $ref: '#/definitions/PolicyBinding' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -4463,6 +5835,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -4535,6 +5916,10 @@ paths: type: array items: $ref: '#/definitions/DummyPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -4551,6 +5936,14 @@ paths: description: '' schema: $ref: '#/definitions/DummyPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -4564,6 +5957,15 @@ paths: description: '' schema: $ref: '#/definitions/DummyPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -4580,6 +5982,19 @@ paths: description: '' schema: $ref: '#/definitions/DummyPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -4596,6 +6011,19 @@ paths: description: '' schema: $ref: '#/definitions/DummyPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -4605,6 +6033,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -4677,6 +6114,10 @@ paths: type: array items: $ref: '#/definitions/EventMatcherPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -4693,6 +6134,14 @@ paths: description: '' schema: $ref: '#/definitions/EventMatcherPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -4706,6 +6155,15 @@ paths: description: '' schema: $ref: '#/definitions/EventMatcherPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -4722,6 +6180,19 @@ paths: description: '' schema: $ref: '#/definitions/EventMatcherPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -4738,6 +6209,19 @@ paths: description: '' schema: $ref: '#/definitions/EventMatcherPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -4747,6 +6231,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -4819,6 +6312,10 @@ paths: type: array items: $ref: '#/definitions/ExpressionPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -4835,6 +6332,14 @@ paths: description: '' schema: $ref: '#/definitions/ExpressionPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -4848,6 +6353,15 @@ paths: description: '' schema: $ref: '#/definitions/ExpressionPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -4864,6 +6378,19 @@ paths: description: '' schema: $ref: '#/definitions/ExpressionPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -4880,6 +6407,19 @@ paths: description: '' schema: $ref: '#/definitions/ExpressionPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -4889,6 +6429,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -4961,6 +6510,10 @@ paths: type: array items: $ref: '#/definitions/HaveIBeenPwendPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -4977,6 +6530,14 @@ paths: description: '' schema: $ref: '#/definitions/HaveIBeenPwendPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -4990,6 +6551,15 @@ paths: description: '' schema: $ref: '#/definitions/HaveIBeenPwendPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -5006,6 +6576,19 @@ paths: description: '' schema: $ref: '#/definitions/HaveIBeenPwendPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -5022,6 +6605,19 @@ paths: description: '' schema: $ref: '#/definitions/HaveIBeenPwendPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -5031,6 +6627,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -5103,6 +6708,10 @@ paths: type: array items: $ref: '#/definitions/PasswordPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -5119,6 +6728,14 @@ paths: description: '' schema: $ref: '#/definitions/PasswordPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -5132,6 +6749,15 @@ paths: description: '' schema: $ref: '#/definitions/PasswordPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -5148,6 +6774,19 @@ paths: description: '' schema: $ref: '#/definitions/PasswordPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -5164,6 +6803,19 @@ paths: description: '' schema: $ref: '#/definitions/PasswordPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -5173,6 +6825,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -5245,6 +6906,10 @@ paths: type: array items: $ref: '#/definitions/PasswordExpiryPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -5261,6 +6926,14 @@ paths: description: '' schema: $ref: '#/definitions/PasswordExpiryPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -5274,6 +6947,15 @@ paths: description: '' schema: $ref: '#/definitions/PasswordExpiryPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -5290,6 +6972,19 @@ paths: description: '' schema: $ref: '#/definitions/PasswordExpiryPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -5306,6 +7001,19 @@ paths: description: '' schema: $ref: '#/definitions/PasswordExpiryPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -5315,6 +7023,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -5387,6 +7104,10 @@ paths: type: array items: $ref: '#/definitions/ReputationPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -5403,6 +7124,14 @@ paths: description: '' schema: $ref: '#/definitions/ReputationPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -5469,6 +7198,10 @@ paths: type: array items: $ref: '#/definitions/IPReputation' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -5485,6 +7218,14 @@ paths: description: '' schema: $ref: '#/definitions/IPReputation' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -5498,6 +7239,15 @@ paths: description: '' schema: $ref: '#/definitions/IPReputation' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -5514,6 +7264,19 @@ paths: description: '' schema: $ref: '#/definitions/IPReputation' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -5530,6 +7293,19 @@ paths: description: '' schema: $ref: '#/definitions/IPReputation' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -5539,6 +7315,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -5610,6 +7395,10 @@ paths: type: array items: $ref: '#/definitions/UserReputation' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies post: @@ -5626,6 +7415,14 @@ paths: description: '' schema: $ref: '#/definitions/UserReputation' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - policies parameters: [] @@ -5639,6 +7436,15 @@ paths: description: '' schema: $ref: '#/definitions/UserReputation' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -5655,6 +7461,19 @@ paths: description: '' schema: $ref: '#/definitions/UserReputation' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -5671,6 +7490,19 @@ paths: description: '' schema: $ref: '#/definitions/UserReputation' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -5680,6 +7512,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -5698,6 +7539,15 @@ paths: description: '' schema: $ref: '#/definitions/ReputationPolicy' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies put: @@ -5714,6 +7564,19 @@ paths: description: '' schema: $ref: '#/definitions/ReputationPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies patch: @@ -5730,6 +7593,19 @@ paths: description: '' schema: $ref: '#/definitions/ReputationPolicy' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies delete: @@ -5739,6 +7615,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - policies parameters: @@ -5816,6 +7701,10 @@ paths: type: array items: $ref: '#/definitions/PropertyMapping' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - propertymappings parameters: [] @@ -5857,6 +7746,10 @@ paths: type: array items: $ref: '#/definitions/TypeCreate' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - propertymappings parameters: [] @@ -5870,6 +7763,15 @@ paths: description: '' schema: $ref: '#/definitions/PropertyMapping' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings delete: @@ -5879,6 +7781,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings parameters: @@ -5951,6 +7862,10 @@ paths: type: array items: $ref: '#/definitions/LDAPPropertyMapping' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - propertymappings post: @@ -5967,6 +7882,14 @@ paths: description: '' schema: $ref: '#/definitions/LDAPPropertyMapping' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - propertymappings parameters: [] @@ -5980,6 +7903,15 @@ paths: description: '' schema: $ref: '#/definitions/LDAPPropertyMapping' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings put: @@ -5996,6 +7928,19 @@ paths: description: '' schema: $ref: '#/definitions/LDAPPropertyMapping' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings patch: @@ -6012,6 +7957,19 @@ paths: description: '' schema: $ref: '#/definitions/LDAPPropertyMapping' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings delete: @@ -6021,6 +7979,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings parameters: @@ -6093,6 +8060,10 @@ paths: type: array items: $ref: '#/definitions/SAMLPropertyMapping' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - propertymappings post: @@ -6109,6 +8080,14 @@ paths: description: '' schema: $ref: '#/definitions/SAMLPropertyMapping' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - propertymappings parameters: [] @@ -6122,6 +8101,15 @@ paths: description: '' schema: $ref: '#/definitions/SAMLPropertyMapping' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings put: @@ -6138,6 +8126,19 @@ paths: description: '' schema: $ref: '#/definitions/SAMLPropertyMapping' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings patch: @@ -6154,6 +8155,19 @@ paths: description: '' schema: $ref: '#/definitions/SAMLPropertyMapping' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings delete: @@ -6163,6 +8177,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings parameters: @@ -6235,6 +8258,10 @@ paths: type: array items: $ref: '#/definitions/ScopeMapping' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - propertymappings post: @@ -6251,6 +8278,14 @@ paths: description: '' schema: $ref: '#/definitions/ScopeMapping' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - propertymappings parameters: [] @@ -6264,6 +8299,15 @@ paths: description: '' schema: $ref: '#/definitions/ScopeMapping' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings put: @@ -6280,6 +8324,19 @@ paths: description: '' schema: $ref: '#/definitions/ScopeMapping' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings patch: @@ -6296,6 +8353,19 @@ paths: description: '' schema: $ref: '#/definitions/ScopeMapping' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings delete: @@ -6305,6 +8375,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - propertymappings parameters: @@ -6382,6 +8461,10 @@ paths: type: array items: $ref: '#/definitions/Provider' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - providers post: @@ -6398,6 +8481,14 @@ paths: description: '' schema: $ref: '#/definitions/Provider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - providers parameters: [] @@ -6439,6 +8530,10 @@ paths: type: array items: $ref: '#/definitions/TypeCreate' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - providers parameters: [] @@ -6452,6 +8547,15 @@ paths: description: '' schema: $ref: '#/definitions/Provider' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers put: @@ -6468,6 +8572,19 @@ paths: description: '' schema: $ref: '#/definitions/Provider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers patch: @@ -6484,6 +8601,19 @@ paths: description: '' schema: $ref: '#/definitions/Provider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers delete: @@ -6493,6 +8623,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers parameters: @@ -6564,6 +8703,10 @@ paths: type: array items: $ref: '#/definitions/OAuth2Provider' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - providers post: @@ -6580,6 +8723,14 @@ paths: description: '' schema: $ref: '#/definitions/OAuth2Provider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - providers parameters: [] @@ -6593,6 +8744,15 @@ paths: description: '' schema: $ref: '#/definitions/OAuth2Provider' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers put: @@ -6609,6 +8769,19 @@ paths: description: '' schema: $ref: '#/definitions/OAuth2Provider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers patch: @@ -6625,6 +8798,19 @@ paths: description: '' schema: $ref: '#/definitions/OAuth2Provider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers delete: @@ -6634,6 +8820,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers parameters: @@ -6652,6 +8847,15 @@ paths: description: OAuth2 Provider Metadata serializer schema: $ref: '#/definitions/OAuth2ProviderSetupURLs' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers parameters: @@ -6723,6 +8927,10 @@ paths: type: array items: $ref: '#/definitions/ProxyProvider' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - providers post: @@ -6739,6 +8947,14 @@ paths: description: '' schema: $ref: '#/definitions/ProxyProvider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - providers parameters: [] @@ -6752,6 +8968,15 @@ paths: description: '' schema: $ref: '#/definitions/ProxyProvider' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers put: @@ -6768,6 +8993,19 @@ paths: description: '' schema: $ref: '#/definitions/ProxyProvider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers patch: @@ -6784,6 +9022,19 @@ paths: description: '' schema: $ref: '#/definitions/ProxyProvider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers delete: @@ -6793,6 +9044,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers parameters: @@ -6864,6 +9124,10 @@ paths: type: array items: $ref: '#/definitions/SAMLProvider' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - providers post: @@ -6880,6 +9144,14 @@ paths: description: '' schema: $ref: '#/definitions/SAMLProvider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - providers parameters: [] @@ -6893,6 +9165,15 @@ paths: description: '' schema: $ref: '#/definitions/SAMLProvider' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers put: @@ -6909,6 +9190,19 @@ paths: description: '' schema: $ref: '#/definitions/SAMLProvider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers patch: @@ -6925,6 +9219,19 @@ paths: description: '' schema: $ref: '#/definitions/SAMLProvider' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers delete: @@ -6934,6 +9241,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers parameters: @@ -6952,6 +9268,15 @@ paths: description: SAML Provider Metadata serializer schema: $ref: '#/definitions/SAMLMetadata' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - providers parameters: @@ -6970,6 +9295,10 @@ paths: description: Serialize authentik Config into DRF Object schema: $ref: '#/definitions/Config' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - root parameters: [] @@ -7036,6 +9365,10 @@ paths: type: array items: $ref: '#/definitions/Source' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources parameters: [] @@ -7072,6 +9405,10 @@ paths: type: array items: $ref: '#/definitions/TypeCreate' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources parameters: [] @@ -7108,6 +9445,10 @@ paths: type: array items: $ref: '#/definitions/UserSetting' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources parameters: [] @@ -7121,6 +9462,15 @@ paths: description: '' schema: $ref: '#/definitions/Source' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources delete: @@ -7130,6 +9480,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources parameters: @@ -7203,6 +9562,10 @@ paths: type: array items: $ref: '#/definitions/LDAPSource' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources post: @@ -7219,6 +9582,14 @@ paths: description: '' schema: $ref: '#/definitions/LDAPSource' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources parameters: [] @@ -7232,6 +9603,15 @@ paths: description: '' schema: $ref: '#/definitions/LDAPSource' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources put: @@ -7248,6 +9628,19 @@ paths: description: '' schema: $ref: '#/definitions/LDAPSource' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources patch: @@ -7264,6 +9657,19 @@ paths: description: '' schema: $ref: '#/definitions/LDAPSource' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources delete: @@ -7273,6 +9679,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources parameters: @@ -7293,6 +9708,15 @@ paths: description: LDAP Sync status schema: $ref: '#/definitions/LDAPSourceSyncStatus' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources parameters: @@ -7366,6 +9790,10 @@ paths: type: array items: $ref: '#/definitions/OAuthSource' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources post: @@ -7382,6 +9810,14 @@ paths: description: '' schema: $ref: '#/definitions/OAuthSource' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources parameters: [] @@ -7395,6 +9831,15 @@ paths: description: '' schema: $ref: '#/definitions/OAuthSource' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources put: @@ -7411,6 +9856,19 @@ paths: description: '' schema: $ref: '#/definitions/OAuthSource' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources patch: @@ -7427,6 +9885,19 @@ paths: description: '' schema: $ref: '#/definitions/OAuthSource' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources delete: @@ -7436,6 +9907,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources parameters: @@ -7514,6 +9994,10 @@ paths: type: array items: $ref: '#/definitions/UserOAuthSourceConnection' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources post: @@ -7530,6 +10014,14 @@ paths: description: '' schema: $ref: '#/definitions/UserOAuthSourceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources parameters: [] @@ -7543,6 +10035,15 @@ paths: description: '' schema: $ref: '#/definitions/UserOAuthSourceConnection' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources put: @@ -7559,6 +10060,19 @@ paths: description: '' schema: $ref: '#/definitions/UserOAuthSourceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources patch: @@ -7575,6 +10089,19 @@ paths: description: '' schema: $ref: '#/definitions/UserOAuthSourceConnection' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources delete: @@ -7584,6 +10111,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources parameters: @@ -7655,6 +10191,10 @@ paths: type: array items: $ref: '#/definitions/SAMLSource' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources post: @@ -7671,6 +10211,14 @@ paths: description: '' schema: $ref: '#/definitions/SAMLSource' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - sources parameters: [] @@ -7684,6 +10232,15 @@ paths: description: '' schema: $ref: '#/definitions/SAMLSource' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources put: @@ -7700,6 +10257,19 @@ paths: description: '' schema: $ref: '#/definitions/SAMLSource' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources patch: @@ -7716,6 +10286,19 @@ paths: description: '' schema: $ref: '#/definitions/SAMLSource' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources delete: @@ -7725,6 +10308,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources parameters: @@ -7745,6 +10337,15 @@ paths: description: SAML Provider Metadata serializer schema: $ref: '#/definitions/SAMLMetadata' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - sources parameters: @@ -7823,6 +10424,10 @@ paths: type: array items: $ref: '#/definitions/Stage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -7864,6 +10469,10 @@ paths: type: array items: $ref: '#/definitions/TypeCreate' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -7905,6 +10514,10 @@ paths: type: array items: $ref: '#/definitions/UserSetting' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -7918,6 +10531,15 @@ paths: description: '' schema: $ref: '#/definitions/Stage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -7927,6 +10549,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -7999,6 +10630,10 @@ paths: type: array items: $ref: '#/definitions/AuthenticatorStaticStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -8015,6 +10650,14 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorStaticStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -8028,6 +10671,15 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorStaticStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -8044,6 +10696,19 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorStaticStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -8060,6 +10725,19 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorStaticStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -8069,6 +10747,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -8141,6 +10828,10 @@ paths: type: array items: $ref: '#/definitions/AuthenticatorTOTPStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -8157,6 +10848,14 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorTOTPStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -8170,6 +10869,15 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorTOTPStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -8186,6 +10894,19 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorTOTPStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -8202,6 +10923,19 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorTOTPStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -8211,6 +10945,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -8283,6 +11026,10 @@ paths: type: array items: $ref: '#/definitions/AuthenticatorValidateStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -8299,6 +11046,14 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorValidateStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -8312,6 +11067,15 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorValidateStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -8328,6 +11092,19 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorValidateStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -8344,6 +11121,19 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticatorValidateStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -8353,6 +11143,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -8425,6 +11224,10 @@ paths: type: array items: $ref: '#/definitions/AuthenticateWebAuthnStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -8441,6 +11244,14 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticateWebAuthnStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -8454,6 +11265,15 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticateWebAuthnStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -8470,6 +11290,19 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticateWebAuthnStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -8486,6 +11319,19 @@ paths: description: '' schema: $ref: '#/definitions/AuthenticateWebAuthnStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -8495,6 +11341,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -8567,6 +11422,10 @@ paths: type: array items: $ref: '#/definitions/CaptchaStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -8583,6 +11442,14 @@ paths: description: '' schema: $ref: '#/definitions/CaptchaStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -8596,6 +11463,15 @@ paths: description: '' schema: $ref: '#/definitions/CaptchaStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -8612,6 +11488,19 @@ paths: description: '' schema: $ref: '#/definitions/CaptchaStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -8628,6 +11517,19 @@ paths: description: '' schema: $ref: '#/definitions/CaptchaStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -8637,6 +11539,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -8709,6 +11620,10 @@ paths: type: array items: $ref: '#/definitions/ConsentStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -8725,6 +11640,14 @@ paths: description: '' schema: $ref: '#/definitions/ConsentStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -8738,6 +11661,15 @@ paths: description: '' schema: $ref: '#/definitions/ConsentStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -8754,6 +11686,19 @@ paths: description: '' schema: $ref: '#/definitions/ConsentStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -8770,6 +11715,19 @@ paths: description: '' schema: $ref: '#/definitions/ConsentStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -8779,6 +11737,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -8851,6 +11818,10 @@ paths: type: array items: $ref: '#/definitions/DenyStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -8867,6 +11838,14 @@ paths: description: '' schema: $ref: '#/definitions/DenyStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -8880,6 +11859,15 @@ paths: description: '' schema: $ref: '#/definitions/DenyStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -8896,6 +11884,19 @@ paths: description: '' schema: $ref: '#/definitions/DenyStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -8912,6 +11913,19 @@ paths: description: '' schema: $ref: '#/definitions/DenyStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -8921,6 +11935,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -8993,6 +12016,10 @@ paths: type: array items: $ref: '#/definitions/DummyStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -9009,6 +12036,14 @@ paths: description: '' schema: $ref: '#/definitions/DummyStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -9022,6 +12057,15 @@ paths: description: '' schema: $ref: '#/definitions/DummyStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -9038,6 +12082,19 @@ paths: description: '' schema: $ref: '#/definitions/DummyStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -9054,6 +12111,19 @@ paths: description: '' schema: $ref: '#/definitions/DummyStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -9063,6 +12133,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -9135,6 +12214,10 @@ paths: type: array items: $ref: '#/definitions/EmailStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -9151,6 +12234,14 @@ paths: description: '' schema: $ref: '#/definitions/EmailStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -9164,6 +12255,15 @@ paths: description: '' schema: $ref: '#/definitions/EmailStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -9180,6 +12280,19 @@ paths: description: '' schema: $ref: '#/definitions/EmailStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -9196,6 +12309,19 @@ paths: description: '' schema: $ref: '#/definitions/EmailStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -9205,6 +12331,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -9277,6 +12412,10 @@ paths: type: array items: $ref: '#/definitions/IdentificationStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -9293,6 +12432,14 @@ paths: description: '' schema: $ref: '#/definitions/IdentificationStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -9306,6 +12453,15 @@ paths: description: '' schema: $ref: '#/definitions/IdentificationStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -9322,6 +12478,19 @@ paths: description: '' schema: $ref: '#/definitions/IdentificationStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -9338,6 +12507,19 @@ paths: description: '' schema: $ref: '#/definitions/IdentificationStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -9347,6 +12529,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -9429,6 +12620,10 @@ paths: type: array items: $ref: '#/definitions/Invitation' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -9445,6 +12640,14 @@ paths: description: '' schema: $ref: '#/definitions/Invitation' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -9458,6 +12661,15 @@ paths: description: '' schema: $ref: '#/definitions/Invitation' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -9474,6 +12686,19 @@ paths: description: '' schema: $ref: '#/definitions/Invitation' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -9490,6 +12715,19 @@ paths: description: '' schema: $ref: '#/definitions/Invitation' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -9499,6 +12737,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -9571,6 +12818,10 @@ paths: type: array items: $ref: '#/definitions/InvitationStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -9587,6 +12838,14 @@ paths: description: '' schema: $ref: '#/definitions/InvitationStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -9600,6 +12859,15 @@ paths: description: '' schema: $ref: '#/definitions/InvitationStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -9616,6 +12884,19 @@ paths: description: '' schema: $ref: '#/definitions/InvitationStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -9632,6 +12913,19 @@ paths: description: '' schema: $ref: '#/definitions/InvitationStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -9641,6 +12935,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -9713,6 +13016,10 @@ paths: type: array items: $ref: '#/definitions/PasswordStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -9729,6 +13036,14 @@ paths: description: '' schema: $ref: '#/definitions/PasswordStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -9742,6 +13057,15 @@ paths: description: '' schema: $ref: '#/definitions/PasswordStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -9758,6 +13082,19 @@ paths: description: '' schema: $ref: '#/definitions/PasswordStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -9774,6 +13111,19 @@ paths: description: '' schema: $ref: '#/definitions/PasswordStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -9783,6 +13133,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -9875,6 +13234,10 @@ paths: type: array items: $ref: '#/definitions/Prompt' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -9891,6 +13254,14 @@ paths: description: '' schema: $ref: '#/definitions/Prompt' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -9904,6 +13275,15 @@ paths: description: '' schema: $ref: '#/definitions/Prompt' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -9920,6 +13300,19 @@ paths: description: '' schema: $ref: '#/definitions/Prompt' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -9936,6 +13329,19 @@ paths: description: '' schema: $ref: '#/definitions/Prompt' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -9945,6 +13351,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -10017,6 +13432,10 @@ paths: type: array items: $ref: '#/definitions/PromptStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -10033,6 +13452,14 @@ paths: description: '' schema: $ref: '#/definitions/PromptStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -10046,6 +13473,15 @@ paths: description: '' schema: $ref: '#/definitions/PromptStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -10062,6 +13498,19 @@ paths: description: '' schema: $ref: '#/definitions/PromptStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -10078,6 +13527,19 @@ paths: description: '' schema: $ref: '#/definitions/PromptStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -10087,6 +13549,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -10159,6 +13630,10 @@ paths: type: array items: $ref: '#/definitions/UserDeleteStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -10175,6 +13650,14 @@ paths: description: '' schema: $ref: '#/definitions/UserDeleteStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -10188,6 +13671,15 @@ paths: description: '' schema: $ref: '#/definitions/UserDeleteStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -10204,6 +13696,19 @@ paths: description: '' schema: $ref: '#/definitions/UserDeleteStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -10220,6 +13725,19 @@ paths: description: '' schema: $ref: '#/definitions/UserDeleteStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -10229,6 +13747,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -10301,6 +13828,10 @@ paths: type: array items: $ref: '#/definitions/UserLoginStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -10317,6 +13848,14 @@ paths: description: '' schema: $ref: '#/definitions/UserLoginStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -10330,6 +13869,15 @@ paths: description: '' schema: $ref: '#/definitions/UserLoginStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -10346,6 +13894,19 @@ paths: description: '' schema: $ref: '#/definitions/UserLoginStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -10362,6 +13923,19 @@ paths: description: '' schema: $ref: '#/definitions/UserLoginStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -10371,6 +13945,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -10443,6 +14026,10 @@ paths: type: array items: $ref: '#/definitions/UserLogoutStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -10459,6 +14046,14 @@ paths: description: '' schema: $ref: '#/definitions/UserLogoutStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -10472,6 +14067,15 @@ paths: description: '' schema: $ref: '#/definitions/UserLogoutStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -10488,6 +14092,19 @@ paths: description: '' schema: $ref: '#/definitions/UserLogoutStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -10504,6 +14121,19 @@ paths: description: '' schema: $ref: '#/definitions/UserLogoutStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -10513,6 +14143,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -10585,6 +14224,10 @@ paths: type: array items: $ref: '#/definitions/UserWriteStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages post: @@ -10601,6 +14244,14 @@ paths: description: '' schema: $ref: '#/definitions/UserWriteStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' tags: - stages parameters: [] @@ -10614,6 +14265,15 @@ paths: description: '' schema: $ref: '#/definitions/UserWriteStage' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages put: @@ -10630,6 +14290,19 @@ paths: description: '' schema: $ref: '#/definitions/UserWriteStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages patch: @@ -10646,6 +14319,19 @@ paths: description: '' schema: $ref: '#/definitions/UserWriteStage' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages delete: @@ -10655,6 +14341,15 @@ paths: responses: '204': description: '' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' tags: - stages parameters: @@ -10665,6 +14360,51 @@ paths: type: string format: uuid definitions: + GenericError: + title: Generic API Error + required: + - detail + type: object + properties: + errors: + type: object + properties: + detail: + description: Error details + type: string + code: + description: Error code + type: string + ValidationError: + title: Validation Error + type: object + properties: + non_field_errors: + description: List of validation errors not related to any field + type: array + items: + type: string + additionalProperties: + description: A list of error messages for each field that triggered a validation + error + type: array + items: + type: string + APIException: + title: Generic API Error + required: + - detail + type: object + properties: + errors: + type: object + properties: + detail: + description: Error details + type: string + code: + description: Error code + type: string Coordinate: description: Coordinates for diagrams type: object From 5b8e3b41898f9b0506e16fa4b3d415ffdbbe1560 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 18:18:25 +0200 Subject: [PATCH 33/60] web: improve error handling Signed-off-by: Jens Langhammer --- web/src/elements/forms/Form.ts | 18 ++++++++---------- web/src/utils.ts | 5 +++++ 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index 56b63c581..d4e267aed 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -11,14 +11,12 @@ import PFForm from "@patternfly/patternfly/components/Form/form.css"; import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; import { MessageLevel } from "../messages/Message"; import { IronFormElement } from "@polymer/iron-form/iron-form"; - -interface ErrorResponse { - [key: string]: string[]; -} +import { camelToSnake } from "../../utils"; +import { ValidationError } from "authentik-api/src"; export class APIError extends Error { - constructor(public response: ErrorResponse) { + constructor(public response: ValidationError) { super(); } @@ -31,7 +29,7 @@ export class Form extends LitElement { successMessage = ""; @property() - send!: (data: T) => Promise; + send!: (data: T) => Promise; static get styles(): CSSResult[] { return [PFBase, PFCard, PFButton, PFForm, PFFormControl, AKGlobal, css` @@ -62,7 +60,7 @@ export class Form extends LitElement { return json as unknown as T; } - submit(ev: Event): Promise | undefined { + submit(ev: Event): Promise | undefined { ev.preventDefault(); const ironForm = this.shadowRoot?.querySelector("iron-form"); if (!ironForm) { @@ -78,7 +76,7 @@ export class Form extends LitElement { return r; }).catch((ex: Response) => { if (ex.status > 399 && ex.status < 500) { - return ex.json().then((errorMessage: ErrorResponse) => { + return ex.json().then((errorMessage: ValidationError) => { if (!errorMessage) return errorMessage; if (errorMessage instanceof Error) { throw errorMessage; @@ -87,8 +85,8 @@ export class Form extends LitElement { elements.forEach((element) => { const elementName = element.name; if (!elementName) return; - if (elementName in errorMessage) { - element.errorMessage = errorMessage[elementName].join(", "); + if (camelToSnake(elementName) in errorMessage) { + element.errorMessage = errorMessage[camelToSnake(elementName)].join(", "); element.invalid = true; } }); diff --git a/web/src/utils.ts b/web/src/utils.ts index 3e92cba4b..89c3e0eea 100644 --- a/web/src/utils.ts +++ b/web/src/utils.ts @@ -51,3 +51,8 @@ export function loading(v: T, actual: TemplateResult): TemplateResult { } return actual; } + +export function camelToSnake(key: string): string { + var result = key.replace(/([A-Z])/g, " $1"); + return result.split(' ').join('_').toLowerCase(); +} From d5281d2023b3221b9149d7eef09e8945c150e9b4 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 18:22:15 +0200 Subject: [PATCH 34/60] web: set name on ak-form-element-horizontal for error messages Signed-off-by: Jens Langhammer --- .../elements/forms/HorizontalFormElement.ts | 15 +++++++++ .../pages/crypto/CertificateGenerateForm.ts | 25 ++++++++++----- .../pages/crypto/CertificateKeyPairForm.ts | 22 +++++++++---- web/src/pages/groups/GroupForm.ts | 31 ++++++++++++------ web/src/pages/users/UserForm.ts | 32 +++++++++++++------ web/src/utils.ts | 4 +-- 6 files changed, 92 insertions(+), 37 deletions(-) diff --git a/web/src/elements/forms/HorizontalFormElement.ts b/web/src/elements/forms/HorizontalFormElement.ts index b51033469..5e7497e4c 100644 --- a/web/src/elements/forms/HorizontalFormElement.ts +++ b/web/src/elements/forms/HorizontalFormElement.ts @@ -30,10 +30,25 @@ export class HorizontalFormElement extends LitElement { @property({ type: Boolean }) invalid = false; + @property() + name = ""; + updated(): void { this.querySelectorAll("input[autofocus]").forEach(input => { input.focus(); }); + this.querySelectorAll("*").forEach((input) => { + switch (input.tagName.toLowerCase()) { + case "input": + case "textarea": + case "select": + case "ak-codemirror": + (input as HTMLInputElement).name = this.name; + break; + default: + break; + } + }); } render(): TemplateResult { diff --git a/web/src/pages/crypto/CertificateGenerateForm.ts b/web/src/pages/crypto/CertificateGenerateForm.ts index f435b434a..c6cb18174 100644 --- a/web/src/pages/crypto/CertificateGenerateForm.ts +++ b/web/src/pages/crypto/CertificateGenerateForm.ts @@ -1,6 +1,7 @@ import { CertificateGeneration, CryptoApi } from "authentik-api"; +import { CertificateKeyPair } from "authentik-api/src"; import { gettext } from "django"; -import { customElement, property } from "lit-element"; +import { customElement } from "lit-element"; import { html, TemplateResult } from "lit-html"; import { DEFAULT_CONFIG } from "../../api/Config"; import { Form } from "../../elements/forms/Form"; @@ -13,7 +14,7 @@ export class CertificateKeyPairForm extends Form { return gettext("Successfully generated certificate-key pair."); } - send = (data: CertificateGeneration): Promise => { + send = (data: CertificateGeneration): Promise => { return new CryptoApi(DEFAULT_CONFIG).cryptoCertificatekeypairsGenerate({ data: data }); @@ -21,15 +22,23 @@ export class CertificateKeyPairForm extends Form { renderForm(): TemplateResult { return html`
- - + + - - + +

${gettext("Optional, comma-separated SubjectAlt Names.")}

 - - + + `; } diff --git a/web/src/pages/crypto/CertificateKeyPairForm.ts b/web/src/pages/crypto/CertificateKeyPairForm.ts index 9ccb58e39..168cc5a04 100644 --- a/web/src/pages/crypto/CertificateKeyPairForm.ts +++ b/web/src/pages/crypto/CertificateKeyPairForm.ts @@ -1,4 +1,4 @@ -import { CertificateKeyPair, CoreApi, CryptoApi, Group } from "authentik-api"; +import { CertificateKeyPair, CryptoApi } from "authentik-api"; import { gettext } from "django"; import { customElement, property } from "lit-element"; import { html, TemplateResult } from "lit-html"; @@ -38,16 +38,24 @@ export class CertificateKeyPairForm extends Form { renderForm(): TemplateResult { return html`
- - + + ${this.keyPair ? html`${gettext("Only change the fields below if you want to overwrite their values.")}` : html``} - - + +

${gettext("PEM-encoded Certificate data.")}

 - - + +

${gettext("Optional Private Key. If this is set, you can use this keypair for encryption.")}

 `; diff --git a/web/src/pages/groups/GroupForm.ts b/web/src/pages/groups/GroupForm.ts index d173f9326..1c3aee9d1 100644 --- a/web/src/pages/groups/GroupForm.ts +++ b/web/src/pages/groups/GroupForm.ts @@ -39,20 +39,26 @@ export class GroupForm extends Form { renderForm(): TemplateResult { return html`
- - + + - +
- +

${gettext("Users added to this group will be superusers.")}

 - - ${until(new CoreApi(DEFAULT_CONFIG).coreGroupsList({}).then(groups => { return groups.results.map(group => { @@ -61,8 +67,11 @@ export class GroupForm extends Form { }), html``)} - - ${until(new CoreApi(DEFAULT_CONFIG).coreUsersList({}).then(users => { return users.results.map(user => { const selected = Array.from(this.group?.users || []).some(su => { @@ -74,8 +83,10 @@ export class GroupForm extends Form {

${gettext("Hold control/command to select multiple items.")}

 - - + + `; diff --git a/web/src/pages/users/UserForm.ts b/web/src/pages/users/UserForm.ts index 0cc8c565b..b1b342ec9 100644 --- a/web/src/pages/users/UserForm.ts +++ b/web/src/pages/users/UserForm.ts @@ -38,28 +38,40 @@ export class UserForm extends Form { renderForm(): TemplateResult { return html`
- - + +

${gettext("Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.")}

 - - + +

${gettext("User's display name.")}

 - - + + - +
- +

${gettext("Designates whether this user should be treated as active. Unselect this instead of deleting accounts.")}

 - - + + `; diff --git a/web/src/utils.ts b/web/src/utils.ts index 89c3e0eea..a9531be2b 100644 --- a/web/src/utils.ts +++ b/web/src/utils.ts @@ -53,6 +53,6 @@ export function loading(v: T, actual: TemplateResult): TemplateResult { } export function camelToSnake(key: string): string { - var result = key.replace(/([A-Z])/g, " $1"); - return result.split(' ').join('_').toLowerCase(); + const result = key.replace(/([A-Z])/g, " $1"); + return result.split(" ").join("_").toLowerCase(); } From bffa51f7dfc334419fa9ef71cd1b5ed1aceff94e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 18:25:59 +0200 Subject: [PATCH 35/60] web: cleanup required attr Signed-off-by: Jens Langhammer --- .../stages/authenticator_totp/AuthenticatorTOTPStage.ts | 2 +- .../AuthenticatorValidateStageCode.ts | 2 +- web/src/flows/stages/identification/IdentificationStage.ts | 2 +- web/src/flows/stages/password/PasswordStage.ts | 2 +- web/src/pages/crypto/CertificateGenerateForm.ts | 2 +- web/src/pages/groups/GroupForm.ts | 2 +- web/src/pages/users/UserForm.ts | 6 +++--- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/web/src/flows/stages/authenticator_totp/AuthenticatorTOTPStage.ts b/web/src/flows/stages/authenticator_totp/AuthenticatorTOTPStage.ts index a1d0b8d8b..d4fa8ec9e 100644 --- a/web/src/flows/stages/authenticator_totp/AuthenticatorTOTPStage.ts +++ b/web/src/flows/stages/authenticator_totp/AuthenticatorTOTPStage.ts @@ -85,7 +85,7 @@ export class AuthenticatorTOTPStage extends BaseStage { autofocus="" autocomplete="one-time-code" class="pf-c-form-control" - required=""> + required>
diff --git a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts index d5be69405..76176c825 100644 --- a/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts +++ b/web/src/flows/stages/authenticator_validate/AuthenticatorValidateStageCode.ts @@ -63,7 +63,7 @@ export class AuthenticatorValidateStageWebCode extends BaseStage { autocomplete="one-time-code" class="pf-c-form-control" value="${PasswordManagerPrefill.totp || ""}" - required=""> + required>
diff --git a/web/src/flows/stages/identification/IdentificationStage.ts b/web/src/flows/stages/identification/IdentificationStage.ts index 816d53beb..e246890eb 100644 --- a/web/src/flows/stages/identification/IdentificationStage.ts +++ b/web/src/flows/stages/identification/IdentificationStage.ts @@ -186,7 +186,7 @@ export class IdentificationStage extends BaseStage { autofocus="" autocomplete="username" class="pf-c-form-control" - required=""> + required>
diff --git a/web/src/flows/stages/password/PasswordStage.ts b/web/src/flows/stages/password/PasswordStage.ts index 0cab171e8..7ec21f215 100644 --- a/web/src/flows/stages/password/PasswordStage.ts +++ b/web/src/flows/stages/password/PasswordStage.ts @@ -63,7 +63,7 @@ export class PasswordStage extends BaseStage { autofocus="" autocomplete="current-password" class="pf-c-form-control" - required="" + required value=${PasswordManagerPrefill.password || ""}> diff --git a/web/src/pages/crypto/CertificateGenerateForm.ts b/web/src/pages/crypto/CertificateGenerateForm.ts index c6cb18174..9de4505fe 100644 --- a/web/src/pages/crypto/CertificateGenerateForm.ts +++ b/web/src/pages/crypto/CertificateGenerateForm.ts @@ -26,7 +26,7 @@ export class CertificateKeyPairForm extends Form { label=${gettext("Common Name")} name="commonName" ?required=${true}> - + { label=${gettext("Name")} ?required=${true} name="name"> - +
diff --git a/web/src/pages/users/UserForm.ts b/web/src/pages/users/UserForm.ts index b1b342ec9..47929ab7e 100644 --- a/web/src/pages/users/UserForm.ts +++ b/web/src/pages/users/UserForm.ts @@ -42,21 +42,21 @@ export class UserForm extends Form { label=${gettext("Username")} ?required=${true} name="username"> - +

${gettext("Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.")}

- +

${gettext("User's display name.")}

 - + From a52b57cc38acfc4e16208f15bf74bfdad1fdb697 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 18:58:54 +0200 Subject: [PATCH 36/60] events: fix missing send_once param from api Signed-off-by: Jens Langhammer --- authentik/events/api/notification_transport.py | 1 + swagger.yaml | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/authentik/events/api/notification_transport.py b/authentik/events/api/notification_transport.py index b36b2dd71..b20d0bd97 100644 --- a/authentik/events/api/notification_transport.py +++ b/authentik/events/api/notification_transport.py @@ -36,6 +36,7 @@ class NotificationTransportSerializer(ModelSerializer): "mode", "mode_verbose", "webhook_url", + "send_once", ] diff --git a/swagger.yaml b/swagger.yaml index 19efba957..e423dee30 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -15203,6 +15203,11 @@ definitions: webhook_url: title: Webhook url type: string + send_once: + title: Send once + description: Only send notification once, for example when sending a webhook + into a chat channel. + type: boolean NotificationTransportTest: description: Notification test serializer required: From 1e58941323895c5c69c91dcc4904451ef59f1d89 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 18:59:17 +0200 Subject: [PATCH 37/60] web/admin: migrate Event Transport to web Signed-off-by: Jens Langhammer --- authentik/admin/urls.py | 12 -- .../views/events_notifications_transports.py | 45 -------- authentik/events/forms.py | 29 +---- web/src/api/legacy.ts | 4 - web/src/pages/events/TransportForm.ts | 105 ++++++++++++++++++ web/src/pages/events/TransportListPage.ts | 38 +++++-- 6 files changed, 132 insertions(+), 101 deletions(-) delete mode 100644 authentik/admin/views/events_notifications_transports.py create mode 100644 web/src/pages/events/TransportForm.ts diff --git a/authentik/admin/urls.py b/authentik/admin/urls.py index 59c29d726..2cd19b829 100644 --- a/authentik/admin/urls.py +++ b/authentik/admin/urls.py @@ -4,7 +4,6 @@ from django.urls import path from authentik.admin.views import ( applications, events_notifications_rules, - events_notifications_transports, flows, outposts, outposts_service_connections, @@ -172,17 +171,6 @@ urlpatterns = [ outposts_service_connections.OutpostServiceConnectionUpdateView.as_view(), name="outpost-service-connection-update", ), - # Event Notification Transpots - path( - "events/transports/create/", - events_notifications_transports.NotificationTransportCreateView.as_view(), - name="notification-transport-create", - ), - path( - "events/transports//update/", - events_notifications_transports.NotificationTransportUpdateView.as_view(), - name="notification-transport-update", - ), # Event Notification Rules path( "events/rules/create/", diff --git a/authentik/admin/views/events_notifications_transports.py b/authentik/admin/views/events_notifications_transports.py deleted file mode 100644 index 14d84ba5a..000000000 --- a/authentik/admin/views/events_notifications_transports.py +++ /dev/null @@ -1,45 +0,0 @@ -"""authentik NotificationTransport administration""" -from django.contrib.auth.mixins import LoginRequiredMixin -from django.contrib.auth.mixins import ( - PermissionRequiredMixin as DjangoPermissionRequiredMixin, -) -from django.contrib.messages.views import SuccessMessageMixin -from django.utils.translation import gettext as _ -from django.views.generic import UpdateView -from guardian.mixins import PermissionRequiredMixin - -from authentik.events.forms import NotificationTransportForm -from authentik.events.models import NotificationTransport -from authentik.lib.views import CreateAssignPermView - - -class NotificationTransportCreateView( - SuccessMessageMixin, - LoginRequiredMixin, - DjangoPermissionRequiredMixin, - CreateAssignPermView, -): - """Create new NotificationTransport""" - - model = NotificationTransport - form_class = NotificationTransportForm - permission_required = "authentik_events.add_notificationtransport" - success_url = "/" - template_name = "generic/create.html" - success_message = _("Successfully created Notification Transport") - - -class NotificationTransportUpdateView( - SuccessMessageMixin, - LoginRequiredMixin, - PermissionRequiredMixin, - UpdateView, -): - """Update application""" - - model = NotificationTransport - form_class = NotificationTransportForm - permission_required = "authentik_events.change_notificationtransport" - success_url = "/" - template_name = "generic/update.html" - success_message = _("Successfully updated Notification Transport") diff --git a/authentik/events/forms.py b/authentik/events/forms.py index 6b2e7acba..c65740650 100644 --- a/authentik/events/forms.py +++ b/authentik/events/forms.py @@ -1,34 +1,7 @@ """authentik events NotificationTransport forms""" from django import forms -from django.utils.translation import gettext_lazy as _ -from authentik.events.models import NotificationRule, NotificationTransport - - -class NotificationTransportForm(forms.ModelForm): - """NotificationTransport Form""" - - class Meta: - - model = NotificationTransport - fields = [ - "name", - "mode", - "webhook_url", - "send_once", - ] - widgets = { - "name": forms.TextInput(), - "webhook_url": forms.TextInput(), - } - labels = { - "webhook_url": _("Webhook URL"), - } - help_texts = { - "webhook_url": _( - ("Only required when the Generic or Slack Webhook is used.") - ), - } +from authentik.events.models import NotificationRule class NotificationRuleForm(forms.ModelForm): diff --git a/web/src/api/legacy.ts b/web/src/api/legacy.ts index 76dbcd62b..f433d0b6e 100644 --- a/web/src/api/legacy.ts +++ b/web/src/api/legacy.ts @@ -60,10 +60,6 @@ export class AdminURLManager { return `/administration/events/rules/${rest}`; } - static eventTransports(rest: string): string { - return `/administration/events/transports/${rest}`; - } - } export class UserURLManager { diff --git a/web/src/pages/events/TransportForm.ts b/web/src/pages/events/TransportForm.ts new file mode 100644 index 000000000..4c255dc6d --- /dev/null +++ b/web/src/pages/events/TransportForm.ts @@ -0,0 +1,105 @@ +import { EventsApi, NotificationTransport, NotificationTransportModeEnum } from "authentik-api"; +import { gettext } from "django"; +import { customElement, property } from "lit-element"; +import { html, TemplateResult } from "lit-html"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { Form } from "../../elements/forms/Form"; +import { ifDefined } from "lit-html/directives/if-defined"; +import "../../elements/forms/HorizontalFormElement"; + +@customElement("ak-event-transport-form") +export class TransportForm extends Form { + + @property({attribute: false}) + transport?: NotificationTransport; + + @property({type: Boolean}) + showWebhook = false; + + getSuccessMessage(): string { + if (this.transport) { + return gettext("Successfully updated transport."); + } else { + return gettext("Successfully created transport."); + } + } + + send = (data: NotificationTransport): Promise => { + if (this.transport) { + return new EventsApi(DEFAULT_CONFIG).eventsTransportsUpdate({ + uuid: this.transport.pk || "", + data: data + }); + } else { + return new EventsApi(DEFAULT_CONFIG).eventsTransportsCreate({ + data: data + }); + } + }; + + renderTransportModes(): TemplateResult { + return html` + + + + `; + } + + firstUpdated(): void { + if (this.transport) { + this.onModeChange(this.transport.mode); + } + } + + onModeChange(mode: string): void { + if (mode === NotificationTransportModeEnum.Webhook || mode === NotificationTransportModeEnum.WebhookSlack) { + this.showWebhook = true; + } else { + this.showWebhook = false; + } + } + + renderForm(): TemplateResult { + return html`
+ + + + + + + + + + +
+ + +
+

${gettext("Only send notification once, for example when sending a webhook into a chat channel.")}

+ +
`; + } + +} diff --git a/web/src/pages/events/TransportListPage.ts b/web/src/pages/events/TransportListPage.ts index 52b776883..a05afa785 100644 --- a/web/src/pages/events/TransportListPage.ts +++ b/web/src/pages/events/TransportListPage.ts @@ -4,14 +4,14 @@ import { AKResponse } from "../../api/Client"; import { TablePage } from "../../elements/table/TablePage"; import "../../elements/buttons/ActionButton"; -import "../../elements/buttons/ModalButton"; +import "../../elements/forms/ModalForm"; import "../../elements/buttons/SpinnerButton"; import { TableColumn } from "../../elements/table/Table"; import { PAGE_SIZE } from "../../constants"; import { EventsApi, NotificationTransport } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; -import { AdminURLManager } from "../../api/legacy"; import "../../elements/forms/DeleteForm"; +import "./TransportForm"; @customElement("ak-event-transport-list") export class TransportListPage extends TablePage { @@ -61,12 +61,19 @@ export class TransportListPage extends TablePage { }}> ${gettext("Test")} - - + + + ${gettext("Update")} + + + ${gettext("Update Notification Transport")} + + + + + { renderToolbar(): TemplateResult { return html` - - + + ${gettext("Create")} - -
- + + + ${gettext("Create Notification Transport")} + + + + + ${super.renderToolbar()} `; } From 6c999d10c376ad553fc82edb70558affec686bd2 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 19:20:21 +0200 Subject: [PATCH 38/60] web/elements: trigger refresh on successful modalform submit Signed-off-by: Jens Langhammer --- web/src/elements/forms/ModalForm.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/web/src/elements/forms/ModalForm.ts b/web/src/elements/forms/ModalForm.ts index 488e4ebcf..fd26b0f6a 100644 --- a/web/src/elements/forms/ModalForm.ts +++ b/web/src/elements/forms/ModalForm.ts @@ -1,5 +1,6 @@ import { gettext } from "django"; import { customElement, html, TemplateResult } from "lit-element"; +import { EVENT_REFRESH } from "../../constants"; import { ModalButton } from "../buttons/ModalButton"; import { Form } from "./Form"; @@ -14,6 +15,12 @@ export class ModalForm extends ModalButton { } formPromise.then(() => { this.open = false; + this.dispatchEvent( + new CustomEvent(EVENT_REFRESH, { + bubbles: true, + composed: true, + }) + ); }).catch((e) => { console.log(e); }); From 81ac53ff0a4f589b4953f192939a486b62c5a320 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 19:21:48 +0200 Subject: [PATCH 39/60] web/admin: migrate events notification rules to web Signed-off-by: Jens Langhammer --- authentik/admin/urls.py | 12 --- .../admin/views/events_notifications_rules.py | 47 -------- authentik/events/forms.py | 21 ---- web/src/interfaces/AdminInterface.ts | 18 ++-- web/src/pages/events/RuleForm.ts | 100 ++++++++++++++++++ web/src/pages/events/RuleListPage.ts | 37 +++++-- 6 files changed, 135 insertions(+), 100 deletions(-) delete mode 100644 authentik/admin/views/events_notifications_rules.py delete mode 100644 authentik/events/forms.py create mode 100644 web/src/pages/events/RuleForm.ts diff --git a/authentik/admin/urls.py b/authentik/admin/urls.py index 2cd19b829..fa2233539 100644 --- a/authentik/admin/urls.py +++ b/authentik/admin/urls.py @@ -3,7 +3,6 @@ from django.urls import path from authentik.admin.views import ( applications, - events_notifications_rules, flows, outposts, outposts_service_connections, @@ -171,15 +170,4 @@ urlpatterns = [ outposts_service_connections.OutpostServiceConnectionUpdateView.as_view(), name="outpost-service-connection-update", ), - # Event Notification Rules - path( - "events/rules/create/", - events_notifications_rules.NotificationRuleCreateView.as_view(), - name="notification-rule-create", - ), - path( - "events/rules//update/", - events_notifications_rules.NotificationRuleUpdateView.as_view(), - name="notification-rule-update", - ), ] diff --git a/authentik/admin/views/events_notifications_rules.py b/authentik/admin/views/events_notifications_rules.py deleted file mode 100644 index 48c69fb44..000000000 --- a/authentik/admin/views/events_notifications_rules.py +++ /dev/null @@ -1,47 +0,0 @@ -"""authentik NotificationRule administration""" -from django.contrib.auth.mixins import LoginRequiredMixin -from django.contrib.auth.mixins import ( - PermissionRequiredMixin as DjangoPermissionRequiredMixin, -) -from django.contrib.messages.views import SuccessMessageMixin -from django.utils.translation import gettext as _ -from django.views.generic import UpdateView -from guardian.mixins import PermissionRequiredMixin - -from authentik.events.forms import NotificationRuleForm -from authentik.events.models import NotificationRule -from authentik.lib.views import CreateAssignPermView - - -class NotificationRuleCreateView( - SuccessMessageMixin, - LoginRequiredMixin, - DjangoPermissionRequiredMixin, - CreateAssignPermView, -): - """Create new NotificationRule""" - - model = NotificationRule - form_class = NotificationRuleForm - permission_required = "authentik_events.add_NotificationRule" - - success_url = "/" - template_name = "generic/create.html" - success_message = _("Successfully created Notification Rule") - - -class NotificationRuleUpdateView( - SuccessMessageMixin, - LoginRequiredMixin, - PermissionRequiredMixin, - UpdateView, -): - """Update application""" - - model = NotificationRule - form_class = NotificationRuleForm - permission_required = "authentik_events.change_NotificationRule" - - success_url = "/" - template_name = "generic/update.html" - success_message = _("Successfully updated Notification Rule") diff --git a/authentik/events/forms.py b/authentik/events/forms.py deleted file mode 100644 index c65740650..000000000 --- a/authentik/events/forms.py +++ /dev/null @@ -1,21 +0,0 @@ -"""authentik events NotificationTransport forms""" -from django import forms - -from authentik.events.models import NotificationRule - - -class NotificationRuleForm(forms.ModelForm): - """NotificationRule Form""" - - class Meta: - - model = NotificationRule - fields = [ - "name", - "group", - "transports", - "severity", - ] - widgets = { - "name": forms.TextInput(), - } diff --git a/web/src/interfaces/AdminInterface.ts b/web/src/interfaces/AdminInterface.ts index b710f7320..16ebea9e5 100644 --- a/web/src/interfaces/AdminInterface.ts +++ b/web/src/interfaces/AdminInterface.ts @@ -15,15 +15,6 @@ export const SIDEBAR_ITEMS: SidebarItem[] = [ ).when((): Promise => { return me().then(u => u.user.isSuperuser||false); }), - new SidebarItem("Events").children( - new SidebarItem("Logs", "/events/log").activeWhen( - `^/events/log/(?${UUID_REGEX})$` - ), - new SidebarItem("Notification Rules", "/events/rules"), - new SidebarItem("Notification Transports", "/events/transports"), - ).when((): Promise => { - return me().then(u => u.user.isSuperuser||false); - }), new SidebarItem("Resources").children( new SidebarItem("Applications", "/core/applications").activeWhen( `^/core/applications/(?${SLUG_REGEX})$` @@ -39,6 +30,15 @@ export const SIDEBAR_ITEMS: SidebarItem[] = [ ).when((): Promise => { return me().then(u => u.user.isSuperuser||false); }), + new SidebarItem("Events").children( + new SidebarItem("Logs", "/events/log").activeWhen( + `^/events/log/(?${UUID_REGEX})$` + ), + new SidebarItem("Notification Rules", "/events/rules"), + new SidebarItem("Notification Transports", "/events/transports"), + ).when((): Promise => { + return me().then(u => u.user.isSuperuser || false); + }), new SidebarItem("Customisation").children( new SidebarItem("Policies", "/policy/policies"), new SidebarItem("Property Mappings", "/core/property-mappings"), diff --git a/web/src/pages/events/RuleForm.ts b/web/src/pages/events/RuleForm.ts new file mode 100644 index 000000000..28f43d12c --- /dev/null +++ b/web/src/pages/events/RuleForm.ts @@ -0,0 +1,100 @@ +import { CoreApi, EventsApi, NotificationRule, NotificationRuleSeverityEnum } from "authentik-api"; +import { gettext } from "django"; +import { customElement, property } from "lit-element"; +import { html, TemplateResult } from "lit-html"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { Form } from "../../elements/forms/Form"; +import { ifDefined } from "lit-html/directives/if-defined"; +import "../../elements/forms/HorizontalFormElement"; +import { until } from "lit-html/directives/until"; + +@customElement("ak-event-rule-form") +export class RuleForm extends Form { + + @property({attribute: false}) + rule?: NotificationRule; + + getSuccessMessage(): string { + if (this.rule) { + return gettext("Successfully updated rule."); + } else { + return gettext("Successfully created rule."); + } + } + + send = (data: NotificationRule): Promise => { + if (this.rule) { + return new EventsApi(DEFAULT_CONFIG).eventsRulesUpdate({ + pbmUuid: this.rule.pk || "", + data: data + }); + } else { + return new EventsApi(DEFAULT_CONFIG).eventsRulesCreate({ + data: data + }); + } + }; + + renderSeverity(): TemplateResult { + return html` + + + + `; + } + + renderForm(): TemplateResult { + return html`
+ + + + + + + + +

${gettext("Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI.")}

+

${gettext("Hold control/command to select multiple items.")}

+ + + + +
`; + } + +} diff --git a/web/src/pages/events/RuleListPage.ts b/web/src/pages/events/RuleListPage.ts index 427d70e46..e3f00d248 100644 --- a/web/src/pages/events/RuleListPage.ts +++ b/web/src/pages/events/RuleListPage.ts @@ -4,14 +4,15 @@ import { AKResponse } from "../../api/Client"; import { TablePage } from "../../elements/table/TablePage"; import "../../elements/policies/BoundPoliciesList"; -import "../../elements/buttons/ModalButton"; import "../../elements/buttons/SpinnerButton"; +import "../../elements/forms/ModalForm"; import { TableColumn } from "../../elements/table/Table"; import { PAGE_SIZE } from "../../constants"; import { EventsApi, NotificationRule } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; import { AdminURLManager } from "../../api/legacy"; import "../../elements/forms/DeleteForm"; +import "./RuleForm"; @customElement("ak-event-rule-list") export class RuleListPage extends TablePage { @@ -57,12 +58,19 @@ export class RuleListPage extends TablePage { html`${item.severity}`, html`${item.group?.name || gettext("None (rule disabled)")}`, html` - - + + + ${gettext("Update")} + + + ${gettext("Update Notification Rule")} + + + + + { renderToolbar(): TemplateResult { return html` - - + + ${gettext("Create")} - -
- + + + ${gettext("Create Notification Rule")} + + + + + ${super.renderToolbar()} `; } From 7d74e1d2c4fc823767383e53a298d75f471760d7 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 20:45:45 +0200 Subject: [PATCH 40/60] *: revert to drf-yasg upstream Signed-off-by: Jens Langhammer --- Pipfile | 2 +- Pipfile.lock | 111 +++++- authentik/admin/api/metrics.py | 2 +- authentik/admin/api/tasks.py | 2 +- authentik/admin/api/version.py | 2 +- authentik/api/pagination_schema.py | 4 +- authentik/api/schema.py | 6 +- authentik/api/v2/config.py | 2 +- authentik/api/v2/urls.py | 4 +- authentik/core/api/applications.py | 3 +- authentik/core/api/propertymappings.py | 2 +- authentik/core/api/providers.py | 2 +- authentik/core/api/sources.py | 2 +- authentik/core/api/tokens.py | 2 +- authentik/core/api/users.py | 2 +- authentik/crypto/api.py | 2 +- authentik/events/api/event.py | 2 +- .../events/api/notification_transport.py | 2 +- authentik/flows/api/flows.py | 4 +- authentik/flows/api/stages.py | 2 +- authentik/flows/views.py | 4 +- .../api/outpost_service_connections.py | 2 +- authentik/outposts/api/outposts.py | 2 +- authentik/policies/api.py | 2 +- authentik/providers/oauth2/api/provider.py | 2 +- authentik/providers/proxy/api.py | 2 +- authentik/providers/saml/api.py | 2 +- authentik/root/settings.py | 4 +- authentik/sources/ldap/api.py | 2 +- authentik/sources/saml/api.py | 2 +- swagger.yaml | 330 +++--------------- web/src/api/legacy.ts | 4 - 32 files changed, 182 insertions(+), 336 deletions(-) diff --git a/Pipfile b/Pipfile index ca0f17763..61e47573a 100644 --- a/Pipfile +++ b/Pipfile @@ -22,7 +22,7 @@ django-storages = "*" djangorestframework = "*" djangorestframework-guardian = "*" docker = "*" -drf_yasg2 = "*" +drf_yasg = "*" facebook-sdk = "*" geoip2 = "*" gunicorn = "*" diff --git a/Pipfile.lock b/Pipfile.lock index bbd7832f1..3efed540a 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "68769bb637149051a61453da2443f9b5d275a68a34bdb6e50cde2d899dd4c127" + "sha256": "7830a9bde580b67d4e39a7f51dbdcb93757eba7eee67842029c83ed1468ffafe" }, "pipfile-spec": 6, "requires": { @@ -56,6 +56,7 @@ "sha256:f881853d2643a29e643609da57b96d5f9c9b93f62429dcc1cbb413c7d07f0e1a", "sha256:fe60131d21b31fd1a14bd43e6bb88256f69dfc3188b3a89d736d6c71ed43ec95" ], + "markers": "python_version >= '3.6'", "version": "==3.7.4.post0" }, "aioredis": { @@ -70,6 +71,7 @@ "sha256:1e759a7f202d910939de6eca45c23a107f6b71111f41d1282c648e9ac3d21901", "sha256:affdd263d8b8eb3c98170b78bf83867cdb6a14901d586e00ddb65bfe2f0c4e60" ], + "markers": "python_version >= '3.6'", "version": "==5.0.5" }, "asgiref": { @@ -77,6 +79,7 @@ "sha256:5ee950735509d04eb673bd7f7120f8fa1c9e2df495394992c73234d526907e17", "sha256:7162a3cb30ab0609f1a4c95938fd73e8604f63bdba516a7f7d64b83ff09478f0" ], + "markers": "python_version >= '3.5'", "version": "==3.3.1" }, "async-timeout": { @@ -84,6 +87,7 @@ "sha256:0c3c816a028d47f659d6ff5c745cb2acf1f966da1fe5c19c77a70282b25f4c5f", "sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3" ], + "markers": "python_full_version >= '3.5.3'", "version": "==3.0.1" }, "attrs": { @@ -91,6 +95,7 @@ "sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6", "sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==20.3.0" }, "autobahn": { @@ -98,6 +103,7 @@ "sha256:9195df8af03b0ff29ccd4b7f5abbde957ee90273465942205f9a1bad6c3f07ac", "sha256:e126c1f583e872fb59e79d36977cfa1f2d0a8a79f90ae31f406faae7664b8e03" ], + "markers": "python_version >= '3.7'", "version": "==21.3.1" }, "automat": { @@ -127,6 +133,7 @@ "sha256:28506d23ffa9abf5666c2c909c7edc83a1112cd44fe74eb1a4960df561531e98", "sha256:54587d3c9d0d98ac579681245ea36f547cd5048e2bb9212e5e7166a963bcb562" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.20.39" }, "cachetools": { @@ -134,6 +141,7 @@ "sha256:1d9d5f567be80f7c07d765e21b814326d78c61eb0c3a637dffc0e5d1796cb2e2", "sha256:f469e29e7aa4cff64d8de4aad95ce76de8ea1125a16c68e0d93f65c3c3dc92e9" ], + "markers": "python_version ~= '3.5'", "version": "==4.2.1" }, "cbor2": { @@ -220,6 +228,7 @@ "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa", "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==4.0.0" }, "click": { @@ -227,6 +236,7 @@ "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a", "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==7.1.2" }, "click-didyoumean": { @@ -300,6 +310,7 @@ "sha256:0052c9887600c57054a5867d4b0240159fa009faa3bcf6a1627271d9cdcb005a", "sha256:c22b692707f514de9013651ecb687f2abe4f35cf6fe292ece634e9f1737bc7e3" ], + "markers": "python_version >= '3.6'", "version": "==3.0.1" }, "defusedxml": { @@ -405,13 +416,13 @@ "index": "pypi", "version": "==4.4.4" }, - "drf-yasg2": { + "drf-yasg": { "hashes": [ - "sha256:7037a8041eb5d1073fa504a284fc889685f93d0bfd008a963db1b366db786734", - "sha256:75e661ca5cf15eb44fcfab408c7b864f87c20794f564aa08b3a31817a857f19d" + "sha256:8b72e5b1875931a8d11af407be3a9a5ba8776541492947a0df5bafda6b7f8267", + "sha256:d50f197c7f02545d0b736df88c6d5cf874f8fea2507ad85ad7de6ae5bf2d9e5a" ], "index": "pypi", - "version": "==1.19.4" + "version": "==1.20.0" }, "facebook-sdk": { "hashes": [ @@ -425,6 +436,7 @@ "hashes": [ "sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.18.2" }, "geoip2": { @@ -440,6 +452,7 @@ "sha256:9bd436d19ab047001a1340720d2b629eb96dd503258c524921ec2af3ee88a80e", "sha256:dcaba3aa9d4e0e96fd945bf25a86b6f878fcb05770b67adbeb50a63ca4d28a5e" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.28.0" }, "gunicorn": { @@ -454,6 +467,7 @@ "sha256:36a3cb8c0a032f56e2da7084577878a035d3b61d104230d4bd49c0c6b555a9c6", "sha256:47222cb6067e4a307d535814917cd98fd0a57b6788ce715755fa2b6c28b56042" ], + "markers": "python_version >= '3.6'", "version": "==0.12.0" }, "hiredis": { @@ -500,6 +514,7 @@ "sha256:f52010e0a44e3d8530437e7da38d11fb822acfb0d5b12e9cd5ba655509937ca0", "sha256:f8196f739092a78e4f6b1b2172679ed3343c39c61a3e9d722ce6fcf1dac2824a" ], + "markers": "python_version >= '3.6'", "version": "==2.0.0" }, "httptools": { @@ -545,6 +560,7 @@ "sha256:1a29730d366e996aaacffb2f1f1cb9593dc38e2ddd30c91250c6dde09ea9b417", "sha256:f38b2b640938a4f35ade69ac3d053042959b62a0f1076a5bbaa1b9526605a8a2" ], + "markers": "python_version >= '3.5'", "version": "==0.5.1" }, "itypes": { @@ -559,6 +575,7 @@ "sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419", "sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==2.11.3" }, "jmespath": { @@ -566,6 +583,7 @@ "sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9", "sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.10.0" }, "jsonschema": { @@ -580,6 +598,7 @@ "sha256:6dc509178ac4269b0e66ab4881f70a2035c33d3a622e20585f965986a5182006", "sha256:f4965fba0a4718d47d470beeb5d6446e3357a62402b16c510b6a2f251e05ac3c" ], + "markers": "python_version >= '3.6'", "version": "==5.0.2" }, "kubernetes": { @@ -592,8 +611,11 @@ }, "ldap3": { "hashes": [ - "sha256:18c3ee656a6775b9b0d60f7c6c5b094d878d1d90fc03d56731039f0a4b546a91", - "sha256:c1df41d89459be6f304e0ceec4b00fdea533dbbcd83c802b1272dcdb94620b57" + "sha256:4139c91f0eef9782df7b77c8cbc6243086affcb6a8a249b768a9658438e5da59", + "sha256:8c949edbad2be8a03e719ba48bd6779f327ec156929562814b3e84ab56889c8c", + "sha256:c1df41d89459be6f304e0ceec4b00fdea533dbbcd83c802b1272dcdb94620b57", + "sha256:afc6fc0d01f02af82cd7bfabd3bbfd5dc96a6ae91e97db0a2dab8a0f1b436056", + "sha256:18c3ee656a6775b9b0d60f7c6c5b094d878d1d90fc03d56731039f0a4b546a91" ], "index": "pypi", "version": "==2.9" @@ -695,12 +717,14 @@ "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be", "sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.1.1" }, "maxminddb": { "hashes": [ "sha256:47e86a084dd814fac88c99ea34ba3278a74bc9de5a25f4b815b608798747c7dc" ], + "markers": "python_version >= '3.6'", "version": "==2.0.3" }, "msgpack": { @@ -776,6 +800,7 @@ "sha256:f21756997ad8ef815d8ef3d34edd98804ab5ea337feedcd62fb52d22bf531281", "sha256:fc13a9524bc18b6fb6e0dbec3533ba0496bbed167c56d0aabefd965584557d80" ], + "markers": "python_version >= '3.6'", "version": "==5.1.0" }, "oauthlib": { @@ -783,6 +808,7 @@ "sha256:bee41cc35fcca6e988463cacc3bcb8a96224f470ca547e697b604cc697b2f889", "sha256:df884cd6cbe20e32633f1db1072e9356f53638e4361bef4e8b03c9127c9328ea" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==3.1.0" }, "packaging": { @@ -805,6 +831,7 @@ "sha256:bf00f22079f5fadc949f42ae8ff7f05702826a97059ffcc6281036ad40ac6f04", "sha256:e1b4f11b9336a28fa11810bc623c357420f69dfdb6d2dac41ca2c21a55c033bc" ], + "markers": "python_full_version >= '3.6.1'", "version": "==3.0.18" }, "psycopg2-binary": { @@ -850,15 +877,37 @@ }, "pyasn1": { "hashes": [ + "sha256:fec3e9d8e36808a28efb59b489e4528c10ad0f480e57dcc32b4de5c9d8c9fdf3", "sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d", - "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba" + "sha256:0458773cfe65b153891ac249bcf1b5f8f320b7c2ce462151f8fa74de8934becf", + "sha256:e89bf84b5437b532b0803ba5c9a5e054d21fec423a89952a74f87fa2c9b7bce2", + "sha256:99fcc3c8d804d1bc6d9a099921e39d827026409a58f2a720dcdb89374ea0c776", + "sha256:6e7545f1a61025a4e58bb336952c5061697da694db1cae97b116e9c46abcf7c8", + "sha256:7ab8a544af125fb704feadb008c99a88805126fb525280b2270bb25cc1d78a12", + "sha256:78fa6da68ed2727915c4767bb386ab32cdba863caa7dbe473eaae45f9959da86", + "sha256:014c0e9976956a08139dc0712ae195324a75e142284d5f87f1a87ee1b068a359", + "sha256:03840c999ba71680a131cfaee6fab142e1ed9bbd9c693e285cc6aca0d555e576", + "sha256:08c3c53b75eaa48d71cf8c710312316392ed40899cb34710d092e96745a358b7", + "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba", + "sha256:5c9414dcfede6e441f7e8f81b43b34e834731003427e5b09e4e00e3172a10f00" ], "version": "==0.4.8" }, "pyasn1-modules": { "hashes": [ + "sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74", + "sha256:b80486a6c77252ea3a3e9b1e360bc9cf28eaac41263d173c032581ad2f20fe45", + "sha256:15b7c67fabc7fc240d87fb9aabf999cf82311a6d6fb2c70d00d3d0604878c811", + "sha256:0845a5582f6a02bb3e1bde9ecfc4bfcae6ec3210dd270522fee602365430c3f8", + "sha256:fe0644d9ab041506b62782e92b06b8c68cca799e1a9636ec398675459e031405", + "sha256:426edb7a5e8879f1ec54a1864f16b882c2837bfd06eee62f2c982315ee2473ed", + "sha256:a99324196732f53093a84c4369c996713eb8c89d360a496b599fb1a9c47fc3eb", + "sha256:c29a5e5cc7a3f05926aff34e097e84f8589cd790ce0ed41b67aed6857b26aafd", + "sha256:0fe1b68d1e486a1ed5473f1302bd991c1611d319bba158e98b106ff86e1d7199", + "sha256:65cebbaffc913f4fe9e4808735c95ea22d7a7775646ab690518c056784bc21b4", "sha256:905f84c712230b2c592c19470d3ca8d552de726050d1d1716282a1f6146be65e", - "sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74" + "sha256:f39edd8c4ecaa4556e989147ebf219227e2cd2e8a43c7e7fcb1f1c18c5fd6a3d", + "sha256:cbac4bc38d117f2a49aeedec4407d23e8866ea4ac27ff2cf7fb3e5b570df19e0" ], "version": "==0.2.8" }, @@ -867,6 +916,7 @@ "sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0", "sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.20" }, "pycryptodome": { @@ -938,6 +988,7 @@ "sha256:f933ecf4cb736c7af60a6a533db2bf569717f2318b265f92907acff1db43bc34", "sha256:fc9c55dc1ed57db76595f2d19a479fc1c3a1be2c9da8de798a93d286c5f65f38" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==3.10.1" }, "pyhamcrest": { @@ -945,6 +996,7 @@ "sha256:412e00137858f04bde0729913874a48485665f2d36fe9ee449f26be864af9316", "sha256:7ead136e03655af85069b6f47b23eb7c3e5c221aa9f022a4fbb499f5b7308f29" ], + "markers": "python_version >= '3.5'", "version": "==2.0.2" }, "pyjwkest": { @@ -966,12 +1018,14 @@ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.4.7" }, "pyrsistent": { "hashes": [ "sha256:2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e" ], + "markers": "python_version >= '3.5'", "version": "==0.17.3" }, "python-dateutil": { @@ -979,6 +1033,7 @@ "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.8.1" }, "python-dotenv": { @@ -1035,6 +1090,7 @@ "sha256:0e7e0cfca8660dea8b7d5cd8c4f6c5e29e11f31158c0b0ae91a397f00e5a05a2", "sha256:432b788c4530cfe16d8d943a09d40ca6c16149727e4afe8c2c9d5580c59d9f24" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==3.5.3" }, "requests": { @@ -1042,12 +1098,14 @@ "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804", "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==2.25.1" }, "requests-oauthlib": { "hashes": [ "sha256:7f71572defaecd16372f9006f33c2ec8c077c3cfa6f5911a9a90202beb513f3d", - "sha256:b4261601a71fd721a8bd6d7aa1cc1d6a8a93b4a9f5e96626f8e4d91e8beeaa6a" + "sha256:b4261601a71fd721a8bd6d7aa1cc1d6a8a93b4a9f5e96626f8e4d91e8beeaa6a", + "sha256:fa6c47b933f01060936d87ae9327fead68768b69c6c9ea2109c48be30f2d4dbc" ], "index": "pypi", "version": "==1.3.0" @@ -1062,10 +1120,11 @@ }, "ruamel.yaml": { "hashes": [ - "sha256:3572505e63dd35b5dea62cd0386d03c4f2a53da29a3af09f428114cc85c564aa", - "sha256:3a41b30235cc6ff7baee0321ffa99e7f94bbc7c7e0f2cac1d75b6b24fc24f202" + "sha256:0850def9ebca23b3a8c64c4b4115ebb6b364a10d49f89d289a26ee965e1e7d9d", + "sha256:8f1e15421668b9edf30ed02899f5f81aff9808a4271935776f61a99a569a13da" ], - "version": "==0.17.0" + "markers": "python_version >= '3'", + "version": "==0.17.2" }, "ruamel.yaml.clib": { "hashes": [ @@ -1101,7 +1160,7 @@ "sha256:e9f7d1d8c26a6a12c23421061f9022bb62704e38211fe375c645485f38df34a2", "sha256:f6061a31880c1ed6b6ce341215336e2f3d0c1deccd84957b6fa8ca474b41e89f" ], - "markers": "platform_python_implementation == 'CPython' and python_version < '3.10'", + "markers": "python_version < '3.10' and platform_python_implementation == 'CPython'", "version": "==0.2.2" }, "s3transfer": { @@ -1132,6 +1191,7 @@ "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259", "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.15.0" }, "sqlparse": { @@ -1139,6 +1199,7 @@ "sha256:017cde379adbd6a1f15a61873f43e8274179378e95ef3fede90b5aa64d304ed0", "sha256:0f91fd2e829c44362cbcfab3e9ae12e22badaa8a29ad5ff599f9ec109f0454e8" ], + "markers": "python_version >= '3.5'", "version": "==0.4.1" }, "structlog": { @@ -1194,6 +1255,7 @@ "sha256:7d6f89745680233f1c4db9ddb748df5e88d2a7a37962be174c0fd04c8dba1dc8", "sha256:c16b55f9a67b2419cfdf8846576e2ec9ba94fe6978a83080c352a80db31c93fb" ], + "markers": "python_version >= '3.6'", "version": "==21.2.1" }, "typing-extensions": { @@ -1209,6 +1271,7 @@ "sha256:07620c3f3f8eed1f12600845892b0e036a2420acf513c53f7de0abd911a5894f", "sha256:5af8ad10cec94f215e3f48112de2022e1d5a37ed427fbd88652fa908f2ab7cae" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==3.0.1" }, "urllib3": { @@ -1253,6 +1316,7 @@ "sha256:4c9dceab6f76ed92105027c49c823800dd33cacce13bdedc5b914e3514b7fb30", "sha256:7d3b1624a953da82ef63462013bbd271d3eb75751489f9807598e8f340bd637e" ], + "markers": "python_version >= '3.6'", "version": "==5.0.0" }, "watchgod": { @@ -1282,6 +1346,7 @@ "sha256:44b5df8f08c74c3d82d28100fdc81f4536809ce98a17f0757557813275fbb663", "sha256:63509b41d158ae5b7f67eb4ad20fecbb4eee99434e73e140354dc3ff8e09716f" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.58.0" }, "websockets": { @@ -1370,6 +1435,7 @@ "sha256:f0b059678fd549c66b89bed03efcabb009075bd131c248ecdf087bdb6faba24a", "sha256:fcbb48a93e8699eae920f8d92f7160c03567b421bc17362a9ffbbd706a816f71" ], + "markers": "python_version >= '3.6'", "version": "==1.6.3" }, "zope.interface": { @@ -1426,6 +1492,7 @@ "sha256:fa939c2e2468142c9773443d4038e7c915b0cc1b670d3c9192bdc503f7ea73e9", "sha256:fcc5c1f95102989d2e116ffc8467963554ce89f30a65a3ea86a4d06849c498d8" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==5.3.0" } }, @@ -1442,6 +1509,7 @@ "sha256:6b0ed1af831570e500e2437625979eaa3b36011f66ddfc4ce930128610258ca9", "sha256:cd80bf957c49765dce6d92c43163ff9d2abc43132ce64d4b1b47717c6d2522df" ], + "markers": "python_version >= '3.6'", "version": "==2.5.2" }, "attrs": { @@ -1449,6 +1517,7 @@ "sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6", "sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==20.3.0" }, "bandit": { @@ -1471,6 +1540,7 @@ "sha256:37f927ea17cde7ae2d7baf832f8e80ce3777624554a653006c9144f8017fe410", "sha256:762cb2bfad61f4ec8e2bdf452c7c267416f8c70dd9ecb1653fd0bbb01fa936e6" ], + "markers": "python_version >= '3.5'", "version": "==1.0.1" }, "bumpversion": { @@ -1486,6 +1556,7 @@ "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a", "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==7.1.2" }, "colorama": { @@ -1559,6 +1630,7 @@ "sha256:6c4cc71933456991da20917998acbe6cf4fb41eeaab7d6d67fbc05ecd4c865b0", "sha256:96bf5c08b157a666fec41129e6d327235284cca4c81e92109260f353ba138005" ], + "markers": "python_version >= '3.4'", "version": "==4.0.7" }, "gitpython": { @@ -1566,6 +1638,7 @@ "sha256:3283ae2fba31c913d857e12e5ba5f9a7772bbc064ae2bb09efafa71b0dd4939b", "sha256:be27633e7509e58391f10207cd32b2a6cf5b908f92d9cd30da2e514e1137af61" ], + "markers": "python_version >= '3.4'", "version": "==3.1.14" }, "iniconfig": { @@ -1580,6 +1653,7 @@ "sha256:0a943902919f65c5684ac4e0154b1ad4fac6dcaa5d9f3426b732f1c8b5419be6", "sha256:2bb1680aad211e3c9944dbce1d4ba09a989f04e238296c87fe2139faa26d655d" ], + "markers": "python_version >= '3.6' and python_version < '4.0'", "version": "==5.8.0" }, "lazy-object-proxy": { @@ -1607,6 +1681,7 @@ "sha256:ed361bb83436f117f9917d282a456f9e5009ea12fd6de8742d1a4752c3017e93", "sha256:f5144c75445ae3ca2057faac03fda5a902eff196702b0a24daf1d6ce0650514b" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.6.0" }, "mccabe": { @@ -1643,6 +1718,7 @@ "sha256:5fad80b613c402d5b7df7bd84812548b2a61e9977387a80a5fc5c396492b13c9", "sha256:b236cde0ac9a6aedd5e3c34517b423cd4fd97ef723849da6b0d2231142d89c00" ], + "markers": "python_version >= '2.6'", "version": "==5.5.1" }, "pluggy": { @@ -1650,6 +1726,7 @@ "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.13.1" }, "py": { @@ -1657,6 +1734,7 @@ "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3", "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.10.0" }, "pylint": { @@ -1687,6 +1765,7 @@ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.4.7" }, "pytest": { @@ -1799,6 +1878,7 @@ "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259", "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.15.0" }, "smmap": { @@ -1806,6 +1886,7 @@ "sha256:7e65386bd122d45405ddf795637b7f7d2b532e7e401d46bbe3fb49b9986d5182", "sha256:a9a7479e4c572e2e775c404dcd3080c8dc49f39918c2cf74913d30c4c478e3c2" ], + "markers": "python_version >= '3.5'", "version": "==4.0.0" }, "stevedore": { @@ -1813,6 +1894,7 @@ "sha256:3a5bbd0652bf552748871eaa73a4a8dc2899786bc497a2aa1fcb4dcdb0debeee", "sha256:50d7b78fbaf0d04cd62411188fa7eedcb03eb7f4c4b37005615ceebe582aa82a" ], + "markers": "python_version >= '3.6'", "version": "==3.3.0" }, "toml": { @@ -1820,6 +1902,7 @@ "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b", "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.10.2" }, "typed-ast": { diff --git a/authentik/admin/api/metrics.py b/authentik/admin/api/metrics.py index ad3943e16..360ce263b 100644 --- a/authentik/admin/api/metrics.py +++ b/authentik/admin/api/metrics.py @@ -7,7 +7,7 @@ from django.db.models import Count, ExpressionWrapper, F, Model from django.db.models.fields import DurationField from django.db.models.functions import ExtractHour from django.utils.timezone import now -from drf_yasg2.utils import swagger_auto_schema, swagger_serializer_method +from drf_yasg.utils import swagger_auto_schema, swagger_serializer_method from rest_framework.fields import IntegerField, SerializerMethodField from rest_framework.permissions import IsAdminUser from rest_framework.request import Request diff --git a/authentik/admin/api/tasks.py b/authentik/admin/api/tasks.py index d3abd5dea..dfbca3140 100644 --- a/authentik/admin/api/tasks.py +++ b/authentik/admin/api/tasks.py @@ -5,7 +5,7 @@ from django.contrib import messages from django.db.models import Model from django.http.response import Http404 from django.utils.translation import gettext_lazy as _ -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import CharField, ChoiceField, DateTimeField, ListField from rest_framework.permissions import IsAdminUser diff --git a/authentik/admin/api/version.py b/authentik/admin/api/version.py index 3aa85277a..4f0f03178 100644 --- a/authentik/admin/api/version.py +++ b/authentik/admin/api/version.py @@ -3,7 +3,7 @@ from os import environ from django.core.cache import cache from django.db.models import Model -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from packaging.version import parse from rest_framework.fields import SerializerMethodField from rest_framework.mixins import ListModelMixin diff --git a/authentik/api/pagination_schema.py b/authentik/api/pagination_schema.py index 057bd8b72..3d4f86c61 100644 --- a/authentik/api/pagination_schema.py +++ b/authentik/api/pagination_schema.py @@ -1,8 +1,8 @@ """Swagger Pagination Schema class""" from typing import OrderedDict -from drf_yasg2 import openapi -from drf_yasg2.inspectors import PaginatorInspector +from drf_yasg import openapi +from drf_yasg.inspectors import PaginatorInspector class PaginationInspector(PaginatorInspector): diff --git a/authentik/api/schema.py b/authentik/api/schema.py index 56eb17c42..b75d20fbc 100644 --- a/authentik/api/schema.py +++ b/authentik/api/schema.py @@ -1,7 +1,7 @@ """Error Response schema, from https://github.com/axnsan12/drf-yasg/issues/224""" -from drf_yasg2 import openapi -from drf_yasg2.inspectors.view import SwaggerAutoSchema -from drf_yasg2.utils import force_real_str, is_list_view +from drf_yasg import openapi +from drf_yasg.inspectors.view import SwaggerAutoSchema +from drf_yasg.utils import force_real_str, is_list_view from rest_framework import exceptions, status from rest_framework.settings import api_settings diff --git a/authentik/api/v2/config.py b/authentik/api/v2/config.py index e2ec1b1dc..e878f024e 100644 --- a/authentik/api/v2/config.py +++ b/authentik/api/v2/config.py @@ -1,6 +1,6 @@ """core Configs API""" from django.db.models import Model -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.fields import BooleanField, CharField, ListField from rest_framework.permissions import AllowAny from rest_framework.request import Request diff --git a/authentik/api/v2/urls.py b/authentik/api/v2/urls.py index 573e615e1..90747dc40 100644 --- a/authentik/api/v2/urls.py +++ b/authentik/api/v2/urls.py @@ -1,7 +1,7 @@ """api v2 urls""" from django.urls import path, re_path -from drf_yasg2 import openapi -from drf_yasg2.views import get_schema_view +from drf_yasg import openapi +from drf_yasg.views import get_schema_view from rest_framework import routers from rest_framework.permissions import AllowAny diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py index 13ce217c0..c9fbc8430 100644 --- a/authentik/core/api/applications.py +++ b/authentik/core/api/applications.py @@ -1,7 +1,7 @@ """Application API Views""" from django.core.cache import cache from django.db.models import QuerySet -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import SerializerMethodField from rest_framework.request import Request @@ -49,7 +49,6 @@ class ApplicationSerializer(ModelSerializer): "meta_icon", "meta_description", "meta_publisher", - "policies", ] diff --git a/authentik/core/api/propertymappings.py b/authentik/core/api/propertymappings.py index ef3754b96..17a062a46 100644 --- a/authentik/core/api/propertymappings.py +++ b/authentik/core/api/propertymappings.py @@ -1,6 +1,6 @@ """PropertyMapping API Views""" from django.urls import reverse -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework import mixins from rest_framework.decorators import action from rest_framework.request import Request diff --git a/authentik/core/api/providers.py b/authentik/core/api/providers.py index bbee513f9..0dd676133 100644 --- a/authentik/core/api/providers.py +++ b/authentik/core/api/providers.py @@ -1,7 +1,7 @@ """Provider API Views""" from django.urls import reverse from django.utils.translation import gettext_lazy as _ -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import ReadOnlyField from rest_framework.request import Request diff --git a/authentik/core/api/sources.py b/authentik/core/api/sources.py index 8aee40e97..3fa14ad3e 100644 --- a/authentik/core/api/sources.py +++ b/authentik/core/api/sources.py @@ -2,7 +2,7 @@ from typing import Iterable from django.urls import reverse -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework import mixins from rest_framework.decorators import action from rest_framework.request import Request diff --git a/authentik/core/api/tokens.py b/authentik/core/api/tokens.py index aef414bff..127440bfd 100644 --- a/authentik/core/api/tokens.py +++ b/authentik/core/api/tokens.py @@ -1,7 +1,7 @@ """Tokens API Viewset""" from django.db.models.base import Model from django.http.response import Http404 -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import CharField from rest_framework.request import Request diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index f36d852a0..1584a6c50 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -2,7 +2,7 @@ from django.db.models.base import Model from django.urls import reverse_lazy from django.utils.http import urlencode -from drf_yasg2.utils import swagger_auto_schema, swagger_serializer_method +from drf_yasg.utils import swagger_auto_schema, swagger_serializer_method from guardian.utils import get_anonymous_user from rest_framework.decorators import action from rest_framework.fields import CharField, SerializerMethodField diff --git a/authentik/crypto/api.py b/authentik/crypto/api.py index 237548a6a..97be5a06a 100644 --- a/authentik/crypto/api.py +++ b/authentik/crypto/api.py @@ -4,7 +4,7 @@ from cryptography.hazmat.primitives.serialization import load_pem_private_key from cryptography.x509 import load_pem_x509_certificate from django.db.models import Model from django.utils.translation import gettext_lazy as _ -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import ( CharField, diff --git a/authentik/events/api/event.py b/authentik/events/api/event.py index 3eb7230bc..0c59cf10b 100644 --- a/authentik/events/api/event.py +++ b/authentik/events/api/event.py @@ -2,7 +2,7 @@ import django_filters from django.db.models.aggregates import Count from django.db.models.fields.json import KeyTextTransform -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action from rest_framework.fields import CharField, DictField, IntegerField diff --git a/authentik/events/api/notification_transport.py b/authentik/events/api/notification_transport.py index b20d0bd97..7fdb5d260 100644 --- a/authentik/events/api/notification_transport.py +++ b/authentik/events/api/notification_transport.py @@ -1,6 +1,6 @@ """NotificationTransport API Views""" from django.http.response import Http404 -from drf_yasg2.utils import no_body, swagger_auto_schema +from drf_yasg.utils import no_body, swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import CharField, ListField, SerializerMethodField from rest_framework.request import Request diff --git a/authentik/flows/api/flows.py b/authentik/flows/api/flows.py index c2a886e4c..58bc76d02 100644 --- a/authentik/flows/api/flows.py +++ b/authentik/flows/api/flows.py @@ -4,8 +4,8 @@ from dataclasses import dataclass from django.core.cache import cache from django.db.models import Model from django.http.response import JsonResponse -from drf_yasg2 import openapi -from drf_yasg2.utils import no_body, swagger_auto_schema +from drf_yasg import openapi +from drf_yasg.utils import no_body, swagger_auto_schema from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action from rest_framework.request import Request diff --git a/authentik/flows/api/stages.py b/authentik/flows/api/stages.py index 8073e2564..c80a426b5 100644 --- a/authentik/flows/api/stages.py +++ b/authentik/flows/api/stages.py @@ -2,7 +2,7 @@ from typing import Iterable from django.urls import reverse -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework import mixins from rest_framework.decorators import action from rest_framework.request import Request diff --git a/authentik/flows/views.py b/authentik/flows/views.py index 9020894c6..3b3e2225f 100644 --- a/authentik/flows/views.py +++ b/authentik/flows/views.py @@ -10,8 +10,8 @@ from django.template.response import TemplateResponse from django.utils.decorators import method_decorator from django.views.decorators.clickjacking import xframe_options_sameorigin from django.views.generic import View -from drf_yasg2 import openapi -from drf_yasg2.utils import no_body, swagger_auto_schema +from drf_yasg import openapi +from drf_yasg.utils import no_body, swagger_auto_schema from rest_framework.permissions import AllowAny from rest_framework.views import APIView from structlog.stdlib import BoundLogger, get_logger diff --git a/authentik/outposts/api/outpost_service_connections.py b/authentik/outposts/api/outpost_service_connections.py index d8ed4bd7d..b638bde55 100644 --- a/authentik/outposts/api/outpost_service_connections.py +++ b/authentik/outposts/api/outpost_service_connections.py @@ -3,7 +3,7 @@ from dataclasses import asdict from django.db.models.base import Model from django.urls import reverse -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import BooleanField, CharField, SerializerMethodField from rest_framework.request import Request diff --git a/authentik/outposts/api/outposts.py b/authentik/outposts/api/outposts.py index f908e14ff..cd185bb96 100644 --- a/authentik/outposts/api/outposts.py +++ b/authentik/outposts/api/outposts.py @@ -1,6 +1,6 @@ """Outpost API Views""" from django.db.models import Model -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import BooleanField, CharField, DateTimeField from rest_framework.request import Request diff --git a/authentik/policies/api.py b/authentik/policies/api.py index 3eb1f0a84..ce50695fa 100644 --- a/authentik/policies/api.py +++ b/authentik/policies/api.py @@ -3,7 +3,7 @@ from django.core.cache import cache from django.core.exceptions import ObjectDoesNotExist from django.http.response import HttpResponseBadRequest from django.urls import reverse -from drf_yasg2.utils import no_body, swagger_auto_schema +from drf_yasg.utils import no_body, swagger_auto_schema from rest_framework import mixins from rest_framework.decorators import action from rest_framework.request import Request diff --git a/authentik/providers/oauth2/api/provider.py b/authentik/providers/oauth2/api/provider.py index 8a5a2e271..2e9046529 100644 --- a/authentik/providers/oauth2/api/provider.py +++ b/authentik/providers/oauth2/api/provider.py @@ -1,6 +1,6 @@ """OAuth2Provider API Views""" from django.urls import reverse -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import ReadOnlyField from rest_framework.generics import get_object_or_404 diff --git a/authentik/providers/proxy/api.py b/authentik/providers/proxy/api.py index f9374c0b5..ff9fc94a2 100644 --- a/authentik/providers/proxy/api.py +++ b/authentik/providers/proxy/api.py @@ -1,5 +1,5 @@ """ProxyProvider API Views""" -from drf_yasg2.utils import swagger_serializer_method +from drf_yasg.utils import swagger_serializer_method from rest_framework.fields import CharField, ListField, SerializerMethodField from rest_framework.request import Request from rest_framework.response import Response diff --git a/authentik/providers/saml/api.py b/authentik/providers/saml/api.py index 10356f600..052de8b5c 100644 --- a/authentik/providers/saml/api.py +++ b/authentik/providers/saml/api.py @@ -1,5 +1,5 @@ """SAMLProvider API Views""" -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import ReadOnlyField from rest_framework.request import Request diff --git a/authentik/root/settings.py b/authentik/root/settings.py index e2d2e8755..39fe5439b 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -126,7 +126,7 @@ INSTALLED_APPS = [ "authentik.stages.user_write.apps.AuthentikStageUserWriteConfig", "rest_framework", "django_filters", - "drf_yasg2", + "drf_yasg", "guardian", "django_prometheus", "channels", @@ -438,7 +438,7 @@ _LOGGING_HANDLER_MAP = { "kubernetes": "INFO", "asyncio": "WARNING", "aioredis": "WARNING", - "drf_yasg2.utils": "WARNING", + "drf_yasg.utils": "WARNING", } for handler_name, level in _LOGGING_HANDLER_MAP.items(): # pyright: reportGeneralTypeIssues=false diff --git a/authentik/sources/ldap/api.py b/authentik/sources/ldap/api.py index 60551bc85..ff4f20674 100644 --- a/authentik/sources/ldap/api.py +++ b/authentik/sources/ldap/api.py @@ -4,7 +4,7 @@ from time import time from django.core.cache import cache from django.db.models.base import Model -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import DateTimeField from rest_framework.request import Request diff --git a/authentik/sources/saml/api.py b/authentik/sources/saml/api.py index c6ca57bd1..91a4407fb 100644 --- a/authentik/sources/saml/api.py +++ b/authentik/sources/saml/api.py @@ -1,5 +1,5 @@ """SAMLSource API Views""" -from drf_yasg2.utils import swagger_auto_schema +from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.request import Request from rest_framework.response import Response diff --git a/swagger.yaml b/swagger.yaml index e423dee30..2ed98d16c 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -27,7 +27,7 @@ paths: parameters: [] responses: '200': - description: Login Metrics per 1h + description: '' schema: $ref: '#/definitions/LoginMetrics' '403': @@ -44,9 +44,8 @@ paths: parameters: [] responses: '200': - description: Serialize TaskInfo and TaskResult + description: '' schema: - description: '' type: array items: $ref: '#/definitions/Task' @@ -108,7 +107,7 @@ paths: type: integer responses: '200': - description: Get running and latest version. + description: '' schema: $ref: '#/definitions/Version' '403': @@ -180,7 +179,6 @@ paths: results: type: array items: - description: '' type: object properties: {} '403': @@ -1308,9 +1306,8 @@ paths: parameters: [] responses: '200': - description: Coordinates for diagrams + description: '' schema: - description: '' type: array items: $ref: '#/definitions/Coordinate' @@ -1766,7 +1763,7 @@ paths: parameters: [] responses: '200': - description: Show token's current key + description: '' schema: $ref: '#/definitions/TokenView' '403': @@ -2063,9 +2060,7 @@ paths: type: integer responses: '200': - description: Response for the /user/me endpoint, returns the currently active - user (as `user` property) and, if this user is being impersonated, the - original user in the `original` property. + description: '' schema: $ref: '#/definitions/SessionUser' '403': @@ -2117,7 +2112,7 @@ paths: type: integer responses: '200': - description: User Metrics + description: '' schema: $ref: '#/definitions/UserMetrics' '403': @@ -2237,7 +2232,7 @@ paths: parameters: [] responses: '200': - description: Recovery link for a user to reset their password + description: '' schema: $ref: '#/definitions/UserRecovery' '403': @@ -2363,7 +2358,7 @@ paths: $ref: '#/definitions/CertificateGeneration' responses: '200': - description: CertificateKeyPair Serializer + description: '' schema: $ref: '#/definitions/CertificateKeyPair' '400': @@ -2488,7 +2483,7 @@ paths: parameters: [] responses: '200': - description: Get CertificateKeyPair's data + description: '' schema: $ref: '#/definitions/CertificateData' '403': @@ -2516,7 +2511,7 @@ paths: parameters: [] responses: '200': - description: Get CertificateKeyPair's data + description: '' schema: $ref: '#/definitions/CertificateData' '403': @@ -2709,9 +2704,8 @@ paths: default: 15 responses: '200': - description: Response object of Event's top_per_user + description: '' schema: - description: '' type: array items: $ref: '#/definitions/EventTopPerUser' @@ -3358,7 +3352,7 @@ paths: parameters: [] responses: '200': - description: Notification test serializer + description: '' schema: $ref: '#/definitions/NotificationTransportTest' '403': @@ -3629,8 +3623,7 @@ paths: type: string responses: '200': - description: Challenge that gets sent to the client based on which stage - is currently active + description: '' schema: $ref: '#/definitions/Challenge' '403': @@ -3661,8 +3654,7 @@ paths: type: string responses: '200': - description: Challenge that gets sent to the client based on which stage - is currently active + description: '' schema: $ref: '#/definitions/Challenge' '400': @@ -3863,7 +3855,7 @@ paths: type: integer responses: '200': - description: Generic cache stats for an object + description: '' schema: $ref: '#/definitions/Cache' '403': @@ -3986,7 +3978,7 @@ paths: parameters: [] responses: '200': - description: response of the flow's /diagram/ action + description: '' schema: $ref: '#/definitions/FlowDiagram' '403': @@ -4497,9 +4489,8 @@ paths: parameters: [] responses: '200': - description: Outpost health status + description: '' schema: - description: '' type: array items: $ref: '#/definitions/OutpostHealth' @@ -4849,9 +4840,8 @@ paths: type: integer responses: '200': - description: Types of an object that can be created + description: '' schema: - description: '' type: array items: $ref: '#/definitions/TypeCreate' @@ -4973,7 +4963,7 @@ paths: parameters: [] responses: '200': - description: Serializer for Service connection state + description: '' schema: $ref: '#/definitions/ServiceConnectionState' '403': @@ -5524,7 +5514,7 @@ paths: type: integer responses: '200': - description: Generic cache stats for an object + description: '' schema: $ref: '#/definitions/Cache' '403': @@ -5571,9 +5561,8 @@ paths: type: integer responses: '200': - description: Types of an object that can be created + description: '' schema: - description: '' type: array items: $ref: '#/definitions/TypeCreate' @@ -7740,9 +7729,8 @@ paths: type: integer responses: '200': - description: Types of an object that can be created + description: '' schema: - description: '' type: array items: $ref: '#/definitions/TypeCreate' @@ -8524,9 +8512,8 @@ paths: type: integer responses: '200': - description: Types of an object that can be created + description: '' schema: - description: '' type: array items: $ref: '#/definitions/TypeCreate' @@ -8844,7 +8831,7 @@ paths: parameters: [] responses: '200': - description: OAuth2 Provider Metadata serializer + description: '' schema: $ref: '#/definitions/OAuth2ProviderSetupURLs' '403': @@ -9265,7 +9252,7 @@ paths: parameters: [] responses: '200': - description: SAML Provider Metadata serializer + description: '' schema: $ref: '#/definitions/SAMLMetadata' '403': @@ -9292,7 +9279,7 @@ paths: parameters: [] responses: '200': - description: Serialize authentik Config into DRF Object + description: '' schema: $ref: '#/definitions/Config' '403': @@ -9399,9 +9386,8 @@ paths: type: integer responses: '200': - description: Types of an object that can be created + description: '' schema: - description: '' type: array items: $ref: '#/definitions/TypeCreate' @@ -9439,9 +9425,8 @@ paths: type: integer responses: '200': - description: Serializer for User settings for stages and sources + description: '' schema: - description: '' type: array items: $ref: '#/definitions/UserSetting' @@ -9705,7 +9690,7 @@ paths: parameters: [] responses: '200': - description: LDAP Sync status + description: '' schema: $ref: '#/definitions/LDAPSourceSyncStatus' '403': @@ -10334,7 +10319,7 @@ paths: parameters: [] responses: '200': - description: SAML Provider Metadata serializer + description: '' schema: $ref: '#/definitions/SAMLMetadata' '403': @@ -10463,9 +10448,8 @@ paths: type: integer responses: '200': - description: Types of an object that can be created + description: '' schema: - description: '' type: array items: $ref: '#/definitions/TypeCreate' @@ -10508,9 +10492,8 @@ paths: type: integer responses: '200': - description: Serializer for User settings for stages and sources + description: '' schema: - description: '' type: array items: $ref: '#/definitions/UserSetting' @@ -14406,7 +14389,6 @@ definitions: description: Error code type: string Coordinate: - description: Coordinates for diagrams type: object properties: x_cord: @@ -14418,23 +14400,21 @@ definitions: type: integer readOnly: true LoginMetrics: - description: Login Metrics per 1h type: object properties: logins_per_1h: - description: '' + description: Get successful logins per hour for the last 24 hours type: array items: $ref: '#/definitions/Coordinate' readOnly: true logins_failed_per_1h: - description: '' + description: Get failed logins per hour for the last 24 hours type: array items: $ref: '#/definitions/Coordinate' readOnly: true Task: - description: Serialize TaskInfo and TaskResult required: - task_name - task_description @@ -14463,12 +14443,11 @@ definitions: - WARNING - ERROR messages: - description: '' type: array items: type: string + x-nullable: true Version: - description: Get running and latest version. type: object properties: version_current: @@ -14488,7 +14467,6 @@ definitions: type: boolean readOnly: true StaticDevice: - description: Serializer for static authenticator devices required: - name type: object @@ -14500,12 +14478,8 @@ definitions: maxLength: 64 minLength: 1 token_set: - description: '' type: array items: - description: 'A single token belonging to a :class:`StaticDevice`. .. attribute:: - device *ForeignKey*: A foreign key to :class:`StaticDevice`. .. attribute:: - token *CharField*: A random string up to 16 characters.' required: - token type: object @@ -14520,13 +14494,6 @@ definitions: maxLength: 16 minLength: 1 device: - description: "A static :class:`~django_otp.models.Device` simply consists\ - \ of random tokens shared by the database and the user. These are\ - \ frequently used as emergency tokens in case a user's normal device\ - \ is lost or unavailable. They can be consumed in any order; each\ - \ token will be removed from the database as soon as it is used. This\ - \ model has no fields of its own, but serves as a container for :class:`StaticToken`\ - \ objects. .. attribute:: token_set The RelatedManager for our tokens." required: - name - user @@ -14570,7 +14537,6 @@ definitions: type: integer readOnly: true TOTPDevice: - description: Serializer for totp authenticator devices required: - name type: object @@ -14586,7 +14552,6 @@ definitions: type: integer readOnly: true WebAuthnDevice: - description: Serializer for WebAuthn authenticator devices required: - name type: object @@ -14606,8 +14571,6 @@ definitions: format: date-time readOnly: true Provider: - title: Provider - description: Provider Serializer required: - name - application @@ -14657,7 +14620,6 @@ definitions: type: string readOnly: true Application: - description: Application Serializer required: - name - slug @@ -14703,15 +14665,7 @@ definitions: meta_publisher: title: Meta publisher type: string - policies: - type: array - items: - type: string - format: uuid - readOnly: true - uniqueItems: true Group: - description: Group Serializer required: - name - parent @@ -14736,6 +14690,7 @@ definitions: title: Parent type: string format: uuid + x-nullable: true users: type: array items: @@ -14745,8 +14700,6 @@ definitions: title: Attributes type: object User: - title: User - description: User Serializer required: - username - name @@ -14797,7 +14750,6 @@ definitions: title: Attributes type: object Token: - description: Token Serializer required: - identifier - user @@ -14835,7 +14787,6 @@ definitions: title: Expiring type: boolean TokenView: - description: Show token's current key type: object properties: key: @@ -14844,7 +14795,6 @@ definitions: readOnly: true minLength: 1 UserConsent: - description: UserConsent Serializer required: - user - application @@ -14863,9 +14813,6 @@ definitions: application: $ref: '#/definitions/Application' SessionUser: - description: Response for the /user/me endpoint, returns the currently active - user (as `user` property) and, if this user is being impersonated, the original - user in the `original` property. required: - user type: object @@ -14875,29 +14822,27 @@ definitions: original: $ref: '#/definitions/User' UserMetrics: - description: User Metrics type: object properties: logins_per_1h: - description: '' + description: Get successful logins per hour for the last 24 hours type: array items: $ref: '#/definitions/Coordinate' readOnly: true logins_failed_per_1h: - description: '' + description: Get failed logins per hour for the last 24 hours type: array items: $ref: '#/definitions/Coordinate' readOnly: true authorizations_per_1h: - description: '' + description: Get failed logins per hour for the last 24 hours type: array items: $ref: '#/definitions/Coordinate' readOnly: true UserRecovery: - description: Recovery link for a user to reset their password required: - link type: object @@ -14907,7 +14852,6 @@ definitions: type: string minLength: 1 CertificateKeyPair: - description: CertificateKeyPair Serializer required: - name - certificate_data @@ -14950,7 +14894,6 @@ definitions: type: boolean readOnly: true CertificateGeneration: - description: Certificate generation parameters required: - common_name - validity_days @@ -14967,7 +14910,6 @@ definitions: title: Validity days type: integer CertificateData: - description: Get CertificateKeyPair's data type: object properties: data: @@ -14976,7 +14918,6 @@ definitions: readOnly: true minLength: 1 Event: - description: Event Serializer required: - action - app @@ -15016,7 +14957,6 @@ definitions: type: string format: date-time EventTopPerUser: - description: Response object of Event's top_per_user required: - application - counted_events @@ -15028,6 +14968,7 @@ definitions: type: object additionalProperties: type: string + x-nullable: true counted_events: title: Counted events type: integer @@ -15035,7 +14976,6 @@ definitions: title: Unique users type: integer Notification: - description: Notification Serializer type: object properties: pk: @@ -15062,7 +15002,6 @@ definitions: title: Seen type: boolean NotificationRule: - description: NotificationRule Serializer required: - name type: object @@ -15077,10 +15016,8 @@ definitions: type: string minLength: 1 transports: - description: '' type: array items: - description: Action which is executed when a Rule matches required: - name - mode @@ -15121,7 +15058,6 @@ definitions: - warning - alert group: - description: Custom Group model which supports a basic hierarchy required: - name type: object @@ -15144,7 +15080,6 @@ definitions: title: Attributes type: object parent: - description: Custom Group model which supports a basic hierarchy required: - name - parent @@ -15171,10 +15106,10 @@ definitions: title: Parent type: string format: uuid + x-nullable: true readOnly: true readOnly: true NotificationTransport: - description: NotificationTransport Serializer required: - name - mode @@ -15209,19 +15144,16 @@ definitions: into a chat channel. type: boolean NotificationTransportTest: - description: Notification test serializer required: - messages type: object properties: messages: - description: '' type: array items: type: string minLength: 1 Flow: - description: Flow Serializer required: - name - slug @@ -15293,8 +15225,6 @@ definitions: type: string readOnly: true Stage: - title: Stage obj - description: Stage Serializer required: - name type: object @@ -15321,12 +15251,10 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' FlowStageBinding: - description: FlowStageBinding Serializer required: - target - stage @@ -15374,7 +15302,6 @@ definitions: readOnly: true uniqueItems: true ErrorDetail: - description: Serializer for rest_framework's error messages required: - string - code @@ -15389,8 +15316,6 @@ definitions: type: string minLength: 1 Challenge: - description: Challenge that gets sent to the client based on which stage is currently - active required: - type type: object @@ -15418,16 +15343,13 @@ definitions: title: Response errors type: object additionalProperties: - description: '' type: array items: $ref: '#/definitions/ErrorDetail' ChallengeResponse: - description: Base class for all challenge responses type: object properties: {} Cache: - description: Generic cache stats for an object type: object properties: count: @@ -15435,7 +15357,6 @@ definitions: type: integer readOnly: true FlowDiagram: - description: response of the flow's /diagram/ action type: object properties: diagram: @@ -15444,8 +15365,6 @@ definitions: readOnly: true minLength: 1 OAuth2Provider: - title: Provider - description: OAuth2Provider Serializer required: - name - application @@ -15560,7 +15479,6 @@ definitions: - global - per_provider ExpiringBaseGrantModel: - description: Serializer for BaseGrantModel and ExpiringBaseGrant required: - provider - user @@ -15584,13 +15502,11 @@ definitions: type: string format: date-time scope: - description: '' type: array items: type: string minLength: 1 Outpost: - description: Outpost Serializer required: - name - providers @@ -15612,7 +15528,6 @@ definitions: type: integer uniqueItems: true providers_obj: - description: '' type: array items: $ref: '#/definitions/Provider' @@ -15632,7 +15547,6 @@ definitions: title: config type: object OutpostHealth: - description: Outpost health status type: object properties: last_seen: @@ -15655,8 +15569,7 @@ definitions: type: boolean readOnly: true OpenIDConnectConfiguration: - title: Oidc configuration - description: rest_framework Serializer for OIDC Configuration + description: Embed OpenID Connect provider information required: - issuer - authorization_endpoint @@ -15700,31 +15613,26 @@ definitions: type: string minLength: 1 response_types_supported: - description: '' type: array items: type: string minLength: 1 id_token_signing_alg_values_supported: - description: '' type: array items: type: string minLength: 1 subject_types_supported: - description: '' type: array items: type: string minLength: 1 token_endpoint_auth_methods_supported: - description: '' type: array items: type: string minLength: 1 ProxyOutpostConfig: - description: ProxyProvider Serializer required: - name - internal_host @@ -15792,7 +15700,6 @@ definitions: Header. If not set, the user's Email address is used. type: string ServiceConnection: - description: ServiceConnection Serializer required: - name type: object @@ -15824,7 +15731,6 @@ definitions: type: string readOnly: true TypeCreate: - description: Types of an object that can be created required: - name - description @@ -15844,7 +15750,6 @@ definitions: type: string minLength: 1 ServiceConnectionState: - description: Serializer for Service connection state type: object properties: healthy: @@ -15857,7 +15762,6 @@ definitions: readOnly: true minLength: 1 DockerServiceConnection: - description: DockerServiceConnection Serializer required: - name - url @@ -15911,7 +15815,6 @@ definitions: format: uuid x-nullable: true KubernetesServiceConnection: - description: KubernetesServiceConnection Serializer required: - name type: object @@ -15948,7 +15851,6 @@ definitions: the currently selected context. type: object Policy: - description: Policy Serializer type: object properties: pk: @@ -15982,7 +15884,6 @@ definitions: type: integer readOnly: true PolicyBinding: - description: PolicyBinding Serializer required: - target - order @@ -15994,8 +15895,6 @@ definitions: format: uuid readOnly: true policy: - description: Policies which specify if a user is authorized to use an Application. - Can be overridden by other types to add other fields, more logic, etc. type: object properties: policy_uuid: @@ -16026,7 +15925,6 @@ definitions: group: $ref: '#/definitions/Group' user: - description: Custom User model to allow easier adding of user-based settings required: - password - username @@ -16096,20 +15994,8 @@ definitions: title: Attributes type: object groups: - description: '' type: array items: - description: Groups are a generic way of categorizing users to apply - permissions, or some other label, to those users. A user can belong - to any number of groups. A user in a group automatically has all the - permissions granted to that group. For example, if the group 'Site - editors' has the permission can_edit_home_page, any user in that group - will have that permission. Beyond permissions, groups are a convenient - way to categorize users to apply some label, or extended functionality, - to them. For example, you could create a group 'Special users', and - you could write code that would do special things to those users -- - such as giving them access to a members-only portion of your site, - or sending them members-only email messages. required: - name type: object @@ -16130,25 +16016,8 @@ definitions: uniqueItems: true readOnly: true user_permissions: - description: '' type: array items: - description: "The permissions system provides a way to assign permissions\ - \ to specific users and groups of users. The permission system is\ - \ used by the Django admin site, but may also be useful in your own\ - \ code. The Django admin site uses permissions as follows: - The \"\ - add\" permission limits the user's ability to view the \"add\" form\ - \ and add an object. - The \"change\" permission limits a user's ability\ - \ to view the change list, view the \"change\" form and change an\ - \ object. - The \"delete\" permission limits the ability to delete\ - \ an object. - The \"view\" permission limits the ability to view\ - \ an object. Permissions are set globally per type of object, not\ - \ per specific object instance. It is possible to say \"Mary may change\ - \ news stories,\" but it's not currently possible to say \"Mary may\ - \ change news stories, but only the ones she created herself\" or\ - \ \"Mary may only change news stories that have a certain status or\ - \ publication date.\" The permissions listed above are automatically\ - \ created for each model." required: - name - codename @@ -16174,11 +16043,8 @@ definitions: type: integer readOnly: true sources: - description: '' type: array items: - description: Base Authentication source, i.e. an OAuth Provider, SAML - Remote or LDAP Server required: - name - slug @@ -16232,10 +16098,8 @@ definitions: uniqueItems: true readOnly: true ak_groups: - description: '' type: array items: - description: Custom Group model which supports a basic hierarchy required: - name - parent @@ -16262,6 +16126,7 @@ definitions: title: Parent type: string format: uuid + x-nullable: true readOnly: true readOnly: true target: @@ -16283,7 +16148,6 @@ definitions: maximum: 2147483647 minimum: -2147483648 DummyPolicy: - description: Dummy Policy Serializer type: object properties: pk: @@ -16330,7 +16194,6 @@ definitions: maximum: 2147483647 minimum: -2147483648 EventMatcherPolicy: - description: Event Matcher Policy Serializer type: object properties: pk: @@ -16445,7 +16308,6 @@ definitions: - authentik.managed - authentik.core ExpressionPolicy: - description: Group Membership Policy Serializer required: - expression type: object @@ -16485,7 +16347,6 @@ definitions: type: string minLength: 1 HaveIBeenPwendPolicy: - description: Have I Been Pwned Policy Serializer type: object properties: pk: @@ -16529,7 +16390,6 @@ definitions: maximum: 2147483647 minimum: -2147483648 PasswordPolicy: - description: Password Policy Serializer required: - error_message type: object @@ -16598,7 +16458,6 @@ definitions: type: string minLength: 1 PasswordExpiryPolicy: - description: Password Expiry Policy Serializer required: - days type: object @@ -16642,7 +16501,6 @@ definitions: title: Deny only type: boolean ReputationPolicy: - description: Reputation Policy Serializer type: object properties: pk: @@ -16687,7 +16545,6 @@ definitions: maximum: 2147483647 minimum: -2147483648 IPReputation: - description: IPReputation Serializer required: - ip type: object @@ -16711,7 +16568,6 @@ definitions: format: date-time readOnly: true UserReputation: - description: UserReputation Serializer required: - user type: object @@ -16734,7 +16590,6 @@ definitions: format: date-time readOnly: true PropertyMapping: - description: PropertyMapping Serializer required: - name - expression @@ -16766,7 +16621,6 @@ definitions: type: string readOnly: true LDAPPropertyMapping: - description: LDAP PropertyMapping Serializer required: - name - expression @@ -16799,7 +16653,6 @@ definitions: type: string readOnly: true SAMLPropertyMapping: - description: SAMLPropertyMapping Serializer required: - name - saml_name @@ -16836,7 +16689,6 @@ definitions: type: string readOnly: true ScopeMapping: - description: ScopeMapping Serializer required: - name - scope_name @@ -16875,7 +16727,6 @@ definitions: type: string readOnly: true OAuth2ProviderSetupURLs: - description: OAuth2 Provider Metadata serializer type: object properties: issuer: @@ -16903,7 +16754,6 @@ definitions: type: string readOnly: true ProxyProvider: - description: ProxyProvider Serializer required: - name - application @@ -16992,7 +16842,6 @@ definitions: Header. If not set, the user's Email address is used. type: string SAMLProvider: - description: SAMLProvider Serializer required: - name - application @@ -17114,7 +16963,6 @@ definitions: format: uuid x-nullable: true SAMLMetadata: - description: SAML Provider Metadata serializer type: object properties: metadata: @@ -17122,7 +16970,6 @@ definitions: type: string readOnly: true Link: - description: Links returned in Config API type: object properties: href: @@ -17136,7 +16983,6 @@ definitions: readOnly: true minLength: 1 Config: - description: Serialize authentik Config into DRF Object type: object properties: branding_logo: @@ -17150,7 +16996,6 @@ definitions: readOnly: true minLength: 1 ui_footer_links: - description: '' type: array items: $ref: '#/definitions/Link' @@ -17169,7 +17014,6 @@ definitions: type: boolean readOnly: true Source: - description: Source Serializer required: - name - slug @@ -17221,7 +17065,6 @@ definitions: type: string readOnly: true UserSetting: - description: Serializer for User settings for stages and sources required: - object_uid - component @@ -17241,7 +17084,6 @@ definitions: type: string minLength: 1 LDAPSource: - description: LDAP Source Serializer required: - name - slug @@ -17374,7 +17216,6 @@ definitions: format: uuid uniqueItems: true LDAPSourceSyncStatus: - description: LDAP Sync status type: object properties: last_sync: @@ -17383,7 +17224,6 @@ definitions: format: date-time readOnly: true OAuthSource: - description: OAuth Source Serializer required: - name - slug @@ -17482,7 +17322,6 @@ definitions: type: string readOnly: true UserOAuthSourceConnection: - description: OAuth Source Serializer required: - user - source @@ -17505,7 +17344,6 @@ definitions: maxLength: 255 minLength: 1 SAMLSource: - description: SAMLSource Serializer required: - name - slug @@ -17636,7 +17474,6 @@ definitions: type: string minLength: 1 AuthenticatorStaticStage: - description: AuthenticatorStaticStage Serializer required: - name type: object @@ -17663,7 +17500,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -17680,7 +17516,6 @@ definitions: maximum: 2147483647 minimum: -2147483648 AuthenticatorTOTPStage: - description: AuthenticatorTOTPStage Serializer required: - name - digits @@ -17708,7 +17543,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -17726,7 +17560,6 @@ definitions: - 6 - 8 AuthenticatorValidateStage: - description: AuthenticatorValidateStage Serializer required: - name type: object @@ -17753,7 +17586,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -17765,7 +17597,7 @@ definitions: - deny - configure device_classes: - description: '' + description: Device classes which can be used to authenticate type: array items: title: Device classes @@ -17780,7 +17612,6 @@ definitions: format: uuid x-nullable: true AuthenticateWebAuthnStage: - description: AuthenticateWebAuthnStage Serializer required: - name type: object @@ -17807,7 +17638,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -17819,7 +17649,6 @@ definitions: format: uuid x-nullable: true CaptchaStage: - description: CaptchaStage Serializer required: - name - public_key @@ -17848,7 +17677,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -17863,7 +17691,6 @@ definitions: type: string minLength: 1 ConsentStage: - description: ConsentStage Serializer required: - name type: object @@ -17890,7 +17717,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -17907,7 +17733,6 @@ definitions: type: string minLength: 1 DenyStage: - description: DenyStage Serializer required: - name type: object @@ -17934,12 +17759,10 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' DummyStage: - description: DummyStage Serializer required: - name type: object @@ -17966,12 +17789,10 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' EmailStage: - description: EmailStage Serializer required: - name type: object @@ -17998,7 +17819,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -18056,7 +17876,6 @@ definitions: - email/password_reset.html - email/account_confirmation.html IdentificationStage: - description: IdentificationStage Serializer required: - name - user_fields @@ -18084,12 +17903,12 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' user_fields: - description: '' + description: Fields of the user object to match against. (Hold shift to select + multiple options) type: array items: title: User fields @@ -18122,7 +17941,6 @@ definitions: format: uuid x-nullable: true Invitation: - description: Invitation Serializer type: object properties: pk: @@ -18140,7 +17958,6 @@ definitions: description: Optional fixed data to enforce on user enrollment. type: object created_by: - description: Custom User model to allow easier adding of user-based settings required: - password - username @@ -18210,20 +18027,8 @@ definitions: title: Attributes type: object groups: - description: '' type: array items: - description: Groups are a generic way of categorizing users to apply - permissions, or some other label, to those users. A user can belong - to any number of groups. A user in a group automatically has all the - permissions granted to that group. For example, if the group 'Site - editors' has the permission can_edit_home_page, any user in that group - will have that permission. Beyond permissions, groups are a convenient - way to categorize users to apply some label, or extended functionality, - to them. For example, you could create a group 'Special users', and - you could write code that would do special things to those users -- - such as giving them access to a members-only portion of your site, - or sending them members-only email messages. required: - name type: object @@ -18244,25 +18049,8 @@ definitions: uniqueItems: true readOnly: true user_permissions: - description: '' type: array items: - description: "The permissions system provides a way to assign permissions\ - \ to specific users and groups of users. The permission system is\ - \ used by the Django admin site, but may also be useful in your own\ - \ code. The Django admin site uses permissions as follows: - The \"\ - add\" permission limits the user's ability to view the \"add\" form\ - \ and add an object. - The \"change\" permission limits a user's ability\ - \ to view the change list, view the \"change\" form and change an\ - \ object. - The \"delete\" permission limits the ability to delete\ - \ an object. - The \"view\" permission limits the ability to view\ - \ an object. Permissions are set globally per type of object, not\ - \ per specific object instance. It is possible to say \"Mary may change\ - \ news stories,\" but it's not currently possible to say \"Mary may\ - \ change news stories, but only the ones she created herself\" or\ - \ \"Mary may only change news stories that have a certain status or\ - \ publication date.\" The permissions listed above are automatically\ - \ created for each model." required: - name - codename @@ -18288,11 +18076,8 @@ definitions: type: integer readOnly: true sources: - description: '' type: array items: - description: Base Authentication source, i.e. an OAuth Provider, SAML - Remote or LDAP Server required: - name - slug @@ -18346,10 +18131,8 @@ definitions: uniqueItems: true readOnly: true ak_groups: - description: '' type: array items: - description: Custom Group model which supports a basic hierarchy required: - name - parent @@ -18376,10 +18159,10 @@ definitions: title: Parent type: string format: uuid + x-nullable: true readOnly: true readOnly: true InvitationStage: - description: InvitationStage Serializer required: - name type: object @@ -18406,7 +18189,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -18417,7 +18199,6 @@ definitions: no invitation is given. type: boolean PasswordStage: - description: PasswordStage Serializer required: - name - backends @@ -18445,12 +18226,11 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' backends: - description: '' + description: Selection of backends to test the password against. type: array items: title: Backends @@ -18471,7 +18251,6 @@ definitions: maximum: 2147483647 minimum: -2147483648 Prompt: - description: Prompt Serializer required: - field_key - label @@ -18522,12 +18301,10 @@ definitions: maximum: 2147483647 minimum: -2147483648 promptstage_set: - description: '' type: array items: $ref: '#/definitions/Stage' PromptStage: - description: PromptStage Serializer required: - name - fields @@ -18555,7 +18332,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -18572,7 +18348,6 @@ definitions: format: uuid uniqueItems: true UserDeleteStage: - description: UserDeleteStage Serializer required: - name type: object @@ -18599,12 +18374,10 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' UserLoginStage: - description: UserLoginStage Serializer required: - name type: object @@ -18631,7 +18404,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' @@ -18642,7 +18414,6 @@ definitions: type: string minLength: 1 UserLogoutStage: - description: UserLogoutStage Serializer required: - name type: object @@ -18669,12 +18440,10 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' UserWriteStage: - description: UserWriteStage Serializer required: - name type: object @@ -18701,7 +18470,6 @@ definitions: type: string readOnly: true flow_set: - description: '' type: array items: $ref: '#/definitions/Flow' diff --git a/web/src/api/legacy.ts b/web/src/api/legacy.ts index f433d0b6e..f9f2db98e 100644 --- a/web/src/api/legacy.ts +++ b/web/src/api/legacy.ts @@ -56,10 +56,6 @@ export class AdminURLManager { return `/administration/tokens/${rest}`; } - static eventRules(rest: string): string { - return `/administration/events/rules/${rest}`; - } - } export class UserURLManager { From 657b0089b162490c6124e4d63abc12b27d612a43 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 21:16:13 +0200 Subject: [PATCH 41/60] core: add set_icon operation to applications API to set icon Signed-off-by: Jens Langhammer --- authentik/core/api/applications.py | 34 ++++++++++++++++++++++++++++- swagger.yaml | 35 ++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py index c9fbc8430..fd2e1f0c5 100644 --- a/authentik/core/api/applications.py +++ b/authentik/core/api/applications.py @@ -1,9 +1,12 @@ """Application API Views""" from django.core.cache import cache from django.db.models import QuerySet -from drf_yasg.utils import swagger_auto_schema +from django.http.response import HttpResponseBadRequest +from drf_yasg import openapi +from drf_yasg.utils import no_body, swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import SerializerMethodField +from rest_framework.parsers import MultiPartParser from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ModelSerializer @@ -107,6 +110,35 @@ class ApplicationViewSet(ModelViewSet): serializer = self.get_serializer(allowed_applications, many=True) return self.get_paginated_response(serializer.data) + @permission_required("authentik_core.change_application") + @swagger_auto_schema( + request_body=no_body, + manual_parameters=[ + openapi.Parameter( + name="file", + in_=openapi.IN_FORM, + type=openapi.TYPE_FILE, + required=True, + ) + ], + ) + @action(detail=True, methods=["POST"], parser_classes=(MultiPartParser,)) + # pylint: disable=unused-argument + def set_icon(self, request: Request, slug: str): + """Set application icon""" + app: Application = self.get_object() + icon = request.FILES.get("file", None) + if not icon: + return HttpResponseBadRequest() + app.meta_icon = icon + app.save() + return Response( + get_events_per_1h( + action=EventAction.AUTHORIZE_APPLICATION, + context__authorized_application__pk=app.pk.hex, + ) + ) + @permission_required( "authentik_core.view_application", ["authentik_events.view_event"] ) diff --git a/swagger.yaml b/swagger.yaml index 2ed98d16c..9d6640710 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -1330,6 +1330,41 @@ paths: type: string format: slug pattern: ^[-a-zA-Z0-9_]+$ + /core/applications/{slug}/set_icon/: + post: + operationId: core_applications_set_icon + description: Set application icon + parameters: + - name: file + in: formData + required: true + type: file + responses: + '201': + description: '' + schema: + $ref: '#/definitions/Application' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' + consumes: + - multipart/form-data + tags: + - core + parameters: + - name: slug + in: path + description: Internal application name, used in URLs. + required: true + type: string + format: slug + pattern: ^[-a-zA-Z0-9_]+$ /core/groups/: get: operationId: core_groups_list From 03ff495011221489a736be66f7ce51de3f8fcaa1 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 21:29:27 +0200 Subject: [PATCH 42/60] web/admin: migrate application form to web Signed-off-by: Jens Langhammer --- authentik/admin/urls.py | 12 -- authentik/admin/views/applications.py | 66 ---------- authentik/core/api/applications.py | 8 +- authentik/core/forms/applications.py | 50 ------- swagger.yaml | 6 +- web/src/api/legacy.ts | 4 - web/src/elements/buttons/ModalButton.ts | 7 + web/src/elements/forms/Form.ts | 34 +++++ web/src/elements/forms/ModalForm.ts | 1 + web/src/pages/applications/ApplicationForm.ts | 124 ++++++++++++++++++ .../pages/applications/ApplicationListPage.ts | 44 ++++--- web/src/pages/events/RuleListPage.ts | 1 - .../providers/RelatedApplicationButton.ts | 30 +++-- 13 files changed, 221 insertions(+), 166 deletions(-) delete mode 100644 authentik/admin/views/applications.py delete mode 100644 authentik/core/forms/applications.py create mode 100644 web/src/pages/applications/ApplicationForm.ts diff --git a/authentik/admin/urls.py b/authentik/admin/urls.py index fa2233539..03ae5b98f 100644 --- a/authentik/admin/urls.py +++ b/authentik/admin/urls.py @@ -2,7 +2,6 @@ from django.urls import path from authentik.admin.views import ( - applications, flows, outposts, outposts_service_connections, @@ -19,17 +18,6 @@ from authentik.admin.views import ( from authentik.providers.saml.views.metadata import MetadataImportView urlpatterns = [ - # Applications - path( - "applications/create/", - applications.ApplicationCreateView.as_view(), - name="application-create", - ), - path( - "applications//update/", - applications.ApplicationUpdateView.as_view(), - name="application-update", - ), # Sources path("sources/create/", sources.SourceCreateView.as_view(), name="source-create"), path( diff --git a/authentik/admin/views/applications.py b/authentik/admin/views/applications.py deleted file mode 100644 index 450e2e2d9..000000000 --- a/authentik/admin/views/applications.py +++ /dev/null @@ -1,66 +0,0 @@ -"""authentik Application administration""" -from typing import Any - -from django.contrib.auth.mixins import LoginRequiredMixin -from django.contrib.auth.mixins import ( - PermissionRequiredMixin as DjangoPermissionRequiredMixin, -) -from django.contrib.messages.views import SuccessMessageMixin -from django.utils.translation import gettext as _ -from django.views.generic import UpdateView -from guardian.mixins import PermissionRequiredMixin -from guardian.shortcuts import get_objects_for_user - -from authentik.core.forms.applications import ApplicationForm -from authentik.core.models import Application -from authentik.lib.views import CreateAssignPermView - - -class ApplicationCreateView( - SuccessMessageMixin, - LoginRequiredMixin, - DjangoPermissionRequiredMixin, - CreateAssignPermView, -): - """Create new Application""" - - model = Application - form_class = ApplicationForm - permission_required = "authentik_core.add_application" - - success_url = "/" - template_name = "generic/create.html" - success_message = _("Successfully created Application") - - def get_initial(self) -> dict[str, Any]: - if "provider" in self.request.GET: - try: - initial_provider_pk = int(self.request.GET["provider"]) - except ValueError: - return super().get_initial() - providers = ( - get_objects_for_user(self.request.user, "authentik_core.view_provider") - .filter(pk=initial_provider_pk) - .select_subclasses() - ) - if not providers.exists(): - return {} - return {"provider": providers.first()} - return super().get_initial() - - -class ApplicationUpdateView( - SuccessMessageMixin, - LoginRequiredMixin, - PermissionRequiredMixin, - UpdateView, -): - """Update application""" - - model = Application - form_class = ApplicationForm - permission_required = "authentik_core.change_application" - - success_url = "/" - template_name = "generic/update.html" - success_message = _("Successfully updated Application") diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py index fd2e1f0c5..784497bd0 100644 --- a/authentik/core/api/applications.py +++ b/authentik/core/api/applications.py @@ -121,6 +121,7 @@ class ApplicationViewSet(ModelViewSet): required=True, ) ], + responses={200: "Success"}, ) @action(detail=True, methods=["POST"], parser_classes=(MultiPartParser,)) # pylint: disable=unused-argument @@ -132,12 +133,7 @@ class ApplicationViewSet(ModelViewSet): return HttpResponseBadRequest() app.meta_icon = icon app.save() - return Response( - get_events_per_1h( - action=EventAction.AUTHORIZE_APPLICATION, - context__authorized_application__pk=app.pk.hex, - ) - ) + return Response({}) @permission_required( "authentik_core.view_application", ["authentik_events.view_event"] diff --git a/authentik/core/forms/applications.py b/authentik/core/forms/applications.py deleted file mode 100644 index 94bbfdfb9..000000000 --- a/authentik/core/forms/applications.py +++ /dev/null @@ -1,50 +0,0 @@ -"""authentik Core Application forms""" -from django import forms -from django.utils.translation import gettext_lazy as _ - -from authentik.core.models import Application, Provider -from authentik.lib.widgets import GroupedModelChoiceField - - -class ApplicationForm(forms.ModelForm): - """Application Form""" - - def __init__(self, *args, **kwargs): # pragma: no cover - super().__init__(*args, **kwargs) - self.fields["provider"].queryset = ( - Provider.objects.all().order_by("name").select_subclasses() - ) - - class Meta: - - model = Application - fields = [ - "name", - "slug", - "provider", - "meta_launch_url", - "meta_icon", - "meta_description", - "meta_publisher", - ] - widgets = { - "name": forms.TextInput(), - "meta_launch_url": forms.TextInput(), - "meta_publisher": forms.TextInput(), - "meta_icon": forms.FileInput(), - } - help_texts = { - "meta_launch_url": _( - ( - "If left empty, authentik will try to extract the launch URL " - "based on the selected provider." - ) - ), - } - field_classes = {"provider": GroupedModelChoiceField} - labels = { - "meta_launch_url": _("Launch URL"), - "meta_icon": _("Icon"), - "meta_description": _("Description"), - "meta_publisher": _("Publisher"), - } diff --git a/swagger.yaml b/swagger.yaml index 9d6640710..67f33b81a 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -1340,10 +1340,8 @@ paths: required: true type: file responses: - '201': - description: '' - schema: - $ref: '#/definitions/Application' + '200': + description: Success '403': description: Authentication credentials were invalid, absent or insufficient. schema: diff --git a/web/src/api/legacy.ts b/web/src/api/legacy.ts index f9f2db98e..ae8462b14 100644 --- a/web/src/api/legacy.ts +++ b/web/src/api/legacy.ts @@ -1,9 +1,5 @@ export class AdminURLManager { - static applications(rest: string): string { - return `/administration/applications/${rest}`; - } - static policies(rest: string): string { return `/administration/policies/${rest}`; } diff --git a/web/src/elements/buttons/ModalButton.ts b/web/src/elements/buttons/ModalButton.ts index a19029d88..c76e10a96 100644 --- a/web/src/elements/buttons/ModalButton.ts +++ b/web/src/elements/buttons/ModalButton.ts @@ -54,11 +54,18 @@ export class ModalButton extends LitElement { super(); window.addEventListener("keyup", (e) => { if (e.code === "Escape") { + this.resetForms(); this.open = false; } }); } + resetForms(): void { + this.querySelectorAll("[slot=form]").forEach(form => { + form.reset(); + }); + } + updateHandlers(): void { // Ensure links close the modal this.shadowRoot?.querySelectorAll("a").forEach((a) => { diff --git a/web/src/elements/forms/Form.ts b/web/src/elements/forms/Form.ts index d4e267aed..c0fae4c54 100644 --- a/web/src/elements/forms/Form.ts +++ b/web/src/elements/forms/Form.ts @@ -43,6 +43,40 @@ export class Form extends LitElement { return this.successMessage; } + /** + * Reset the inner iron-form + */ + reset(): void { + const ironForm = this.shadowRoot?.querySelector("iron-form"); + if (!ironForm) { + return; + } + ironForm.reset(); + } + + /** + * If this form contains a file input, and the input as been filled, this function returns + * said file. + * @returns File object or undefined + */ + getFormFile(): File | undefined { + const ironForm = this.shadowRoot?.querySelector("iron-form"); + if (!ironForm) { + return; + } + const elements = ironForm._getSubmittableElements(); + for (let i = 0; i < elements.length; i++) { + const element = elements[i] as HTMLInputElement; + if (element.tagName.toLowerCase() === "input" && element.type === "file") { + if ((element.files || []).length < 1) { + continue; + } + // We already checked the length + return (element.files || [])[0]; + } + } + } + serializeForm(form: IronFormElement): T { const elements = form._getSubmittableElements(); const json: { [key: string]: unknown } = {}; diff --git a/web/src/elements/forms/ModalForm.ts b/web/src/elements/forms/ModalForm.ts index fd26b0f6a..b3d21bb5e 100644 --- a/web/src/elements/forms/ModalForm.ts +++ b/web/src/elements/forms/ModalForm.ts @@ -15,6 +15,7 @@ export class ModalForm extends ModalButton { } formPromise.then(() => { this.open = false; + form.reset(); this.dispatchEvent( new CustomEvent(EVENT_REFRESH, { bubbles: true, diff --git a/web/src/pages/applications/ApplicationForm.ts b/web/src/pages/applications/ApplicationForm.ts new file mode 100644 index 000000000..7806daa61 --- /dev/null +++ b/web/src/pages/applications/ApplicationForm.ts @@ -0,0 +1,124 @@ +import { CoreApi, Application, ProvidersApi, Provider } from "authentik-api"; +import { gettext } from "django"; +import { customElement, property } from "lit-element"; +import { html, TemplateResult } from "lit-html"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { Form } from "../../elements/forms/Form"; +import { until } from "lit-html/directives/until"; +import { ifDefined } from "lit-html/directives/if-defined"; +import "../../elements/forms/HorizontalFormElement"; +import "../../elements/CodeMirror"; + +@customElement("ak-application-form") +export class ApplicationForm extends Form { + + @property({ attribute: false }) + application?: Application; + + @property({ attribute: false }) + provider?: number; + + getSuccessMessage(): string { + if (this.application) { + return gettext("Successfully updated application."); + } else { + return gettext("Successfully created application."); + } + } + + send = (data: Application): Promise => { + let writeOp: Promise; + if (this.application) { + writeOp = new CoreApi(DEFAULT_CONFIG).coreApplicationsUpdate({ + slug: this.application.slug, + data: data + }); + } else { + writeOp = new CoreApi(DEFAULT_CONFIG).coreApplicationsCreate({ + data: data + }); + } + const icon = this.getFormFile(); + if (icon) { + return writeOp.then(app => { + return new CoreApi(DEFAULT_CONFIG).coreApplicationsSetIcon({ + slug: app.slug, + file: icon + }); + }); + } + return writeOp; + }; + + groupProviders(providers: Provider[]): TemplateResult { + const m = new Map(); + providers.forEach(p => { + if (!m.has(p.verboseName || "")) { + m.set(p.verboseName || "", []); + } + const tProviders = m.get(p.verboseName || "") || []; + tProviders.push(p); + }); + return html` + ${Array.from(m).map(([group, providers]) => { + return html` + ${providers.map(p => { + const selected = (this.application?.provider?.pk === p.pk) || (this.provider === p.pk) + return html``; + })} + `; + })} + `; + } + + renderForm(): TemplateResult { + return html`
+ + +

${gettext("Application's display Name.")}

+ + + +

${gettext("Internal application name, used in URLs.")}

+ + + + + + +

${gettext("If left empty, authentik will try to extract the launch URL based on the selected provider.")}

+ + + + + + + + + + +
`; + } + +} diff --git a/web/src/pages/applications/ApplicationListPage.ts b/web/src/pages/applications/ApplicationListPage.ts index 6caa469fb..5d457b5c2 100644 --- a/web/src/pages/applications/ApplicationListPage.ts +++ b/web/src/pages/applications/ApplicationListPage.ts @@ -1,17 +1,17 @@ import { gettext } from "django"; import { css, CSSResult, customElement, html, property, TemplateResult } from "lit-element"; +import PFAvatar from "@patternfly/patternfly/components/Avatar/avatar.css"; import { AKResponse } from "../../api/Client"; import { TablePage } from "../../elements/table/TablePage"; -import "../../elements/buttons/ModalButton"; +import "../../elements/forms/ModalForm"; import "../../elements/forms/DeleteForm"; import "../../elements/buttons/SpinnerButton"; import { TableColumn } from "../../elements/table/Table"; import { PAGE_SIZE } from "../../constants"; import { Application, CoreApi } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; -import { AdminURLManager } from "../../api/legacy"; -import PFAvatar from "@patternfly/patternfly/components/Avatar/avatar.css"; +import "./ApplicationForm"; @customElement("ak-application-list") export class ApplicationListPage extends TablePage { @@ -74,15 +74,22 @@ export class ApplicationListPage extends TablePage { ${item.metaPublisher ? html`${item.metaPublisher}` : html``} `, html`${item.slug}`, - html`${item.provider?.name}`, - html`${item.provider?.verboseName}`, + html`${item.provider?.name || "-"}`, + html`${item.provider?.verboseName || "-"}`, html` - - + + + ${gettext("Update")} + + + ${gettext("Update Application")} + + + + + { renderToolbar(): TemplateResult { return html` - - + + ${gettext("Create")} - -
- + + + ${gettext("Create Application")} + + + + + ${super.renderToolbar()} `; } diff --git a/web/src/pages/events/RuleListPage.ts b/web/src/pages/events/RuleListPage.ts index e3f00d248..15cb27f4b 100644 --- a/web/src/pages/events/RuleListPage.ts +++ b/web/src/pages/events/RuleListPage.ts @@ -10,7 +10,6 @@ import { TableColumn } from "../../elements/table/Table"; import { PAGE_SIZE } from "../../constants"; import { EventsApi, NotificationRule } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; -import { AdminURLManager } from "../../api/legacy"; import "../../elements/forms/DeleteForm"; import "./RuleForm"; diff --git a/web/src/pages/providers/RelatedApplicationButton.ts b/web/src/pages/providers/RelatedApplicationButton.ts index 77f1dd1d7..17733380d 100644 --- a/web/src/pages/providers/RelatedApplicationButton.ts +++ b/web/src/pages/providers/RelatedApplicationButton.ts @@ -1,14 +1,21 @@ import { gettext } from "django"; -import { customElement, html, LitElement, property, TemplateResult } from "lit-element"; +import { CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element"; import { Provider } from "authentik-api"; -import { AdminURLManager } from "../../api/legacy"; +import PFBase from "@patternfly/patternfly/patternfly-base.css"; +import PFButton from "@patternfly/patternfly/components/Button/button.css"; import "../../elements/buttons/ModalButton"; import "../../elements/Spinner"; +import "../../elements/forms/ModalForm"; +import "../../pages/applications/ApplicationForm"; @customElement("ak-provider-related-application") export class RelatedApplicationButton extends LitElement { + static get styles(): CSSResult[] { + return [PFBase, PFButton]; + } + @property({attribute: false}) provider?: Provider; @@ -18,12 +25,19 @@ export class RelatedApplicationButton extends LitElement { ${this.provider.assignedApplicationName} `; } - return html` - - ${gettext("Create")} - -
- `; + return html` + + ${gettext("Create")} + + + ${gettext("Create Application")} + + + + + `; } } From a09481dea2e4ea9b8bb8a5939df8a64c5b826aaa Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 21:40:08 +0200 Subject: [PATCH 43/60] flows: add API to set background image Signed-off-by: Jens Langhammer --- authentik/flows/api/flows.py | 28 +++++++++++++++++++++++++++- swagger.yaml | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/authentik/flows/api/flows.py b/authentik/flows/api/flows.py index 58bc76d02..bf541b13c 100644 --- a/authentik/flows/api/flows.py +++ b/authentik/flows/api/flows.py @@ -3,11 +3,12 @@ from dataclasses import dataclass from django.core.cache import cache from django.db.models import Model -from django.http.response import JsonResponse +from django.http.response import HttpResponseBadRequest, JsonResponse from drf_yasg import openapi from drf_yasg.utils import no_body, swagger_auto_schema from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action +from rest_framework.parsers import MultiPartParser from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ( @@ -194,3 +195,28 @@ class FlowViewSet(ModelViewSet): ) diagram = "\n".join([str(x) for x in header + body + footer]) return Response({"diagram": diagram}) + + @permission_required("authentik_flows.change_flow") + @swagger_auto_schema( + request_body=no_body, + manual_parameters=[ + openapi.Parameter( + name="file", + in_=openapi.IN_FORM, + type=openapi.TYPE_FILE, + required=True, + ) + ], + responses={200: "Success"}, + ) + @action(detail=True, methods=["POST"], parser_classes=(MultiPartParser,)) + # pylint: disable=unused-argument + def set_background(self, request: Request, slug: str): + """Set Flow background""" + app: Flow = self.get_object() + icon = request.FILES.get("file", None) + if not icon: + return HttpResponseBadRequest() + app.background = icon + app.save() + return Response({}) diff --git a/swagger.yaml b/swagger.yaml index 67f33b81a..ea5f770bc 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -4062,6 +4062,39 @@ paths: type: string format: slug pattern: ^[-a-zA-Z0-9_]+$ + /flows/instances/{slug}/set_background/: + post: + operationId: flows_instances_set_background + description: Set Flow background + parameters: + - name: file + in: formData + required: true + type: file + responses: + '200': + description: Success + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' + consumes: + - multipart/form-data + tags: + - flows + parameters: + - name: slug + in: path + description: Visible in the URL. + required: true + type: string + format: slug + pattern: ^[-a-zA-Z0-9_]+$ /oauth2/authorization_codes/: get: operationId: oauth2_authorization_codes_list From 3a2f285a872b2313d9bfe508fc3160ee19ca4236 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 21:55:00 +0200 Subject: [PATCH 44/60] flows: add API to debug-execute a flow and import flow Signed-off-by: Jens Langhammer --- .../templates/administration/flow/import.html | 13 --- authentik/admin/urls.py | 22 ---- authentik/admin/views/flows.py | 108 ------------------ authentik/api/v2/config.py | 4 +- authentik/core/api/users.py | 15 +-- authentik/core/api/utils.py | 12 ++ authentik/flows/api/flows.py | 102 ++++++++++++++++- authentik/flows/forms.py | 44 +------ swagger.yaml | 60 +++++++++- web/src/pages/applications/ApplicationForm.ts | 2 +- 10 files changed, 170 insertions(+), 212 deletions(-) delete mode 100644 authentik/admin/templates/administration/flow/import.html delete mode 100644 authentik/admin/views/flows.py diff --git a/authentik/admin/templates/administration/flow/import.html b/authentik/admin/templates/administration/flow/import.html deleted file mode 100644 index 14eca092a..000000000 --- a/authentik/admin/templates/administration/flow/import.html +++ /dev/null @@ -1,13 +0,0 @@ -{% extends base_template|default:"generic/form.html" %} - -{% load i18n %} - -{% block above_form %} -

-{% trans 'Import Flow' %} -

-{% endblock %} - -{% block action %} -{% trans 'Import Flow' %} -{% endblock %} diff --git a/authentik/admin/urls.py b/authentik/admin/urls.py index 03ae5b98f..6402e6efa 100644 --- a/authentik/admin/urls.py +++ b/authentik/admin/urls.py @@ -2,7 +2,6 @@ from django.urls import path from authentik.admin.views import ( - flows, outposts, outposts_service_connections, policies, @@ -99,27 +98,6 @@ urlpatterns = [ stages_invitations.InvitationCreateView.as_view(), name="stage-invitation-create", ), - # Flows - path( - "flows/create/", - flows.FlowCreateView.as_view(), - name="flow-create", - ), - path( - "flows/import/", - flows.FlowImportView.as_view(), - name="flow-import", - ), - path( - "flows//update/", - flows.FlowUpdateView.as_view(), - name="flow-update", - ), - path( - "flows//execute/", - flows.FlowDebugExecuteView.as_view(), - name="flow-execute", - ), # Property Mappings path( "property-mappings/create/", diff --git a/authentik/admin/views/flows.py b/authentik/admin/views/flows.py deleted file mode 100644 index 01d1b54fa..000000000 --- a/authentik/admin/views/flows.py +++ /dev/null @@ -1,108 +0,0 @@ -"""authentik Flow administration""" -from django.contrib import messages -from django.contrib.auth.mixins import LoginRequiredMixin -from django.contrib.auth.mixins import ( - PermissionRequiredMixin as DjangoPermissionRequiredMixin, -) -from django.contrib.messages.views import SuccessMessageMixin -from django.http import HttpRequest, HttpResponse -from django.urls import reverse_lazy -from django.utils.translation import gettext as _ -from django.views.generic import DetailView, FormView, UpdateView -from guardian.mixins import PermissionRequiredMixin - -from authentik.flows.exceptions import FlowNonApplicableException -from authentik.flows.forms import FlowForm, FlowImportForm -from authentik.flows.models import Flow -from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER -from authentik.flows.transfer.importer import FlowImporter -from authentik.flows.views import SESSION_KEY_PLAN, FlowPlanner -from authentik.lib.utils.urls import redirect_with_qs -from authentik.lib.views import CreateAssignPermView, bad_request_message - - -class FlowCreateView( - SuccessMessageMixin, - LoginRequiredMixin, - DjangoPermissionRequiredMixin, - CreateAssignPermView, -): - """Create new Flow""" - - model = Flow - form_class = FlowForm - permission_required = "authentik_flows.add_flow" - - template_name = "generic/create.html" - success_url = reverse_lazy("authentik_core:if-admin") - success_message = _("Successfully created Flow") - - -class FlowUpdateView( - SuccessMessageMixin, - LoginRequiredMixin, - PermissionRequiredMixin, - UpdateView, -): - """Update flow""" - - model = Flow - form_class = FlowForm - permission_required = "authentik_flows.change_flow" - - template_name = "generic/update.html" - success_url = reverse_lazy("authentik_core:if-admin") - success_message = _("Successfully updated Flow") - - -class FlowDebugExecuteView(LoginRequiredMixin, PermissionRequiredMixin, DetailView): - """Debug exectue flow, setting the current user as pending user""" - - model = Flow - permission_required = "authentik_flows.view_flow" - - # pylint: disable=unused-argument - def get(self, request: HttpRequest, pk: str) -> HttpResponse: - """Debug exectue flow, setting the current user as pending user""" - flow: Flow = self.get_object() - planner = FlowPlanner(flow) - planner.use_cache = False - try: - plan = planner.plan(self.request, {PLAN_CONTEXT_PENDING_USER: request.user}) - self.request.session[SESSION_KEY_PLAN] = plan - except FlowNonApplicableException as exc: - return bad_request_message( - request, - _( - "Flow not applicable to current user/request: %(messages)s" - % {"messages": str(exc)} - ), - ) - return redirect_with_qs( - "authentik_core:if-flow", - self.request.GET, - flow_slug=flow.slug, - ) - - -class FlowImportView(LoginRequiredMixin, FormView): - """Import flow from JSON Export; only allowed for superusers - as these flows can contain python code""" - - form_class = FlowImportForm - template_name = "administration/flow/import.html" - success_url = reverse_lazy("authentik_core:if-admin") - - def dispatch(self, request, *args, **kwargs): - if not request.user.is_superuser: - return self.handle_no_permission() - return super().dispatch(request, *args, **kwargs) - - def form_valid(self, form: FlowImportForm) -> HttpResponse: - importer = FlowImporter(form.cleaned_data["flow"].read().decode()) - successful = importer.apply() - if not successful: - messages.error(self.request, _("Failed to import flow.")) - else: - messages.success(self.request, _("Successfully imported flow.")) - return super().form_valid(form) diff --git a/authentik/api/v2/config.py b/authentik/api/v2/config.py index e878f024e..858f7f5e2 100644 --- a/authentik/api/v2/config.py +++ b/authentik/api/v2/config.py @@ -11,7 +11,7 @@ from rest_framework.viewsets import ViewSet from authentik.lib.config import CONFIG -class LinkSerializer(Serializer): +class FooterLinkSerializer(Serializer): """Links returned in Config API""" href = CharField(read_only=True) @@ -29,7 +29,7 @@ class ConfigSerializer(Serializer): branding_logo = CharField(read_only=True) branding_title = CharField(read_only=True) - ui_footer_links = ListField(child=LinkSerializer(), read_only=True) + ui_footer_links = ListField(child=FooterLinkSerializer(), read_only=True) error_reporting_enabled = BooleanField(read_only=True) error_reporting_environment = CharField(read_only=True) diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index 1584a6c50..396b8f390 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -13,6 +13,7 @@ from rest_framework.viewsets import ModelViewSet from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h from authentik.api.decorators import permission_required +from authentik.core.api.utils import LinkSerializer from authentik.core.middleware import ( SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER, @@ -57,18 +58,6 @@ class SessionUserSerializer(Serializer): raise NotImplementedError -class UserRecoverySerializer(Serializer): - """Recovery link for a user to reset their password""" - - link = CharField() - - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - class UserMetricsSerializer(Serializer): """User Metrics""" @@ -142,7 +131,7 @@ class UserViewSet(ModelViewSet): @permission_required("authentik_core.reset_user_password") @swagger_auto_schema( - responses={"200": UserRecoverySerializer(many=False)}, + responses={"200": LinkSerializer(many=False)}, ) @action(detail=True) # pylint: disable=invalid-name, unused-argument diff --git a/authentik/core/api/utils.py b/authentik/core/api/utils.py index 438efa2df..5b39c0cc4 100644 --- a/authentik/core/api/utils.py +++ b/authentik/core/api/utils.py @@ -49,3 +49,15 @@ class CacheSerializer(Serializer): def update(self, instance: Model, validated_data: dict) -> Model: raise NotImplementedError + + +class LinkSerializer(Serializer): + """Returns a single link""" + + link = CharField() + + def create(self, validated_data: dict) -> Model: + raise NotImplementedError + + def update(self, instance: Model, validated_data: dict) -> Model: + raise NotImplementedError diff --git a/authentik/flows/api/flows.py b/authentik/flows/api/flows.py index bf541b13c..c27878e9a 100644 --- a/authentik/flows/api/flows.py +++ b/authentik/flows/api/flows.py @@ -4,6 +4,8 @@ from dataclasses import dataclass from django.core.cache import cache from django.db.models import Model from django.http.response import HttpResponseBadRequest, JsonResponse +from django.urls import reverse +from django.utils.translation import gettext as _ from drf_yasg import openapi from drf_yasg.utils import no_body, swagger_auto_schema from guardian.shortcuts import get_objects_for_user @@ -21,11 +23,16 @@ from rest_framework.viewsets import ModelViewSet from structlog.stdlib import get_logger from authentik.api.decorators import permission_required -from authentik.core.api.utils import CacheSerializer +from authentik.core.api.utils import CacheSerializer, LinkSerializer +from authentik.flows.exceptions import FlowNonApplicableException from authentik.flows.models import Flow -from authentik.flows.planner import cache_key +from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner, cache_key from authentik.flows.transfer.common import DataclassEncoder from authentik.flows.transfer.exporter import FlowExporter +from authentik.flows.transfer.importer import FlowImporter +from authentik.flows.views import SESSION_KEY_PLAN +from authentik.lib.utils.urls import redirect_with_qs +from authentik.lib.views import bad_request_message LOGGER = get_logger() @@ -57,7 +64,7 @@ class FlowSerializer(ModelSerializer): class FlowDiagramSerializer(Serializer): - """response of the flow's /diagram/ action""" + """response of the flow's diagram action""" diagram = CharField(read_only=True) @@ -89,14 +96,14 @@ class FlowViewSet(ModelViewSet): search_fields = ["name", "slug", "designation", "title"] filterset_fields = ["flow_uuid", "name", "slug", "designation"] - @permission_required("authentik_flows.view_flow_cache") + @permission_required(None, ["authentik_flows.view_flow_cache"]) @swagger_auto_schema(responses={200: CacheSerializer(many=False)}) @action(detail=False) def cache_info(self, request: Request) -> Response: """Info about cached flows""" return Response(data={"count": len(cache.keys("flow_*"))}) - @permission_required("authentik_flows.clear_flow_cache") + @permission_required(None, ["authentik_flows.clear_flow_cache"]) @swagger_auto_schema( request_body=no_body, responses={204: "Successfully cleared cache", 400: "Bad request"}, @@ -109,7 +116,61 @@ class FlowViewSet(ModelViewSet): LOGGER.debug("Cleared flow cache", keys=len(keys)) return Response(status=204) - @permission_required("authentik_flows.export_flow") + @permission_required( + None, + [ + "authentik_flows.add_flow", + "authentik_flows.change_flow", + "authentik_flows.add_flowstagebinding", + "authentik_flows.change_flowstagebinding", + "authentik_flows.add_stage", + "authentik_flows.change_stage", + "authentik_policies.add_policy", + "authentik_policies.change_policy", + "authentik_policies.add_policybinding", + "authentik_policies.change_policybinding", + "authentik_stages_prompt.add_prompt", + "authentik_stages_prompt.change_prompt", + ], + ) + @swagger_auto_schema( + request_body=no_body, + manual_parameters=[ + openapi.Parameter( + name="file", + in_=openapi.IN_FORM, + type=openapi.TYPE_FILE, + required=True, + ) + ], + responses={204: "Successfully imported flow", 400: "Bad request"}, + ) + @action(detail=False, methods=["POST"], parser_classes=(MultiPartParser,)) + def import_flow(self, request: Request) -> Response: + """Import flow from .akflow file""" + file = request.FILES.get("file", None) + if not file: + return HttpResponseBadRequest() + importer = FlowImporter(file.read().decode()) + valid = importer.validate() + if not valid: + return HttpResponseBadRequest() + successful = importer.apply() + if not successful: + return Response(status=204) + return HttpResponseBadRequest() + + @permission_required( + "authentik_flows.export_flow", + [ + "authentik_flows.view_flow", + "authentik_flows.view_flowstagebinding", + "authentik_flows.view_stage", + "authentik_policies.view_policy", + "authentik_policies.view_policybinding", + "authentik_stages_prompt.view_prompt", + ], + ) @swagger_auto_schema( responses={ "200": openapi.Response( @@ -220,3 +281,32 @@ class FlowViewSet(ModelViewSet): app.background = icon app.save() return Response({}) + + @swagger_auto_schema( + responses={200: LinkSerializer(many=False)}, + ) + @action(detail=True) + # pylint: disable=unused-argument + def execute(self, request: Request, slug: str): + """Execute flow for current user""" + flow: Flow = self.get_object() + planner = FlowPlanner(flow) + planner.use_cache = False + try: + plan = planner.plan(self.request, {PLAN_CONTEXT_PENDING_USER: request.user}) + self.request.session[SESSION_KEY_PLAN] = plan + except FlowNonApplicableException as exc: + return bad_request_message( + request, + _( + "Flow not applicable to current user/request: %(messages)s" + % {"messages": str(exc)} + ), + ) + return Response( + { + "link": request._request.build_absolute_uri( + reverse("authentik_core:if-flow", kwargs={"flow_slug": flow.slug}) + ) + } + ) diff --git a/authentik/flows/forms.py b/authentik/flows/forms.py index 2e8ca9d14..f8082aa67 100644 --- a/authentik/flows/forms.py +++ b/authentik/flows/forms.py @@ -1,35 +1,10 @@ """Flow and Stage forms""" - from django import forms -from django.core.validators import FileExtensionValidator -from django.forms import ValidationError -from django.utils.translation import gettext_lazy as _ -from authentik.flows.models import Flow, FlowStageBinding, Stage -from authentik.flows.transfer.importer import FlowImporter +from authentik.flows.models import FlowStageBinding, Stage from authentik.lib.widgets import GroupedModelChoiceField -class FlowForm(forms.ModelForm): - """Flow Form""" - - class Meta: - - model = Flow - fields = [ - "name", - "title", - "slug", - "designation", - "background", - ] - widgets = { - "name": forms.TextInput(), - "title": forms.TextInput(), - "background": forms.FileInput(), - } - - class FlowStageBindingForm(forms.ModelForm): """FlowStageBinding Form""" @@ -56,20 +31,3 @@ class FlowStageBindingForm(forms.ModelForm): widgets = { "name": forms.TextInput(), } - - -class FlowImportForm(forms.Form): - """Form used for flow importing""" - - flow = forms.FileField( - validators=[FileExtensionValidator(allowed_extensions=["akflow"])] - ) - - def clean_flow(self): - """Check if the flow is valid and rewind the file to the start""" - flow = self.cleaned_data["flow"].read() - valid = FlowImporter(flow.decode()).validate() - if not valid: - raise ValidationError(_("Flow invalid.")) - self.cleaned_data["flow"].seek(0) - return self.cleaned_data["flow"] diff --git a/swagger.yaml b/swagger.yaml index ea5f770bc..6acf37ae3 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -2267,7 +2267,7 @@ paths: '200': description: '' schema: - $ref: '#/definitions/UserRecovery' + $ref: '#/definitions/Link' '403': description: Authentication credentials were invalid, absent or insufficient. schema: @@ -3898,6 +3898,29 @@ paths: tags: - flows parameters: [] + /flows/instances/import_flow/: + post: + operationId: flows_instances_import_flow + description: Import flow from .akflow file + parameters: + - name: file + in: formData + required: true + type: file + responses: + '204': + description: Successfully imported flow + '400': + description: Bad request + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + consumes: + - multipart/form-data + tags: + - flows + parameters: [] /flows/instances/{slug}/: get: operationId: flows_instances_read @@ -4033,6 +4056,35 @@ paths: type: string format: slug pattern: ^[-a-zA-Z0-9_]+$ + /flows/instances/{slug}/execute/: + get: + operationId: flows_instances_execute + description: Execute flow for current user + parameters: [] + responses: + '200': + description: '' + schema: + $ref: '#/definitions/Link' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' + tags: + - flows + parameters: + - name: slug + in: path + description: Visible in the URL. + required: true + type: string + format: slug + pattern: ^[-a-zA-Z0-9_]+$ /flows/instances/{slug}/export/: get: operationId: flows_instances_export @@ -14908,7 +14960,7 @@ definitions: items: $ref: '#/definitions/Coordinate' readOnly: true - UserRecovery: + Link: required: - link type: object @@ -17035,7 +17087,7 @@ definitions: title: Metadata type: string readOnly: true - Link: + FooterLink: type: object properties: href: @@ -17064,7 +17116,7 @@ definitions: ui_footer_links: type: array items: - $ref: '#/definitions/Link' + $ref: '#/definitions/FooterLink' readOnly: true error_reporting_enabled: title: Error reporting enabled diff --git a/web/src/pages/applications/ApplicationForm.ts b/web/src/pages/applications/ApplicationForm.ts index 7806daa61..25a1bd943 100644 --- a/web/src/pages/applications/ApplicationForm.ts +++ b/web/src/pages/applications/ApplicationForm.ts @@ -26,7 +26,7 @@ export class ApplicationForm extends Form { } } - send = (data: Application): Promise => { + send = (data: Application): Promise => { let writeOp: Promise; if (this.application) { writeOp = new CoreApi(DEFAULT_CONFIG).coreApplicationsUpdate({ From e96d2fa66617332a52e6932e489892392202b222 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 22:24:46 +0200 Subject: [PATCH 45/60] web/admin: migrate flows to web forms Signed-off-by: Jens Langhammer --- web/src/api/legacy.ts | 4 - web/src/pages/applications/ApplicationForm.ts | 2 +- web/src/pages/flows/FlowForm.ts | 115 ++++++++++++++++++ web/src/pages/flows/FlowImportForm.ts | 38 ++++++ web/src/pages/flows/FlowListPage.ts | 72 +++++++---- 5 files changed, 205 insertions(+), 26 deletions(-) create mode 100644 web/src/pages/flows/FlowForm.ts create mode 100644 web/src/pages/flows/FlowImportForm.ts diff --git a/web/src/api/legacy.ts b/web/src/api/legacy.ts index ae8462b14..d38d9610e 100644 --- a/web/src/api/legacy.ts +++ b/web/src/api/legacy.ts @@ -24,10 +24,6 @@ export class AdminURLManager { return `/administration/outpost_service_connections/${rest}`; } - static flows(rest: string): string { - return `/administration/flows/${rest}`; - } - static stages(rest: string): string { return `/administration/stages/${rest}`; } diff --git a/web/src/pages/applications/ApplicationForm.ts b/web/src/pages/applications/ApplicationForm.ts index 25a1bd943..e194566ea 100644 --- a/web/src/pages/applications/ApplicationForm.ts +++ b/web/src/pages/applications/ApplicationForm.ts @@ -63,7 +63,7 @@ export class ApplicationForm extends Form { ${Array.from(m).map(([group, providers]) => { return html` ${providers.map(p => { - const selected = (this.application?.provider?.pk === p.pk) || (this.provider === p.pk) + const selected = (this.application?.provider?.pk === p.pk) || (this.provider === p.pk); return html``; })} `; diff --git a/web/src/pages/flows/FlowForm.ts b/web/src/pages/flows/FlowForm.ts new file mode 100644 index 000000000..ba32c6af1 --- /dev/null +++ b/web/src/pages/flows/FlowForm.ts @@ -0,0 +1,115 @@ +import { Flow, FlowDesignationEnum, FlowsApi } from "authentik-api"; +import { gettext } from "django"; +import { customElement, property } from "lit-element"; +import { html, TemplateResult } from "lit-html"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { Form } from "../../elements/forms/Form"; +import { ifDefined } from "lit-html/directives/if-defined"; +import "../../elements/forms/HorizontalFormElement"; + +@customElement("ak-flow-form") +export class FlowForm extends Form { + + @property({attribute: false}) + flow?: Flow; + + getSuccessMessage(): string { + if (this.flow) { + return gettext("Successfully updated flow."); + } else { + return gettext("Successfully created flow."); + } + } + + send = (data: Flow): Promise => { + let writeOp: Promise; + if (this.flow) { + writeOp = new FlowsApi(DEFAULT_CONFIG).flowsInstancesUpdate({ + slug: this.flow.slug, + data: data + }); + } else { + writeOp = new FlowsApi(DEFAULT_CONFIG).flowsInstancesCreate({ + data: data + }); + } + const background = this.getFormFile(); + if (background) { + return writeOp.then(flow => { + return new FlowsApi(DEFAULT_CONFIG).flowsInstancesSetBackground({ + slug: flow.slug, + file: background + }); + }); + } + return writeOp; + }; + + renderDesignations(): TemplateResult { + return html` + + + + + + + + `; + } + + renderForm(): TemplateResult { + return html`
+ + + + + +

${gettext("Shown as the Title in Flow pages.")}

+ + + +

${gettext("Visible in the URL.")}

+ + + +

${gettext("Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik.")}

+ + + +

${gettext("Background shown during execution.")}

+ +
`; + } + +} diff --git a/web/src/pages/flows/FlowImportForm.ts b/web/src/pages/flows/FlowImportForm.ts new file mode 100644 index 000000000..48161ef8a --- /dev/null +++ b/web/src/pages/flows/FlowImportForm.ts @@ -0,0 +1,38 @@ +import { Flow, FlowsApi } from "authentik-api"; +import { gettext } from "django"; +import { customElement } from "lit-element"; +import { html, TemplateResult } from "lit-html"; +import { DEFAULT_CONFIG } from "../../api/Config"; +import { Form } from "../../elements/forms/Form"; +import "../../elements/forms/HorizontalFormElement"; + +@customElement("ak-flow-import-form") +export class FlowImportForm extends Form { + + getSuccessMessage(): string { + return gettext("Successfully imported flow."); + } + + // eslint-disable-next-line + send = (data: Flow): Promise => { + const file = this.getFormFile(); + if (!file) { + throw new Error("No form data"); + } + return new FlowsApi(DEFAULT_CONFIG).flowsInstancesImportFlow({ + file: file + }); + }; + + renderForm(): TemplateResult { + return html`
+ + +

${gettext("Background shown during execution.")}

+ +
`; + } + +} diff --git a/web/src/pages/flows/FlowListPage.ts b/web/src/pages/flows/FlowListPage.ts index 1dc88d311..41d15f02e 100644 --- a/web/src/pages/flows/FlowListPage.ts +++ b/web/src/pages/flows/FlowListPage.ts @@ -6,11 +6,13 @@ import { TablePage } from "../../elements/table/TablePage"; import "../../elements/buttons/ModalButton"; import "../../elements/buttons/SpinnerButton"; import "../../elements/forms/DeleteForm"; +import "../../elements/forms/ModalForm"; +import "./FlowForm"; +import "./FlowImportForm"; import { TableColumn } from "../../elements/table/Table"; import { PAGE_SIZE } from "../../constants"; import { Flow, FlowsApi } from "authentik-api"; import { DEFAULT_CONFIG } from "../../api/Config"; -import { AdminURLManager } from "../../api/legacy"; @customElement("ak-flow-list") export class FlowListPage extends TablePage { @@ -60,48 +62,76 @@ export class FlowListPage extends TablePage { html`${Array.from(item.stages || []).length}`, html`${Array.from(item.policies || []).length}`, html` - - + + + ${gettext("Update")} + + + ${gettext("Update Flow")} + + + + + { return new FlowsApi(DEFAULT_CONFIG).flowsInstancesDelete({ - slug: item.slug || "" + slug: item.slug }); }}> - + ${gettext("Export")} - - `, + `, ]; } renderToolbar(): TemplateResult { return html` - - + + ${gettext("Create")} - -
- - - + + + ${gettext("Create Flow")} + + + + + + + ${gettext("Import")} - -
- + + + ${gettext("Import Flow")} + + + + + ${super.renderToolbar()} `; } From 3945dc9f3f1bbebadaf26e6a00c6c41485243892 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 22:30:57 +0200 Subject: [PATCH 46/60] web/admin: fix execute button on flow view Signed-off-by: Jens Langhammer --- web/src/pages/flows/FlowListPage.ts | 4 ++-- web/src/pages/flows/FlowViewPage.ts | 12 ++++++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/web/src/pages/flows/FlowListPage.ts b/web/src/pages/flows/FlowListPage.ts index 41d15f02e..fdb6e45d5 100644 --- a/web/src/pages/flows/FlowListPage.ts +++ b/web/src/pages/flows/FlowListPage.ts @@ -88,7 +88,7 @@ export class FlowListPage extends TablePage { - + ${gettext("Export")} `, ]; diff --git a/web/src/pages/flows/FlowViewPage.ts b/web/src/pages/flows/FlowViewPage.ts index 329519659..f72a5cf15 100644 --- a/web/src/pages/flows/FlowViewPage.ts +++ b/web/src/pages/flows/FlowViewPage.ts @@ -80,9 +80,17 @@ export class FlowViewPage extends LitElement {
- +
From 7a93b9e5654cba125a34fe7662deee80cf019fb7 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 22:31:12 +0200 Subject: [PATCH 47/60] web/user: use ak form element for webauthn device Signed-off-by: Jens Langhammer --- .../settings/UserSettingsAuthenticatorWebAuthn.ts | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthn.ts b/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthn.ts index 9a9425777..3cc5c5e04 100644 --- a/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthn.ts +++ b/web/src/pages/users/settings/UserSettingsAuthenticatorWebAuthn.ts @@ -11,6 +11,8 @@ import "../../../elements/buttons/SpinnerButton"; import "../../../elements/forms/DeleteForm"; import "../../../elements/forms/Form"; import "../../../elements/forms/ModalForm"; +import "../../../elements/forms/HorizontalFormElement"; +import { ifDefined } from "lit-html/directives/if-defined"; @customElement("ak-user-settings-authenticator-webauthn") export class UserSettingsAuthenticatorWebAuthn extends BaseUserSettings { @@ -52,12 +54,12 @@ export class UserSettingsAuthenticatorWebAuthn extends BaseUserSettings { }); }}>
- - + + +
+ { renderToolbar(): TemplateResult { return html` - - + + ${gettext("Create")} - -
- + + + ${gettext("Create Outpost")} + + + + + ${super.renderToolbar()} `; } From 54c50f6446ec2f5d8c366b7eb206b919414327e0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 23:32:42 +0200 Subject: [PATCH 52/60] policies: add test API Signed-off-by: Jens Langhammer --- authentik/api/v2/urls.py | 3 +- authentik/policies/api/__init__.py | 0 authentik/policies/api/bindings.py | 80 ++++++++++++++ authentik/policies/api/exec.py | 33 ++++++ .../policies/{api.py => api/policies.py} | 104 ++++++------------ authentik/policies/dummy/api.py | 2 +- authentik/policies/event_matcher/api.py | 2 +- authentik/policies/expiry/api.py | 2 +- authentik/policies/expression/api.py | 2 +- authentik/policies/hibp/api.py | 2 +- authentik/policies/models.py | 2 +- authentik/policies/password/api.py | 2 +- authentik/policies/reputation/api.py | 2 +- swagger.yaml | 62 +++++++++++ web/src/pages/flows/FlowViewPage.ts | 1 - web/src/pages/outposts/OutpostForm.ts | 2 +- 16 files changed, 220 insertions(+), 81 deletions(-) create mode 100644 authentik/policies/api/__init__.py create mode 100644 authentik/policies/api/bindings.py create mode 100644 authentik/policies/api/exec.py rename authentik/policies/{api.py => api/policies.py} (63%) diff --git a/authentik/api/v2/urls.py b/authentik/api/v2/urls.py index 90747dc40..9ee25b019 100644 --- a/authentik/api/v2/urls.py +++ b/authentik/api/v2/urls.py @@ -33,7 +33,8 @@ from authentik.outposts.api.outpost_service_connections import ( ServiceConnectionViewSet, ) from authentik.outposts.api.outposts import OutpostViewSet -from authentik.policies.api import PolicyBindingViewSet, PolicyViewSet +from authentik.policies.api.bindings import PolicyBindingViewSet +from authentik.policies.api.policies import PolicyViewSet from authentik.policies.dummy.api import DummyPolicyViewSet from authentik.policies.event_matcher.api import EventMatcherPolicyViewSet from authentik.policies.expiry.api import PasswordExpiryPolicyViewSet diff --git a/authentik/policies/api/__init__.py b/authentik/policies/api/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/policies/api/bindings.py b/authentik/policies/api/bindings.py new file mode 100644 index 000000000..5ed92ccaa --- /dev/null +++ b/authentik/policies/api/bindings.py @@ -0,0 +1,80 @@ +"""policy binding API Views""" +from django.core.exceptions import ObjectDoesNotExist +from rest_framework.serializers import ModelSerializer, PrimaryKeyRelatedField +from rest_framework.viewsets import ModelViewSet +from structlog.stdlib import get_logger + +from authentik.core.api.groups import GroupSerializer +from authentik.policies.models import PolicyBinding, PolicyBindingModel + +LOGGER = get_logger() + + +class PolicyBindingModelForeignKey(PrimaryKeyRelatedField): + """rest_framework PrimaryKeyRelatedField which resolves + model_manager's InheritanceQuerySet""" + + def use_pk_only_optimization(self): + return False + + # pylint: disable=inconsistent-return-statements + def to_internal_value(self, data): + if self.pk_field is not None: + data = self.pk_field.to_internal_value(data) + try: + # Due to inheritance, a direct DB lookup for the primary key + # won't return anything. This is because the direct lookup + # checks the PK of PolicyBindingModel (for example), + # but we get given the Primary Key of the inheriting class + for model in self.get_queryset().select_subclasses().all().select_related(): + if model.pk == data: + return model + # as a fallback we still try a direct lookup + return self.get_queryset().get_subclass(pk=data) + except ObjectDoesNotExist: + self.fail("does_not_exist", pk_value=data) + except (TypeError, ValueError): + self.fail("incorrect_type", data_type=type(data).__name__) + + def to_representation(self, value): + correct_model = PolicyBindingModel.objects.get_subclass(pbm_uuid=value.pbm_uuid) + return correct_model.pk + + +class PolicyBindingSerializer(ModelSerializer): + """PolicyBinding Serializer""" + + # Because we're not interested in the PolicyBindingModel's PK but rather the subclasses PK, + # we have to manually declare this field + target = PolicyBindingModelForeignKey( + queryset=PolicyBindingModel.objects.select_subclasses(), + required=True, + ) + + group = GroupSerializer(required=False) + + class Meta: + + model = PolicyBinding + fields = [ + "pk", + "policy", + "group", + "user", + "target", + "enabled", + "order", + "timeout", + ] + depth = 2 + + +class PolicyBindingViewSet(ModelViewSet): + """PolicyBinding Viewset""" + + queryset = PolicyBinding.objects.all().select_related( + "policy", "target", "group", "user" + ) + serializer_class = PolicyBindingSerializer + filterset_fields = ["policy", "target", "enabled", "order", "timeout"] + search_fields = ["policy__name"] diff --git a/authentik/policies/api/exec.py b/authentik/policies/api/exec.py new file mode 100644 index 000000000..9d4069179 --- /dev/null +++ b/authentik/policies/api/exec.py @@ -0,0 +1,33 @@ +"""Serializer for policy execution""" +from django.db.models import Model +from rest_framework.fields import BooleanField, CharField, JSONField, ListField +from rest_framework.relations import PrimaryKeyRelatedField +from rest_framework.serializers import Serializer + +from authentik.core.models import User + + +class PolicyTestSerializer(Serializer): + """Test policy execution for a user with context""" + + user = PrimaryKeyRelatedField(queryset=User.objects.all()) + context = JSONField(required=False) + + def create(self, validated_data: dict) -> Model: + raise NotImplementedError + + def update(self, instance: Model, validated_data: dict) -> Model: + raise NotImplementedError + + +class PolicyTestResultSerializer(Serializer): + """result of a policy test""" + + passing = BooleanField() + messages = ListField(child=CharField(), read_only=True) + + def create(self, validated_data: dict) -> Model: + raise NotImplementedError + + def update(self, instance: Model, validated_data: dict) -> Model: + raise NotImplementedError diff --git a/authentik/policies/api.py b/authentik/policies/api/policies.py similarity index 63% rename from authentik/policies/api.py rename to authentik/policies/api/policies.py index ce50695fa..469cd670a 100644 --- a/authentik/policies/api.py +++ b/authentik/policies/api/policies.py @@ -1,24 +1,25 @@ """policy API Views""" from django.core.cache import cache -from django.core.exceptions import ObjectDoesNotExist from django.http.response import HttpResponseBadRequest from django.urls import reverse from drf_yasg.utils import no_body, swagger_auto_schema +from guardian.shortcuts import get_objects_for_user from rest_framework import mixins from rest_framework.decorators import action +from rest_framework.exceptions import PermissionDenied +from rest_framework.relations import PrimaryKeyRelatedField from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ( ModelSerializer, - PrimaryKeyRelatedField, + Serializer, SerializerMethodField, ) -from rest_framework.viewsets import GenericViewSet, ModelViewSet +from rest_framework.viewsets import GenericViewSet from structlog.stdlib import get_logger from authentik.api.decorators import permission_required from authentik.core.api.applications import user_app_cache_key -from authentik.core.api.groups import GroupSerializer from authentik.core.api.utils import ( CacheSerializer, MetaNameSerializer, @@ -26,42 +27,14 @@ from authentik.core.api.utils import ( ) from authentik.lib.templatetags.authentik_utils import verbose_name from authentik.lib.utils.reflection import all_subclasses -from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel +from authentik.policies.api.exec import PolicyTestResultSerializer, PolicyTestSerializer +from authentik.policies.models import Policy, PolicyBinding +from authentik.policies.process import PolicyProcess +from authentik.policies.types import PolicyRequest LOGGER = get_logger() -class PolicyBindingModelForeignKey(PrimaryKeyRelatedField): - """rest_framework PrimaryKeyRelatedField which resolves - model_manager's InheritanceQuerySet""" - - def use_pk_only_optimization(self): - return False - - # pylint: disable=inconsistent-return-statements - def to_internal_value(self, data): - if self.pk_field is not None: - data = self.pk_field.to_internal_value(data) - try: - # Due to inheritance, a direct DB lookup for the primary key - # won't return anything. This is because the direct lookup - # checks the PK of PolicyBindingModel (for example), - # but we get given the Primary Key of the inheriting class - for model in self.get_queryset().select_subclasses().all().select_related(): - if model.pk == data: - return model - # as a fallback we still try a direct lookup - return self.get_queryset().get_subclass(pk=data) - except ObjectDoesNotExist: - self.fail("does_not_exist", pk_value=data) - except (TypeError, ValueError): - self.fail("incorrect_type", data_type=type(data).__name__) - - def to_representation(self, value): - correct_model = PolicyBindingModel.objects.get_subclass(pbm_uuid=value.pbm_uuid) - return correct_model.pk - - class PolicySerializer(ModelSerializer, MetaNameSerializer): """Policy Serializer""" @@ -169,41 +142,32 @@ class PolicyViewSet( cache.delete_many(keys) return Response(status=204) - -class PolicyBindingSerializer(ModelSerializer): - """PolicyBinding Serializer""" - - # Because we're not interested in the PolicyBindingModel's PK but rather the subclasses PK, - # we have to manually declare this field - target = PolicyBindingModelForeignKey( - queryset=PolicyBindingModel.objects.select_subclasses(), - required=True, + @permission_required("authentik_policies.view_policy") + @swagger_auto_schema( + request_body=PolicyTestSerializer(), + responses={200: PolicyTestResultSerializer()}, ) + @action(detail=True, methods=["POST"]) + def test(self, request: Request) -> Response: + """Test policy""" + policy = self.get_object() + test_params = PolicyTestSerializer(request.data) + if not test_params.is_valid(): + return Response(test_params.errors, status=400) - group = GroupSerializer(required=False) + # User permission check, only allow policy testing for users that are readable + users = get_objects_for_user(request.user, "authentik_core.view_user").filter( + pk=test_params["user"] + ) + if not users.exists(): + raise PermissionDenied() - class Meta: + p_request = PolicyRequest(users.first()) + p_request.debug = True + p_request.set_http_request(self.request) + p_request.context = test_params.validated_data.get("context", {}) - model = PolicyBinding - fields = [ - "pk", - "policy", - "group", - "user", - "target", - "enabled", - "order", - "timeout", - ] - depth = 2 - - -class PolicyBindingViewSet(ModelViewSet): - """PolicyBinding Viewset""" - - queryset = PolicyBinding.objects.all().select_related( - "policy", "target", "group", "user" - ) - serializer_class = PolicyBindingSerializer - filterset_fields = ["policy", "target", "enabled", "order", "timeout"] - search_fields = ["policy__name"] + proc = PolicyProcess(PolicyBinding(policy=policy), p_request, None) + result = proc.execute() + response = PolicyTestResultSerializer(result) + return Response(response) diff --git a/authentik/policies/dummy/api.py b/authentik/policies/dummy/api.py index aa75a2b3a..66d837063 100644 --- a/authentik/policies/dummy/api.py +++ b/authentik/policies/dummy/api.py @@ -1,7 +1,7 @@ """Dummy Policy API Views""" from rest_framework.viewsets import ModelViewSet -from authentik.policies.api import PolicySerializer +from authentik.policies.api.policies import PolicySerializer from authentik.policies.dummy.models import DummyPolicy diff --git a/authentik/policies/event_matcher/api.py b/authentik/policies/event_matcher/api.py index df81d25f8..0dda645f1 100644 --- a/authentik/policies/event_matcher/api.py +++ b/authentik/policies/event_matcher/api.py @@ -1,7 +1,7 @@ """Event Matcher Policy API""" from rest_framework.viewsets import ModelViewSet -from authentik.policies.api import PolicySerializer +from authentik.policies.api.policies import PolicySerializer from authentik.policies.event_matcher.models import EventMatcherPolicy diff --git a/authentik/policies/expiry/api.py b/authentik/policies/expiry/api.py index 3fb9c410e..70f12a62d 100644 --- a/authentik/policies/expiry/api.py +++ b/authentik/policies/expiry/api.py @@ -1,7 +1,7 @@ """Password Expiry Policy API Views""" from rest_framework.viewsets import ModelViewSet -from authentik.policies.api import PolicySerializer +from authentik.policies.api.policies import PolicySerializer from authentik.policies.expiry.models import PasswordExpiryPolicy diff --git a/authentik/policies/expression/api.py b/authentik/policies/expression/api.py index 8728be5ea..1ef7a53a8 100644 --- a/authentik/policies/expression/api.py +++ b/authentik/policies/expression/api.py @@ -1,7 +1,7 @@ """Expression Policy API""" from rest_framework.viewsets import ModelViewSet -from authentik.policies.api import PolicySerializer +from authentik.policies.api.policies import PolicySerializer from authentik.policies.expression.models import ExpressionPolicy diff --git a/authentik/policies/hibp/api.py b/authentik/policies/hibp/api.py index 02f91f4fb..66acd8877 100644 --- a/authentik/policies/hibp/api.py +++ b/authentik/policies/hibp/api.py @@ -1,7 +1,7 @@ """Source API Views""" from rest_framework.viewsets import ModelViewSet -from authentik.policies.api import PolicySerializer +from authentik.policies.api.policies import PolicySerializer from authentik.policies.hibp.models import HaveIBeenPwendPolicy diff --git a/authentik/policies/models.py b/authentik/policies/models.py index 7e34131c3..9964a1dcd 100644 --- a/authentik/policies/models.py +++ b/authentik/policies/models.py @@ -95,7 +95,7 @@ class PolicyBinding(SerializerModel): @property def serializer(self) -> BaseSerializer: - from authentik.policies.api import PolicyBindingSerializer + from authentik.policies.api.bindings import PolicyBindingSerializer return PolicyBindingSerializer diff --git a/authentik/policies/password/api.py b/authentik/policies/password/api.py index 050b41a3f..f0171095c 100644 --- a/authentik/policies/password/api.py +++ b/authentik/policies/password/api.py @@ -1,7 +1,7 @@ """Password Policy API Views""" from rest_framework.viewsets import ModelViewSet -from authentik.policies.api import PolicySerializer +from authentik.policies.api.policies import PolicySerializer from authentik.policies.password.models import PasswordPolicy diff --git a/authentik/policies/reputation/api.py b/authentik/policies/reputation/api.py index e75d48fac..ce3681972 100644 --- a/authentik/policies/reputation/api.py +++ b/authentik/policies/reputation/api.py @@ -1,7 +1,7 @@ """Source API Views""" from rest_framework.viewsets import ModelViewSet -from authentik.policies.api import PolicySerializer +from authentik.policies.api.policies import PolicySerializer from authentik.policies.reputation.models import ( IPReputation, ReputationPolicy, diff --git a/swagger.yaml b/swagger.yaml index 2a2122f1d..7cbd8aa22 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -5779,6 +5779,43 @@ paths: required: true type: string format: uuid + /policies/all/{policy_uuid}/test/: + post: + operationId: policies_all_test + description: Test policy + parameters: + - name: data + in: body + required: true + schema: + $ref: '#/definitions/PolicyTest' + responses: + '200': + description: '' + schema: + $ref: '#/definitions/PolicyTestResult' + '400': + description: Invalid input. + schema: + $ref: '#/definitions/ValidationError' + '403': + description: Authentication credentials were invalid, absent or insufficient. + schema: + $ref: '#/definitions/GenericError' + '404': + description: Object does not exist or caller has insufficient permissions + to access it. + schema: + $ref: '#/definitions/APIException' + tags: + - policies + parameters: + - name: policy_uuid + in: path + description: A UUID string identifying this Policy. + required: true + type: string + format: uuid /policies/bindings/: get: operationId: policies_bindings_list @@ -16044,6 +16081,31 @@ definitions: title: Bound to type: integer readOnly: true + PolicyTest: + required: + - user + type: object + properties: + user: + title: User + type: integer + context: + title: Context + type: object + PolicyTestResult: + required: + - passing + type: object + properties: + passing: + title: Passing + type: boolean + messages: + type: array + items: + type: string + minLength: 1 + readOnly: true PolicyBinding: required: - target diff --git a/web/src/pages/flows/FlowViewPage.ts b/web/src/pages/flows/FlowViewPage.ts index 2e381ae58..d67f388f1 100644 --- a/web/src/pages/flows/FlowViewPage.ts +++ b/web/src/pages/flows/FlowViewPage.ts @@ -17,7 +17,6 @@ import PFContent from "@patternfly/patternfly/components/Content/content.css"; import AKGlobal from "../../authentik.css"; import PFBase from "@patternfly/patternfly/patternfly-base.css"; import PFGallery from "@patternfly/patternfly/layouts/Gallery/gallery.css"; -import { AdminURLManager } from "../../api/legacy"; @customElement("ak-flow-view") export class FlowViewPage extends LitElement { diff --git a/web/src/pages/outposts/OutpostForm.ts b/web/src/pages/outposts/OutpostForm.ts index d62488b5b..3f9de2e2b 100644 --- a/web/src/pages/outposts/OutpostForm.ts +++ b/web/src/pages/outposts/OutpostForm.ts @@ -1,4 +1,4 @@ -import { CoreApi, Outpost, OutpostsApi, ProvidersApi } from "authentik-api"; +import { Outpost, OutpostsApi, ProvidersApi } from "authentik-api"; import { gettext } from "django"; import { customElement, property } from "lit-element"; import { html, TemplateResult } from "lit-html"; From bfa0c46588ef8db1d07c12b83a8ae680671057c6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 11:05:31 +0200 Subject: [PATCH 53/60] tests/e2e: fix source tests Signed-off-by: Jens Langhammer --- tests/e2e/test_source_oauth.py | 38 +++++----------------------------- tests/e2e/test_source_saml.py | 23 ++++++++++++-------- 2 files changed, 19 insertions(+), 42 deletions(-) diff --git a/tests/e2e/test_source_oauth.py b/tests/e2e/test_source_oauth.py index 9f1ca18af..c3646a7f7 100644 --- a/tests/e2e/test_source_oauth.py +++ b/tests/e2e/test_source_oauth.py @@ -15,6 +15,7 @@ from selenium.webdriver.support.wait import WebDriverWait from structlog.stdlib import get_logger from yaml import safe_dump +from authentik.core.models import User from authentik.flows.models import Flow from authentik.providers.oauth2.generators import ( generate_client_id, @@ -162,17 +163,7 @@ class TestSourceOAuth2(SeleniumTestCase): self.wait_for_url(self.if_admin_url("/library")) self.driver.get(self.if_admin_url("/user")) - self.assertEqual( - self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo" - ) - self.assertEqual( - self.driver.find_element(By.ID, "id_name").get_attribute("value"), - "admin", - ) - self.assertEqual( - self.driver.find_element(By.ID, "id_email").get_attribute("value"), - "admin@example.com", - ) + self.assert_user(User(username="foo", name="admin", email="admin@example.com")) @retry() @apply_migration("authentik_core", "0003_default_user") @@ -257,17 +248,7 @@ class TestSourceOAuth2(SeleniumTestCase): self.wait_for_url(self.if_admin_url("/library")) self.driver.get(self.if_admin_url("/user")) - self.assertEqual( - self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo" - ) - self.assertEqual( - self.driver.find_element(By.ID, "id_name").get_attribute("value"), - "admin", - ) - self.assertEqual( - self.driver.find_element(By.ID, "id_email").get_attribute("value"), - "admin@example.com", - ) + self.assert_user(User(username="foo", name="admin", email="admin@example.com")) @skipUnless(platform.startswith("linux"), "requires local docker") @@ -361,15 +342,6 @@ class TestSourceOAuth1(SeleniumTestCase): self.wait_for_url(self.if_admin_url("/library")) self.driver.get(self.if_admin_url("/user")) - self.assertEqual( - self.driver.find_element(By.ID, "id_username").get_attribute("value"), - "example-user", - ) - self.assertEqual( - self.driver.find_element(By.ID, "id_name").get_attribute("value"), - "test name", - ) - self.assertEqual( - self.driver.find_element(By.ID, "id_email").get_attribute("value"), - "foo@example.com", + self.assert_user( + User(username="example-user", name="test name", email="foo@example.com") ) diff --git a/tests/e2e/test_source_saml.py b/tests/e2e/test_source_saml.py index cdd1964d1..8fbfbfccd 100644 --- a/tests/e2e/test_source_saml.py +++ b/tests/e2e/test_source_saml.py @@ -5,12 +5,14 @@ from typing import Any, Optional from unittest.case import skipUnless from docker.types import Healthcheck +from guardian.utils import get_anonymous_user from selenium.webdriver.common.by import By from selenium.webdriver.common.keys import Keys from selenium.webdriver.support import expected_conditions as ec from selenium.webdriver.support.wait import WebDriverWait from structlog.stdlib import get_logger +from authentik.core.models import User from authentik.crypto.models import CertificateKeyPair from authentik.flows.models import Flow from authentik.sources.saml.models import SAMLBindingTypes, SAMLSource @@ -155,9 +157,10 @@ class TestSourceSAML(SeleniumTestCase): self.wait_for_url(self.if_admin_url("/library")) self.driver.get(self.if_admin_url("/user")) - # Wait until we've loaded the user info page - self.assertNotEqual( - self.driver.find_element(By.ID, "id_username").get_attribute("value"), "" + self.assert_user( + User.objects.exclude(username="akadmin") + .exclude(pk=get_anonymous_user().pk) + .first() ) @retry() @@ -235,9 +238,10 @@ class TestSourceSAML(SeleniumTestCase): self.wait_for_url(self.if_admin_url("/library")) self.driver.get(self.if_admin_url("/user")) - # Wait until we've loaded the user info page - self.assertNotEqual( - self.driver.find_element(By.ID, "id_username").get_attribute("value"), "" + self.assert_user( + User.objects.exclude(username="akadmin") + .exclude(pk=get_anonymous_user().pk) + .first() ) @retry() @@ -302,7 +306,8 @@ class TestSourceSAML(SeleniumTestCase): self.wait_for_url(self.if_admin_url("/library")) self.driver.get(self.if_admin_url("/user")) - # Wait until we've loaded the user info page - self.assertNotEqual( - self.driver.find_element(By.ID, "id_username").get_attribute("value"), "" + self.assert_user( + User.objects.exclude(username="akadmin") + .exclude(pk=get_anonymous_user().pk) + .first() ) From b1967b42e3ceb4621ddee729cddc5e4e3bbe35fb Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 13:05:49 +0200 Subject: [PATCH 54/60] root: temporarily use failfast to debug tests Signed-off-by: Jens Langhammer --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 087a20cca..e23a2c9ff 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ test-integration: coverage run manage.py test -v 3 tests/integration test-e2e: - coverage run manage.py test -v 3 tests/e2e + coverage run manage.py test --failfast -v 3 tests/e2e coverage: coverage run manage.py test -v 3 authentik From 3686cba6b4cdfe7aa3d6e2d229a23697eaa0ab0f Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 13:35:34 +0200 Subject: [PATCH 55/60] root: fix build for static files during e2e Signed-off-by: Jens Langhammer --- azure-pipelines.yml | 4 ++-- web/src/api/Client.ts | 13 ------------- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index a36438ac2..54490ff0d 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -285,9 +285,9 @@ stages: inputs: script: | docker run --rm -v $(pwd):/local openapitools/openapi-generator-cli generate -i /local/swagger.yaml -g typescript-fetch -o /local/web/api --additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=authentik-api,npmVersion=1.0.0 - sudo chmod 777 -R api/ + sudo chmod 777 -R web/api/ cd web - sudo chmod 777 -R api/ + cd api && npm i && cd .. npm i npm run build - task: CmdLine@2 diff --git a/web/src/api/Client.ts b/web/src/api/Client.ts index 20a8efd22..e7b79a27e 100644 --- a/web/src/api/Client.ts +++ b/web/src/api/Client.ts @@ -1,16 +1,3 @@ -export interface QueryArguments { - page?: number; - page_size?: number; - [key: string]: number | string | boolean | undefined | null; -} - -export interface BaseInheritanceModel { - objectType: string; - - verboseName: string; - verboseNamePlural: string; -} - export interface AKPagination { next?: number; previous?: number; From b3b8e71caa3e6cbe24c64cdc9135603528a57706 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 14:34:20 +0200 Subject: [PATCH 56/60] web/flows: fix challenge type Signed-off-by: Jens Langhammer --- web/src/flows/FlowExecutor.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/flows/FlowExecutor.ts b/web/src/flows/FlowExecutor.ts index 5e397f922..ac991d3cd 100644 --- a/web/src/flows/FlowExecutor.ts +++ b/web/src/flows/FlowExecutor.ts @@ -172,7 +172,7 @@ export class FlowExecutor extends LitElement implements StageHost { if (!this.challenge) { return html``; } - switch (this.challenge.type) { + switch (this.challenge.type.toUpperCase()) { case ChallengeTypeEnum.Redirect: console.debug("authentik/flows: redirecting to url from server", (this.challenge as RedirectChallenge).to); window.location.assign((this.challenge as RedirectChallenge).to); From 50ce5aa2b458c039eb3775646b39c9c6cec1ea1b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 15:08:54 +0200 Subject: [PATCH 57/60] root: replace pytest with pyproject in dockerfile Signed-off-by: Jens Langhammer --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 023d2e61b..eb4d70f7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,7 +40,7 @@ RUN apt-get update && \ chown authentik:authentik /backups COPY ./authentik/ /authentik -COPY ./pytest.ini / +COPY ./pyproject.toml / COPY ./xml /xml COPY ./manage.py / COPY ./lifecycle/ /lifecycle From c7dcf92a2e0c91f05b6c5d12c7f04eda51e1f22b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 15:23:37 +0200 Subject: [PATCH 58/60] api: add tests for swagger generation Signed-off-by: Jens Langhammer --- authentik/admin/mixins.py | 9 ------- authentik/api/tests/__init__.py | 0 .../api/{tests.py => tests/test_auth.py} | 0 authentik/api/tests/test_swagger.py | 24 +++++++++++++++++++ authentik/core/signals.py | 2 +- authentik/events/middleware.py | 4 +++- authentik/managed/models.py | 5 ---- 7 files changed, 28 insertions(+), 16 deletions(-) delete mode 100644 authentik/admin/mixins.py create mode 100644 authentik/api/tests/__init__.py rename authentik/api/{tests.py => tests/test_auth.py} (100%) create mode 100644 authentik/api/tests/test_swagger.py diff --git a/authentik/admin/mixins.py b/authentik/admin/mixins.py deleted file mode 100644 index 97ee3c53a..000000000 --- a/authentik/admin/mixins.py +++ /dev/null @@ -1,9 +0,0 @@ -"""authentik admin mixins""" -from django.contrib.auth.mixins import UserPassesTestMixin - - -class AdminRequiredMixin(UserPassesTestMixin): - """Make sure user is administrator""" - - def test_func(self): - return self.request.user.is_superuser diff --git a/authentik/api/tests/__init__.py b/authentik/api/tests/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/api/tests.py b/authentik/api/tests/test_auth.py similarity index 100% rename from authentik/api/tests.py rename to authentik/api/tests/test_auth.py diff --git a/authentik/api/tests/test_swagger.py b/authentik/api/tests/test_swagger.py new file mode 100644 index 000000000..b8095a388 --- /dev/null +++ b/authentik/api/tests/test_swagger.py @@ -0,0 +1,24 @@ +"""Swagger generation tests""" +from json import loads + +from django.urls import reverse +from rest_framework.test import APITestCase +from yaml import safe_load + + +class TestSwaggerGeneration(APITestCase): + """Generic admin tests""" + + def test_yaml(self): + """Test YAML generation""" + response = self.client.get( + reverse("authentik_api:schema-json", kwargs={"format": ".yaml"}), + ) + self.assertTrue(safe_load(response.content.decode())) + + def test_json(self): + """Test JSON generation""" + response = self.client.get( + reverse("authentik_api:schema-json", kwargs={"format": ".json"}), + ) + self.assertTrue(loads(response.content.decode())) diff --git a/authentik/core/signals.py b/authentik/core/signals.py index 4f293af09..ec7675fe2 100644 --- a/authentik/core/signals.py +++ b/authentik/core/signals.py @@ -17,7 +17,7 @@ def post_save_application(sender, instance, created: bool, **_): if sender != Application: return - if not created: + if not created: # pragma: no cover return # Also delete user application cache keys = cache.keys(user_app_cache_key("*")) diff --git a/authentik/events/middleware.py b/authentik/events/middleware.py index d9b865017..bb130cb02 100644 --- a/authentik/events/middleware.py +++ b/authentik/events/middleware.py @@ -76,7 +76,9 @@ class AuditMiddleware: user: User, request: HttpRequest, sender, instance: Model, **_ ): """Signal handler for all object's pre_delete""" - if isinstance(instance, (Event, Notification, UserObjectPermission)): + if isinstance( + instance, (Event, Notification, UserObjectPermission) + ): # pragma: no cover return EventNewThread( diff --git a/authentik/managed/models.py b/authentik/managed/models.py index d6dca21e6..508cc8102 100644 --- a/authentik/managed/models.py +++ b/authentik/managed/models.py @@ -1,6 +1,5 @@ """Managed Object models""" from django.db import models -from django.db.models import QuerySet from django.utils.translation import gettext_lazy as _ @@ -22,10 +21,6 @@ class ManagedModel(models.Model): unique=True, ) - def managed_objects(self) -> QuerySet: - """Get all objects which are managed""" - return self.objects.exclude(managed__isnull=True) - class Meta: abstract = True From b1214f6c3505fadf89a1512e55a9f07a0e82dfd2 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 15:50:00 +0200 Subject: [PATCH 59/60] *: add new base class for non-model serializers Signed-off-by: Jens Langhammer --- authentik/admin/api/metrics.py | 20 ++------- authentik/admin/api/tasks.py | 11 +---- authentik/admin/api/version.py | 11 +---- authentik/api/v2/config.py | 19 ++------- authentik/core/api/tokens.py | 12 ++---- authentik/core/api/users.py | 33 ++------------- authentik/core/api/utils.py | 42 +++++++------------ authentik/core/types.py | 20 ++------- authentik/crypto/api.py | 20 ++------- authentik/flows/challenge.py | 36 +++------------- .../api/outpost_service_connections.py | 17 ++++---- authentik/outposts/api/outposts.py | 20 ++------- authentik/policies/api/exec.py | 19 ++------- authentik/sources/ldap/api.py | 13 ++---- .../authenticator_validate/challenge.py | 12 ++---- authentik/stages/prompt/stage.py | 12 ++---- 16 files changed, 69 insertions(+), 248 deletions(-) diff --git a/authentik/admin/api/metrics.py b/authentik/admin/api/metrics.py index 360ce263b..d9d6b2dc4 100644 --- a/authentik/admin/api/metrics.py +++ b/authentik/admin/api/metrics.py @@ -3,7 +3,7 @@ import time from collections import Counter from datetime import timedelta -from django.db.models import Count, ExpressionWrapper, F, Model +from django.db.models import Count, ExpressionWrapper, F from django.db.models.fields import DurationField from django.db.models.functions import ExtractHour from django.utils.timezone import now @@ -12,9 +12,9 @@ from rest_framework.fields import IntegerField, SerializerMethodField from rest_framework.permissions import IsAdminUser from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import Serializer from rest_framework.viewsets import ViewSet +from authentik.core.api.utils import PassiveSerializer from authentik.events.models import Event, EventAction @@ -45,20 +45,14 @@ def get_events_per_1h(**filter_kwargs) -> list[dict[str, int]]: return results -class CoordinateSerializer(Serializer): +class CoordinateSerializer(PassiveSerializer): """Coordinates for diagrams""" x_cord = IntegerField(read_only=True) y_cord = IntegerField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - -class LoginMetricsSerializer(Serializer): +class LoginMetricsSerializer(PassiveSerializer): """Login Metrics per 1h""" logins_per_1h = SerializerMethodField() @@ -74,12 +68,6 @@ class LoginMetricsSerializer(Serializer): """Get failed logins per hour for the last 24 hours""" return get_events_per_1h(action=EventAction.LOGIN_FAILED) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class AdministrationMetricsViewSet(ViewSet): """Login Metrics per 1h""" diff --git a/authentik/admin/api/tasks.py b/authentik/admin/api/tasks.py index dfbca3140..55c9e1807 100644 --- a/authentik/admin/api/tasks.py +++ b/authentik/admin/api/tasks.py @@ -2,7 +2,6 @@ from importlib import import_module from django.contrib import messages -from django.db.models import Model from django.http.response import Http404 from django.utils.translation import gettext_lazy as _ from drf_yasg.utils import swagger_auto_schema @@ -11,13 +10,13 @@ from rest_framework.fields import CharField, ChoiceField, DateTimeField, ListFie from rest_framework.permissions import IsAdminUser from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import Serializer from rest_framework.viewsets import ViewSet +from authentik.core.api.utils import PassiveSerializer from authentik.events.monitored_tasks import TaskInfo, TaskResultStatus -class TaskSerializer(Serializer): +class TaskSerializer(PassiveSerializer): """Serialize TaskInfo and TaskResult""" task_name = CharField() @@ -30,12 +29,6 @@ class TaskSerializer(Serializer): ) messages = ListField(source="result.messages") - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class TaskViewSet(ViewSet): """Read-only view set that returns all background tasks""" diff --git a/authentik/admin/api/version.py b/authentik/admin/api/version.py index 4f0f03178..40fcbffdf 100644 --- a/authentik/admin/api/version.py +++ b/authentik/admin/api/version.py @@ -2,7 +2,6 @@ from os import environ from django.core.cache import cache -from django.db.models import Model from drf_yasg.utils import swagger_auto_schema from packaging.version import parse from rest_framework.fields import SerializerMethodField @@ -10,14 +9,14 @@ from rest_framework.mixins import ListModelMixin from rest_framework.permissions import IsAdminUser from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import Serializer from rest_framework.viewsets import GenericViewSet from authentik import ENV_GIT_HASH_KEY, __version__ from authentik.admin.tasks import VERSION_CACHE_KEY, update_latest_version +from authentik.core.api.utils import PassiveSerializer -class VersionSerializer(Serializer): +class VersionSerializer(PassiveSerializer): """Get running and latest version.""" version_current = SerializerMethodField() @@ -47,12 +46,6 @@ class VersionSerializer(Serializer): self.get_version_latest(instance) ) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class VersionViewSet(ListModelMixin, GenericViewSet): """Get running and latest version.""" diff --git a/authentik/api/v2/config.py b/authentik/api/v2/config.py index 858f7f5e2..808d0525c 100644 --- a/authentik/api/v2/config.py +++ b/authentik/api/v2/config.py @@ -1,30 +1,23 @@ """core Configs API""" -from django.db.models import Model from drf_yasg.utils import swagger_auto_schema from rest_framework.fields import BooleanField, CharField, ListField from rest_framework.permissions import AllowAny from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import Serializer from rest_framework.viewsets import ViewSet +from authentik.core.api.utils import PassiveSerializer from authentik.lib.config import CONFIG -class FooterLinkSerializer(Serializer): +class FooterLinkSerializer(PassiveSerializer): """Links returned in Config API""" href = CharField(read_only=True) name = CharField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - -class ConfigSerializer(Serializer): +class ConfigSerializer(PassiveSerializer): """Serialize authentik Config into DRF Object""" branding_logo = CharField(read_only=True) @@ -35,12 +28,6 @@ class ConfigSerializer(Serializer): error_reporting_environment = CharField(read_only=True) error_reporting_send_pii = BooleanField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class ConfigsViewSet(ViewSet): """Read-only view set that returns the current session's Configs""" diff --git a/authentik/core/api/tokens.py b/authentik/core/api/tokens.py index 127440bfd..10d94b509 100644 --- a/authentik/core/api/tokens.py +++ b/authentik/core/api/tokens.py @@ -1,15 +1,15 @@ """Tokens API Viewset""" -from django.db.models.base import Model from django.http.response import Http404 from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import CharField from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import ModelSerializer, Serializer +from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet from authentik.core.api.users import UserSerializer +from authentik.core.api.utils import PassiveSerializer from authentik.core.models import Token from authentik.events.models import Event, EventAction @@ -34,17 +34,11 @@ class TokenSerializer(ModelSerializer): depth = 2 -class TokenViewSerializer(Serializer): +class TokenViewSerializer(PassiveSerializer): """Show token's current key""" key = CharField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class TokenViewSet(ModelViewSet): """Token Viewset""" diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index ae28c6e5d..17b0c706e 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -1,5 +1,4 @@ """User API Views""" -from django.db.models.base import Model from django.urls import reverse_lazy from django.utils.http import urlencode from drf_yasg.utils import swagger_auto_schema, swagger_serializer_method @@ -8,12 +7,12 @@ from rest_framework.decorators import action from rest_framework.fields import CharField, SerializerMethodField from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import BooleanField, ModelSerializer, Serializer +from rest_framework.serializers import BooleanField, ModelSerializer from rest_framework.viewsets import ModelViewSet from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h from authentik.api.decorators import permission_required -from authentik.core.api.utils import LinkSerializer +from authentik.core.api.utils import LinkSerializer, PassiveSerializer from authentik.core.middleware import ( SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER, @@ -44,33 +43,15 @@ class UserSerializer(ModelSerializer): ] -class SessionUserSerializer(Serializer): +class SessionUserSerializer(PassiveSerializer): """Response for the /user/me endpoint, returns the currently active user (as `user` property) and, if this user is being impersonated, the original user in the `original` property.""" user = UserSerializer() original = UserSerializer(required=False) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - -class UserRecoverySerializer(Serializer): - """Recovery link for a user to reset their password""" - - link = CharField() - - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - -class UserMetricsSerializer(Serializer): +class UserMetricsSerializer(PassiveSerializer): """User Metrics""" logins_per_1h = SerializerMethodField() @@ -99,12 +80,6 @@ class UserMetricsSerializer(Serializer): action=EventAction.AUTHORIZE_APPLICATION, user__pk=request.user.pk ) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class UserViewSet(ModelViewSet): """User Viewset""" diff --git a/authentik/core/api/utils.py b/authentik/core/api/utils.py index 5b39c0cc4..390955a39 100644 --- a/authentik/core/api/utils.py +++ b/authentik/core/api/utils.py @@ -4,18 +4,22 @@ from rest_framework.fields import CharField, IntegerField from rest_framework.serializers import Serializer, SerializerMethodField -class MetaNameSerializer(Serializer): +class PassiveSerializer(Serializer): + """Base serializer class which doesn't implement create/update methods""" + + def create(self, validated_data: dict) -> Model: + return Model() + + def update(self, instance: Model, validated_data: dict) -> Model: + return Model() + + +class MetaNameSerializer(PassiveSerializer): """Add verbose names to response""" verbose_name = SerializerMethodField() verbose_name_plural = SerializerMethodField() - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - def get_verbose_name(self, obj: Model) -> str: """Return object's verbose_name""" return obj._meta.verbose_name @@ -25,39 +29,21 @@ class MetaNameSerializer(Serializer): return obj._meta.verbose_name_plural -class TypeCreateSerializer(Serializer): +class TypeCreateSerializer(PassiveSerializer): """Types of an object that can be created""" name = CharField(required=True) description = CharField(required=True) link = CharField(required=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - -class CacheSerializer(Serializer): +class CacheSerializer(PassiveSerializer): """Generic cache stats for an object""" count = IntegerField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - -class LinkSerializer(Serializer): +class LinkSerializer(PassiveSerializer): """Returns a single link""" link = CharField() - - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError diff --git a/authentik/core/types.py b/authentik/core/types.py index 07855987d..523ce0ae8 100644 --- a/authentik/core/types.py +++ b/authentik/core/types.py @@ -2,9 +2,9 @@ from dataclasses import dataclass from typing import Optional -from django.db.models.base import Model from rest_framework.fields import CharField -from rest_framework.serializers import Serializer + +from authentik.core.api.utils import PassiveSerializer @dataclass @@ -21,29 +21,17 @@ class UILoginButton: icon_url: Optional[str] = None -class UILoginButtonSerializer(Serializer): +class UILoginButtonSerializer(PassiveSerializer): """Serializer for Login buttons of sources""" name = CharField() url = CharField() icon_url = CharField(required=False) - def create(self, validated_data: dict) -> Model: - return Model() - def update(self, instance: Model, validated_data: dict) -> Model: - return Model() - - -class UserSettingSerializer(Serializer): +class UserSettingSerializer(PassiveSerializer): """Serializer for User settings for stages and sources""" object_uid = CharField() component = CharField() title = CharField() - - def create(self, validated_data: dict) -> Model: - return Model() - - def update(self, instance: Model, validated_data: dict) -> Model: - return Model() diff --git a/authentik/crypto/api.py b/authentik/crypto/api.py index 97be5a06a..daa43e672 100644 --- a/authentik/crypto/api.py +++ b/authentik/crypto/api.py @@ -2,7 +2,6 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.serialization import load_pem_private_key from cryptography.x509 import load_pem_x509_certificate -from django.db.models import Model from django.utils.translation import gettext_lazy as _ from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action @@ -14,10 +13,11 @@ from rest_framework.fields import ( ) from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import ModelSerializer, Serializer, ValidationError +from rest_framework.serializers import ModelSerializer, ValidationError from rest_framework.viewsets import ModelViewSet from authentik.api.decorators import permission_required +from authentik.core.api.utils import PassiveSerializer from authentik.crypto.builder import CertificateBuilder from authentik.crypto.models import CertificateKeyPair from authentik.events.models import Event, EventAction @@ -79,19 +79,13 @@ class CertificateKeyPairSerializer(ModelSerializer): } -class CertificateDataSerializer(Serializer): +class CertificateDataSerializer(PassiveSerializer): """Get CertificateKeyPair's data""" data = CharField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - -class CertificateGenerationSerializer(Serializer): +class CertificateGenerationSerializer(PassiveSerializer): """Certificate generation parameters""" common_name = CharField() @@ -100,12 +94,6 @@ class CertificateGenerationSerializer(Serializer): ) validity_days = IntegerField(initial=365) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class CertificateKeyPairViewSet(ModelViewSet): """CertificateKeyPair Viewset""" diff --git a/authentik/flows/challenge.py b/authentik/flows/challenge.py index 6cfffc7fe..e209b1d55 100644 --- a/authentik/flows/challenge.py +++ b/authentik/flows/challenge.py @@ -2,11 +2,11 @@ from enum import Enum from typing import TYPE_CHECKING, Optional -from django.db.models.base import Model from django.http import JsonResponse from rest_framework.fields import ChoiceField, DictField -from rest_framework.serializers import CharField, Serializer +from rest_framework.serializers import CharField +from authentik.core.api.utils import PassiveSerializer from authentik.flows.transfer.common import DataclassEncoder if TYPE_CHECKING: @@ -21,20 +21,14 @@ class ChallengeTypes(Enum): REDIRECT = "redirect" -class ErrorDetailSerializer(Serializer): +class ErrorDetailSerializer(PassiveSerializer): """Serializer for rest_framework's error messages""" string = CharField() code = CharField() - def create(self, validated_data: dict) -> Model: - return Model() - def update(self, instance: Model, validated_data: dict) -> Model: - return Model() - - -class Challenge(Serializer): +class Challenge(PassiveSerializer): """Challenge that gets sent to the client based on which stage is currently active""" @@ -49,12 +43,6 @@ class Challenge(Serializer): child=ErrorDetailSerializer(many=True), allow_empty=True, required=False ) - def create(self, validated_data: dict) -> Model: - return Model() - - def update(self, instance: Model, validated_data: dict) -> Model: - return Model() - class RedirectChallenge(Challenge): """Challenge type to redirect the client""" @@ -81,20 +69,14 @@ class AccessDeniedChallenge(Challenge): error_message = CharField(required=False) -class PermissionSerializer(Serializer): +class PermissionSerializer(PassiveSerializer): """Permission used for consent""" name = CharField() id = CharField() - def create(self, validated_data: dict) -> Model: - return Model() - def update(self, instance: Model, validated_data: dict) -> Model: - return Model() - - -class ChallengeResponse(Serializer): +class ChallengeResponse(PassiveSerializer): """Base class for all challenge responses""" stage: Optional["StageView"] @@ -103,12 +85,6 @@ class ChallengeResponse(Serializer): self.stage = kwargs.pop("stage", None) super().__init__(instance=instance, data=data, **kwargs) - def create(self, validated_data: dict) -> Model: - return Model() - - def update(self, instance: Model, validated_data: dict) -> Model: - return Model() - class HttpChallengeResponse(JsonResponse): """Subclass of JsonResponse that uses the `DataclassEncoder`""" diff --git a/authentik/outposts/api/outpost_service_connections.py b/authentik/outposts/api/outpost_service_connections.py index b638bde55..757a2798e 100644 --- a/authentik/outposts/api/outpost_service_connections.py +++ b/authentik/outposts/api/outpost_service_connections.py @@ -1,17 +1,20 @@ """Outpost API Views""" from dataclasses import asdict -from django.db.models.base import Model from django.urls import reverse from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import BooleanField, CharField, SerializerMethodField from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import ModelSerializer, Serializer +from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet -from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer +from authentik.core.api.utils import ( + MetaNameSerializer, + PassiveSerializer, + TypeCreateSerializer, +) from authentik.lib.templatetags.authentik_utils import verbose_name from authentik.lib.utils.reflection import all_subclasses from authentik.outposts.models import ( @@ -43,18 +46,12 @@ class ServiceConnectionSerializer(ModelSerializer, MetaNameSerializer): ] -class ServiceConnectionStateSerializer(Serializer): +class ServiceConnectionStateSerializer(PassiveSerializer): """Serializer for Service connection state""" healthy = BooleanField(read_only=True) version = CharField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class ServiceConnectionViewSet(ModelViewSet): """ServiceConnection Viewset""" diff --git a/authentik/outposts/api/outposts.py b/authentik/outposts/api/outposts.py index 566b1c5d7..d1589b7ac 100644 --- a/authentik/outposts/api/outposts.py +++ b/authentik/outposts/api/outposts.py @@ -1,14 +1,14 @@ """Outpost API Views""" -from django.db.models import Model from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import BooleanField, CharField, DateTimeField from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import JSONField, ModelSerializer, Serializer +from rest_framework.serializers import JSONField, ModelSerializer from rest_framework.viewsets import ModelViewSet from authentik.core.api.providers import ProviderSerializer +from authentik.core.api.utils import PassiveSerializer from authentik.outposts.models import Outpost, default_outpost_config @@ -32,19 +32,13 @@ class OutpostSerializer(ModelSerializer): ] -class OutpostDefaultConfigSerializer(Serializer): +class OutpostDefaultConfigSerializer(PassiveSerializer): """Global default outpost config""" config = JSONField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - -class OutpostHealthSerializer(Serializer): +class OutpostHealthSerializer(PassiveSerializer): """Outpost health status""" last_seen = DateTimeField(read_only=True) @@ -52,12 +46,6 @@ class OutpostHealthSerializer(Serializer): version_should = CharField(read_only=True) version_outdated = BooleanField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class OutpostViewSet(ModelViewSet): """Outpost Viewset""" diff --git a/authentik/policies/api/exec.py b/authentik/policies/api/exec.py index 9d4069179..bb987080d 100644 --- a/authentik/policies/api/exec.py +++ b/authentik/policies/api/exec.py @@ -1,33 +1,20 @@ """Serializer for policy execution""" -from django.db.models import Model from rest_framework.fields import BooleanField, CharField, JSONField, ListField from rest_framework.relations import PrimaryKeyRelatedField -from rest_framework.serializers import Serializer +from authentik.core.api.utils import PassiveSerializer from authentik.core.models import User -class PolicyTestSerializer(Serializer): +class PolicyTestSerializer(PassiveSerializer): """Test policy execution for a user with context""" user = PrimaryKeyRelatedField(queryset=User.objects.all()) context = JSONField(required=False) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - - -class PolicyTestResultSerializer(Serializer): +class PolicyTestResultSerializer(PassiveSerializer): """result of a policy test""" passing = BooleanField() messages = ListField(child=CharField(), read_only=True) - - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError diff --git a/authentik/sources/ldap/api.py b/authentik/sources/ldap/api.py index ff4f20674..01aa37d1c 100644 --- a/authentik/sources/ldap/api.py +++ b/authentik/sources/ldap/api.py @@ -3,17 +3,16 @@ from datetime import datetime from time import time from django.core.cache import cache -from django.db.models.base import Model from drf_yasg.utils import swagger_auto_schema from rest_framework.decorators import action from rest_framework.fields import DateTimeField from rest_framework.request import Request from rest_framework.response import Response -from rest_framework.serializers import ModelSerializer, Serializer +from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet from authentik.core.api.sources import SourceSerializer -from authentik.core.api.utils import MetaNameSerializer +from authentik.core.api.utils import MetaNameSerializer, PassiveSerializer from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource @@ -44,17 +43,11 @@ class LDAPSourceSerializer(SourceSerializer): extra_kwargs = {"bind_password": {"write_only": True}} -class LDAPSourceSyncStatusSerializer(Serializer): +class LDAPSourceSyncStatusSerializer(PassiveSerializer): """LDAP Sync status""" last_sync = DateTimeField(read_only=True) - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - class LDAPSourceViewSet(ModelViewSet): """LDAP Source Viewset""" diff --git a/authentik/stages/authenticator_validate/challenge.py b/authentik/stages/authenticator_validate/challenge.py index d5781125c..92771a06d 100644 --- a/authentik/stages/authenticator_validate/challenge.py +++ b/authentik/stages/authenticator_validate/challenge.py @@ -1,5 +1,4 @@ """Validation stage challenge checking""" -from django.db.models import Model from django.http import HttpRequest from django.utils.translation import gettext_lazy as _ from django_otp import match_token @@ -7,7 +6,7 @@ from django_otp.models import Device from django_otp.plugins.otp_static.models import StaticDevice from django_otp.plugins.otp_totp.models import TOTPDevice from rest_framework.fields import CharField, JSONField -from rest_framework.serializers import Serializer, ValidationError +from rest_framework.serializers import ValidationError from webauthn import WebAuthnAssertionOptions, WebAuthnAssertionResponse, WebAuthnUser from webauthn.webauthn import ( AuthenticationRejectedException, @@ -15,24 +14,19 @@ from webauthn.webauthn import ( WebAuthnUserDataMissing, ) +from authentik.core.api.utils import PassiveSerializer from authentik.core.models import User from authentik.stages.authenticator_webauthn.models import WebAuthnDevice from authentik.stages.authenticator_webauthn.utils import generate_challenge, get_origin -class DeviceChallenge(Serializer): +class DeviceChallenge(PassiveSerializer): """Single device challenge""" device_class = CharField() device_uid = CharField() challenge = JSONField() - def create(self, validated_data: dict) -> Model: - raise NotImplementedError - - def update(self, instance: Model, validated_data: dict) -> Model: - raise NotImplementedError - def get_challenge_for_device(request: HttpRequest, device: Device) -> dict: """Generate challenge for a single device""" diff --git a/authentik/stages/prompt/stage.py b/authentik/stages/prompt/stage.py index c926a20dd..15cc9e772 100644 --- a/authentik/stages/prompt/stage.py +++ b/authentik/stages/prompt/stage.py @@ -3,16 +3,16 @@ from email.policy import Policy from types import MethodType from typing import Any, Callable, Iterator -from django.db.models.base import Model from django.db.models.query import QuerySet from django.http import HttpRequest, HttpResponse from django.http.request import QueryDict from django.utils.translation import gettext_lazy as _ from guardian.shortcuts import get_anonymous_user from rest_framework.fields import BooleanField, CharField, IntegerField -from rest_framework.serializers import Serializer, ValidationError +from rest_framework.serializers import ValidationError from structlog.stdlib import get_logger +from authentik.core.api.utils import PassiveSerializer from authentik.core.models import User from authentik.flows.challenge import Challenge, ChallengeResponse, ChallengeTypes from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan @@ -26,7 +26,7 @@ LOGGER = get_logger() PLAN_CONTEXT_PROMPT = "prompt_data" -class PromptSerializer(Serializer): +class PromptSerializer(PassiveSerializer): """Serializer for a single Prompt field""" field_key = CharField() @@ -36,12 +36,6 @@ class PromptSerializer(Serializer): placeholder = CharField() order = IntegerField() - def create(self, validated_data: dict) -> Model: - return Model() - - def update(self, instance: Model, validated_data: dict) -> Model: - return Model() - class PromptChallenge(Challenge): """Initial challenge being sent, define fields""" From 80b0aef210b8a1cec7145fd177b08c99afcf9981 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 15:50:41 +0200 Subject: [PATCH 60/60] core: add new permissions for tokens to view key Signed-off-by: Jens Langhammer --- authentik/core/api/tokens.py | 2 ++ .../migrations/0018_auto_20210330_1345.py | 21 +++++++++++++++++++ authentik/core/models.py | 1 + 3 files changed, 24 insertions(+) create mode 100644 authentik/core/migrations/0018_auto_20210330_1345.py diff --git a/authentik/core/api/tokens.py b/authentik/core/api/tokens.py index 10d94b509..3a2bb4911 100644 --- a/authentik/core/api/tokens.py +++ b/authentik/core/api/tokens.py @@ -8,6 +8,7 @@ from rest_framework.response import Response from rest_framework.serializers import ModelSerializer from rest_framework.viewsets import ModelViewSet +from authentik.api.decorators import permission_required from authentik.core.api.users import UserSerializer from authentik.core.api.utils import PassiveSerializer from authentik.core.models import Token @@ -60,6 +61,7 @@ class TokenViewSet(ModelViewSet): ] ordering = ["expires"] + @permission_required("authentik_core.view_token_key") @swagger_auto_schema(responses={200: TokenViewSerializer(many=False)}) @action(detail=True) # pylint: disable=unused-argument diff --git a/authentik/core/migrations/0018_auto_20210330_1345.py b/authentik/core/migrations/0018_auto_20210330_1345.py new file mode 100644 index 000000000..6d2756f24 --- /dev/null +++ b/authentik/core/migrations/0018_auto_20210330_1345.py @@ -0,0 +1,21 @@ +# Generated by Django 3.1.7 on 2021-03-30 13:45 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_core", "0017_managed"), + ] + + operations = [ + migrations.AlterModelOptions( + name="token", + options={ + "permissions": (("view_token_key", "View token's key"),), + "verbose_name": "Token", + "verbose_name_plural": "Tokens", + }, + ), + ] diff --git a/authentik/core/models.py b/authentik/core/models.py index 1393c7bd4..838598898 100644 --- a/authentik/core/models.py +++ b/authentik/core/models.py @@ -369,6 +369,7 @@ class Token(ManagedModel, ExpiringModel): models.Index(fields=["identifier"]), models.Index(fields=["key"]), ] + permissions = (("view_token_key", "View token's key"),) class PropertyMapping(SerializerModel, ManagedModel):