stages/password: auto-enable app password backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
c4832206fa
commit
4cf76fdcda
|
|
@ -0,0 +1,26 @@
|
||||||
|
# Generated by Django 3.2.6 on 2021-08-23 14:35
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("authentik_core", "0027_bootstrap_token"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="token",
|
||||||
|
name="intent",
|
||||||
|
field=models.TextField(
|
||||||
|
choices=[
|
||||||
|
("verification", "Intent Verification"),
|
||||||
|
("api", "Intent Api"),
|
||||||
|
("recovery", "Intent Recovery"),
|
||||||
|
("app_password", "Intent App Password"),
|
||||||
|
],
|
||||||
|
default="verification",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
||||||
|
|
@ -6,7 +6,7 @@ from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
||||||
|
|
||||||
from authentik.flows.models import FlowDesignation
|
from authentik.flows.models import FlowDesignation
|
||||||
from authentik.stages.identification.models import UserFields
|
from authentik.stages.identification.models import UserFields
|
||||||
from authentik.stages.password import BACKEND_DJANGO, BACKEND_LDAP
|
from authentik.stages.password import BACKEND_APP_PASSWORD, BACKEND_DJANGO, BACKEND_LDAP
|
||||||
|
|
||||||
|
|
||||||
def create_default_authentication_flow(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
def create_default_authentication_flow(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
|
|
@ -26,7 +26,7 @@ def create_default_authentication_flow(apps: Apps, schema_editor: BaseDatabaseSc
|
||||||
|
|
||||||
password_stage, _ = PasswordStage.objects.using(db_alias).update_or_create(
|
password_stage, _ = PasswordStage.objects.using(db_alias).update_or_create(
|
||||||
name="default-authentication-password",
|
name="default-authentication-password",
|
||||||
defaults={"backends": [BACKEND_DJANGO, BACKEND_LDAP]},
|
defaults={"backends": [BACKEND_DJANGO, BACKEND_LDAP, BACKEND_APP_PASSWORD]},
|
||||||
)
|
)
|
||||||
|
|
||||||
login_stage, _ = UserLoginStage.objects.using(db_alias).update_or_create(
|
login_stage, _ = UserLoginStage.objects.using(db_alias).update_or_create(
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
"""Backend paths"""
|
"""Backend paths"""
|
||||||
BACKEND_DJANGO = "django.contrib.auth.backends.ModelBackend"
|
BACKEND_DJANGO = "django.contrib.auth.backends.ModelBackend"
|
||||||
BACKEND_LDAP = "authentik.sources.ldap.auth.LDAPBackend"
|
BACKEND_LDAP = "authentik.sources.ldap.auth.LDAPBackend"
|
||||||
BACKEND_TOKEN = "authentik.core.token_auth.TokenBackend" # nosec
|
BACKEND_APP_PASSWORD = "authentik.core.token_auth.TokenBackend" # nosec
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,52 @@
|
||||||
|
# Generated by Django 3.2.6 on 2021-08-23 14:34
|
||||||
|
import django.contrib.postgres.fields
|
||||||
|
from django.apps.registry import Apps
|
||||||
|
from django.db import migrations, models
|
||||||
|
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
||||||
|
|
||||||
|
from authentik.stages.password import BACKEND_APP_PASSWORD
|
||||||
|
|
||||||
|
|
||||||
|
def update_default_backends(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
|
PasswordStage = apps.get_model("authentik_stages_password", "passwordstage")
|
||||||
|
db_alias = schema_editor.connection.alias
|
||||||
|
|
||||||
|
stages = PasswordStage.objects.using(db_alias).filter(name="default-authentication-password")
|
||||||
|
if not stages.exists():
|
||||||
|
return
|
||||||
|
stage = stages.first()
|
||||||
|
stage.backends.append(BACKEND_APP_PASSWORD)
|
||||||
|
stage.save()
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("authentik_flows", "0008_default_flows"),
|
||||||
|
("authentik_stages_password", "0006_passwordchange_rename"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="passwordstage",
|
||||||
|
name="backends",
|
||||||
|
field=django.contrib.postgres.fields.ArrayField(
|
||||||
|
base_field=models.TextField(
|
||||||
|
choices=[
|
||||||
|
(
|
||||||
|
"django.contrib.auth.backends.ModelBackend",
|
||||||
|
"User database + standard password",
|
||||||
|
),
|
||||||
|
("authentik.core.token_auth.TokenBackend", "User database + app passwords"),
|
||||||
|
(
|
||||||
|
"authentik.sources.ldap.auth.LDAPBackend",
|
||||||
|
"User database + LDAP password",
|
||||||
|
),
|
||||||
|
]
|
||||||
|
),
|
||||||
|
help_text="Selection of backends to test the password against.",
|
||||||
|
size=None,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
migrations.RunPython(update_default_backends),
|
||||||
|
]
|
||||||
|
|
@ -9,7 +9,7 @@ from rest_framework.serializers import BaseSerializer
|
||||||
|
|
||||||
from authentik.core.types import UserSettingSerializer
|
from authentik.core.types import UserSettingSerializer
|
||||||
from authentik.flows.models import ConfigurableStage, Stage
|
from authentik.flows.models import ConfigurableStage, Stage
|
||||||
from authentik.stages.password import BACKEND_DJANGO, BACKEND_LDAP, BACKEND_TOKEN
|
from authentik.stages.password import BACKEND_APP_PASSWORD, BACKEND_DJANGO, BACKEND_LDAP
|
||||||
|
|
||||||
|
|
||||||
def get_authentication_backends():
|
def get_authentication_backends():
|
||||||
|
|
@ -20,7 +20,7 @@ def get_authentication_backends():
|
||||||
_("User database + standard password"),
|
_("User database + standard password"),
|
||||||
),
|
),
|
||||||
(
|
(
|
||||||
BACKEND_TOKEN,
|
BACKEND_APP_PASSWORD,
|
||||||
_("User database + app passwords"),
|
_("User database + app passwords"),
|
||||||
),
|
),
|
||||||
(
|
(
|
||||||
|
|
|
||||||
Reference in New Issue