From 03cf8799c42545dd92d23de23e1813fdcfed9d3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Mar 2021 09:10:44 +0200 Subject: [PATCH 1/7] build(deps): bump boto3 from 1.17.39 to 1.17.40 (#675) --- Pipfile.lock | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index bbd7832f1..63c7e3e23 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -116,18 +116,17 @@ }, "boto3": { "hashes": [ - "sha256:6ec718f5a75724f6117a47944a3b2dd79aef02ed75b356060cede74fb91e2616", - "sha256:b5814ff73b5b8fc8601c1b73b70675807f9ce64713562e183a08415a2516eed4" + "sha256:ee999b46b2c630e50e7b052d6dfe224203a348d83b00e168ca50009af0f276c1" ], "index": "pypi", - "version": "==1.17.39" + "version": "==1.17.40" }, "botocore": { "hashes": [ - "sha256:28506d23ffa9abf5666c2c909c7edc83a1112cd44fe74eb1a4960df561531e98", - "sha256:54587d3c9d0d98ac579681245ea36f547cd5048e2bb9212e5e7166a963bcb562" + "sha256:6a35a9977cdbd7a839d948dd5f9e3d260c19b7dde74e0a844c97206884d3bba0", + "sha256:f2b68119050211139f21278166c9023d9251da84b500a4ccede4a4545d6a9514" ], - "version": "==1.20.39" + "version": "==1.20.40" }, "cachetools": { "hashes": [ @@ -1062,10 +1061,10 @@ }, "ruamel.yaml": { "hashes": [ - "sha256:3572505e63dd35b5dea62cd0386d03c4f2a53da29a3af09f428114cc85c564aa", - "sha256:3a41b30235cc6ff7baee0321ffa99e7f94bbc7c7e0f2cac1d75b6b24fc24f202" + "sha256:0850def9ebca23b3a8c64c4b4115ebb6b364a10d49f89d289a26ee965e1e7d9d", + "sha256:8f1e15421668b9edf30ed02899f5f81aff9808a4271935776f61a99a569a13da" ], - "version": "==0.17.0" + "version": "==0.17.2" }, "ruamel.yaml.clib": { "hashes": [ From 01ae3334ee76899a9bf452b2cbabd12ca90734fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Mar 2021 09:10:55 +0200 Subject: [PATCH 2/7] build(deps): bump rollup from 2.43.1 to 2.44.0 in /web (#673) --- web/package-lock.json | 6 +++--- web/package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index ca7c6128d..14b690c50 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -2898,9 +2898,9 @@ } }, "rollup": { - "version": "2.43.1", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.43.1.tgz", - "integrity": "sha512-kvRE6VJbiv4d8m2nGeccc3qRpzOMghAhu2KeITjyZVCjneIFLPQ3zm2Wmqnl0LcUg3FvDaV0MfKnG4NCMbiSfw==", + "version": "2.44.0", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.44.0.tgz", + "integrity": "sha512-rGSF4pLwvuaH/x4nAS+zP6UNn5YUDWf/TeEU5IoXSZKBbKRNTCI3qMnYXKZgrC0D2KzS2baiOZt1OlqhMu5rnQ==", "requires": { "fsevents": "~2.3.1" } diff --git a/web/package.json b/web/package.json index 1181a4689..bfc99187c 100644 --- a/web/package.json +++ b/web/package.json @@ -26,7 +26,7 @@ "lit-element": "^2.4.0", "lit-html": "^1.3.0", "rapidoc": "^8.4.9", - "rollup": "^2.43.1", + "rollup": "^2.44.0", "rollup-plugin-copy": "^3.4.0", "rollup-plugin-cssimport": "^1.0.2", "rollup-plugin-external-globals": "^0.6.1", From 120332924bcb89ef87a0772d8e1b04efd5a336bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Mar 2021 09:11:07 +0200 Subject: [PATCH 3/7] build(deps-dev): bump @typescript-eslint/parser in /web (#671) --- web/package-lock.json | 69 +++++++++++++++++++++++++++++++++++++++---- web/package.json | 2 +- 2 files changed, 64 insertions(+), 7 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 14b690c50..1f7c60145 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -422,15 +422,72 @@ } }, "@typescript-eslint/parser": { - "version": "4.19.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.19.0.tgz", - "integrity": "sha512-/uabZjo2ZZhm66rdAu21HA8nQebl3lAIDcybUoOxoI7VbZBYavLIwtOOmykKCJy+Xq6Vw6ugkiwn8Js7D6wieA==", + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.20.0.tgz", + "integrity": "sha512-m6vDtgL9EABdjMtKVw5rr6DdeMCH3OA1vFb0dAyuZSa3e5yw1YRzlwFnm9knma9Lz6b2GPvoNSa8vOXrqsaglA==", "dev": true, "requires": { - "@typescript-eslint/scope-manager": "4.19.0", - "@typescript-eslint/types": "4.19.0", - "@typescript-eslint/typescript-estree": "4.19.0", + "@typescript-eslint/scope-manager": "4.20.0", + "@typescript-eslint/types": "4.20.0", + "@typescript-eslint/typescript-estree": "4.20.0", "debug": "^4.1.1" + }, + "dependencies": { + "@typescript-eslint/scope-manager": { + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.20.0.tgz", + "integrity": "sha512-/zm6WR6iclD5HhGpcwl/GOYDTzrTHmvf8LLLkwKqqPKG6+KZt/CfSgPCiybshmck66M2L5fWSF/MKNuCwtKQSQ==", + "dev": true, + "requires": { + "@typescript-eslint/types": "4.20.0", + "@typescript-eslint/visitor-keys": "4.20.0" + } + }, + "@typescript-eslint/types": { + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.20.0.tgz", + "integrity": "sha512-cYY+1PIjei1nk49JAPnH1VEnu7OYdWRdJhYI5wiKOUMhLTG1qsx5cQxCUTuwWCmQoyriadz3Ni8HZmGSofeC+w==", + "dev": true + }, + "@typescript-eslint/typescript-estree": { + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.20.0.tgz", + "integrity": "sha512-Knpp0reOd4ZsyoEJdW8i/sK3mtZ47Ls7ZHvD8WVABNx5Xnn7KhenMTRGegoyMTx6TiXlOVgMz9r0pDgXTEEIHA==", + "dev": true, + "requires": { + "@typescript-eslint/types": "4.20.0", + "@typescript-eslint/visitor-keys": "4.20.0", + "debug": "^4.1.1", + "globby": "^11.0.1", + "is-glob": "^4.0.1", + "semver": "^7.3.2", + "tsutils": "^3.17.1" + } + }, + "@typescript-eslint/visitor-keys": { + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.20.0.tgz", + "integrity": "sha512-NXKRM3oOVQL8yNFDNCZuieRIwZ5UtjNLYtmMx2PacEAGmbaEYtGgVHUHVyZvU/0rYZcizdrWjDo+WBtRPSgq+A==", + "dev": true, + "requires": { + "@typescript-eslint/types": "4.20.0", + "eslint-visitor-keys": "^2.0.0" + } + }, + "globby": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.0.3.tgz", + "integrity": "sha512-ffdmosjA807y7+lA1NM0jELARVmYul/715xiILEjo3hBLPTcirgQNnXECn5g3mtR8TOLCVbkfua1Hpen25/Xcg==", + "dev": true, + "requires": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.1.1", + "ignore": "^5.1.4", + "merge2": "^1.3.0", + "slash": "^3.0.0" + } + } } }, "@typescript-eslint/scope-manager": { diff --git a/web/package.json b/web/package.json index bfc99187c..8c4c0e6f3 100644 --- a/web/package.json +++ b/web/package.json @@ -36,7 +36,7 @@ "devDependencies": { "@rollup/plugin-typescript": "^8.2.1", "@typescript-eslint/eslint-plugin": "^4.19.0", - "@typescript-eslint/parser": "^4.19.0", + "@typescript-eslint/parser": "^4.20.0", "eslint": "^7.23.0", "eslint-config-google": "^0.14.0", "eslint-plugin-lit": "^1.3.0", From 59e18111871b050ce12c60f998cc22dd0d8c468f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Mar 2021 09:21:04 +0200 Subject: [PATCH 4/7] build(deps-dev): bump @typescript-eslint/eslint-plugin in /web (#672) Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.19.0 to 4.20.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.20.0/packages/eslint-plugin) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 56 +++++++++++++++++++++---------------------- web/package.json | 2 +- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 1f7c60145..6fd348d3c 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -392,13 +392,13 @@ } }, "@typescript-eslint/eslint-plugin": { - "version": "4.19.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.19.0.tgz", - "integrity": "sha512-CRQNQ0mC2Pa7VLwKFbrGVTArfdVDdefS+gTw0oC98vSI98IX5A8EVH4BzJ2FOB0YlCmm8Im36Elad/Jgtvveaw==", + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.20.0.tgz", + "integrity": "sha512-sw+3HO5aehYqn5w177z2D82ZQlqHCwcKSMboueo7oE4KU9QiC0SAgfS/D4z9xXvpTc8Bt41Raa9fBR8T2tIhoQ==", "dev": true, "requires": { - "@typescript-eslint/experimental-utils": "4.19.0", - "@typescript-eslint/scope-manager": "4.19.0", + "@typescript-eslint/experimental-utils": "4.20.0", + "@typescript-eslint/scope-manager": "4.20.0", "debug": "^4.1.1", "functional-red-black-tree": "^1.0.1", "lodash": "^4.17.15", @@ -408,15 +408,15 @@ } }, "@typescript-eslint/experimental-utils": { - "version": "4.19.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.19.0.tgz", - "integrity": "sha512-9/23F1nnyzbHKuoTqFN1iXwN3bvOm/PRIXSBR3qFAYotK/0LveEOHr5JT1WZSzcD6BESl8kPOG3OoDRKO84bHA==", + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.20.0.tgz", + "integrity": "sha512-sQNlf6rjLq2yB5lELl3gOE7OuoA/6IVXJUJ+Vs7emrQMva14CkOwyQwD7CW+TkmOJ4Q/YGmoDLmbfFrpGmbKng==", "dev": true, "requires": { "@types/json-schema": "^7.0.3", - "@typescript-eslint/scope-manager": "4.19.0", - "@typescript-eslint/types": "4.19.0", - "@typescript-eslint/typescript-estree": "4.19.0", + "@typescript-eslint/scope-manager": "4.20.0", + "@typescript-eslint/types": "4.20.0", + "@typescript-eslint/typescript-estree": "4.20.0", "eslint-scope": "^5.0.0", "eslint-utils": "^2.0.0" } @@ -491,29 +491,29 @@ } }, "@typescript-eslint/scope-manager": { - "version": "4.19.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.19.0.tgz", - "integrity": "sha512-GGy4Ba/hLXwJXygkXqMzduqOMc+Na6LrJTZXJWVhRrSuZeXmu8TAnniQVKgj8uTRKe4igO2ysYzH+Np879G75g==", + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.20.0.tgz", + "integrity": "sha512-/zm6WR6iclD5HhGpcwl/GOYDTzrTHmvf8LLLkwKqqPKG6+KZt/CfSgPCiybshmck66M2L5fWSF/MKNuCwtKQSQ==", "dev": true, "requires": { - "@typescript-eslint/types": "4.19.0", - "@typescript-eslint/visitor-keys": "4.19.0" + "@typescript-eslint/types": "4.20.0", + "@typescript-eslint/visitor-keys": "4.20.0" } }, "@typescript-eslint/types": { - "version": "4.19.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.19.0.tgz", - "integrity": "sha512-A4iAlexVvd4IBsSTNxdvdepW0D4uR/fwxDrKUa+iEY9UWvGREu2ZyB8ylTENM1SH8F7bVC9ac9+si3LWNxcBuA==", + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.20.0.tgz", + "integrity": "sha512-cYY+1PIjei1nk49JAPnH1VEnu7OYdWRdJhYI5wiKOUMhLTG1qsx5cQxCUTuwWCmQoyriadz3Ni8HZmGSofeC+w==", "dev": true }, "@typescript-eslint/typescript-estree": { - "version": "4.19.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.19.0.tgz", - "integrity": "sha512-3xqArJ/A62smaQYRv2ZFyTA+XxGGWmlDYrsfZG68zJeNbeqRScnhf81rUVa6QG4UgzHnXw5VnMT5cg75dQGDkA==", + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.20.0.tgz", + "integrity": "sha512-Knpp0reOd4ZsyoEJdW8i/sK3mtZ47Ls7ZHvD8WVABNx5Xnn7KhenMTRGegoyMTx6TiXlOVgMz9r0pDgXTEEIHA==", "dev": true, "requires": { - "@typescript-eslint/types": "4.19.0", - "@typescript-eslint/visitor-keys": "4.19.0", + "@typescript-eslint/types": "4.20.0", + "@typescript-eslint/visitor-keys": "4.20.0", "debug": "^4.1.1", "globby": "^11.0.1", "is-glob": "^4.0.1", @@ -538,12 +538,12 @@ } }, "@typescript-eslint/visitor-keys": { - "version": "4.19.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.19.0.tgz", - "integrity": "sha512-aGPS6kz//j7XLSlgpzU2SeTqHPsmRYxFztj2vPuMMFJXZudpRSehE3WCV+BaxwZFvfAqMoSd86TEuM0PQ59E/A==", + "version": "4.20.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.20.0.tgz", + "integrity": "sha512-NXKRM3oOVQL8yNFDNCZuieRIwZ5UtjNLYtmMx2PacEAGmbaEYtGgVHUHVyZvU/0rYZcizdrWjDo+WBtRPSgq+A==", "dev": true, "requires": { - "@typescript-eslint/types": "4.19.0", + "@typescript-eslint/types": "4.20.0", "eslint-visitor-keys": "^2.0.0" } }, diff --git a/web/package.json b/web/package.json index 8c4c0e6f3..9ae0e449c 100644 --- a/web/package.json +++ b/web/package.json @@ -35,7 +35,7 @@ }, "devDependencies": { "@rollup/plugin-typescript": "^8.2.1", - "@typescript-eslint/eslint-plugin": "^4.19.0", + "@typescript-eslint/eslint-plugin": "^4.20.0", "@typescript-eslint/parser": "^4.20.0", "eslint": "^7.23.0", "eslint-config-google": "^0.14.0", From 7e85524e51cc5cb80ffff167d03378979effc238 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 29 Mar 2021 15:36:35 +0200 Subject: [PATCH 5/7] *: simplify API permissions checking, add API for user recovery Signed-off-by: Jens Langhammer --- authentik/api/decorators.py | 28 ++++++++++++++ authentik/core/api/applications.py | 15 +++----- authentik/core/api/users.py | 38 ++++++++++++++++++- authentik/events/api/event.py | 4 +- .../events/api/notification_transport.py | 9 ++--- authentik/flows/api/flows.py | 19 ++++------ .../migrations/0017_auto_20210329_1334.py | 25 ++++++++++++ authentik/flows/models.py | 2 + authentik/policies/api.py | 3 ++ .../migrations/0006_auto_20210329_1334.py | 25 ++++++++++++ authentik/policies/models.py | 5 +++ swagger.yaml | 28 ++++++++++++++ 12 files changed, 173 insertions(+), 28 deletions(-) create mode 100644 authentik/api/decorators.py create mode 100644 authentik/flows/migrations/0017_auto_20210329_1334.py create mode 100644 authentik/policies/migrations/0006_auto_20210329_1334.py diff --git a/authentik/api/decorators.py b/authentik/api/decorators.py new file mode 100644 index 000000000..fd89c01dc --- /dev/null +++ b/authentik/api/decorators.py @@ -0,0 +1,28 @@ +"""API Decorators""" +from functools import wraps +from typing import Callable + +from rest_framework.request import Request +from rest_framework.response import Response +from rest_framework.viewsets import ModelViewSet + + +def permission_required(perm: str, *other_perms: str): + """Check permissions for a single custom action""" + + def wrapper_outter(func: Callable): + """Check permissions for a single custom action""" + + @wraps(func) + def wrapper(self: ModelViewSet, request: Request, *args, **kwargs) -> Response: + obj = self.get_object() + if not request.user.has_perm(perm, obj): + return self.permission_denied(request) + for other_perm in other_perms: + if not request.user.has_perm(other_perm): + return self.permission_denied(request) + return func(self, request, *args, **kwargs) + + return wrapper + + return wrapper_outter diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py index eae9fc986..66076fe6c 100644 --- a/authentik/core/api/applications.py +++ b/authentik/core/api/applications.py @@ -1,12 +1,9 @@ """Application API Views""" from django.core.cache import cache from django.db.models import QuerySet -from django.http.response import Http404 from drf_yasg2.utils import swagger_auto_schema -from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action from rest_framework.fields import SerializerMethodField -from rest_framework.generics import get_object_or_404 from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ModelSerializer @@ -15,6 +12,7 @@ from rest_framework_guardian.filters import ObjectPermissionsFilter from structlog.stdlib import get_logger from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h +from authentik.api.decorators import permission_required from authentik.core.api.providers import ProviderSerializer from authentik.core.models import Application from authentik.events.models import EventAction @@ -110,16 +108,15 @@ class ApplicationViewSet(ModelViewSet): serializer = self.get_serializer(allowed_applications, many=True) return self.get_paginated_response(serializer.data) + @permission_required( + "authentik_core.view_application", "authentik_events.view_event" + ) @swagger_auto_schema(responses={200: CoordinateSerializer(many=True)}) @action(detail=True) + # pylint: disable=unused-argument def metrics(self, request: Request, slug: str): """Metrics for application logins""" - app = get_object_or_404( - get_objects_for_user(request.user, "authentik_core.view_application"), - slug=slug, - ) - if not request.user.has_perm("authentik_events.view_event"): - raise Http404 + app = self.get_object() return Response( get_events_per_1h( action=EventAction.AUTHORIZE_APPLICATION, diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index c8c04082c..2c9e0adcd 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -1,5 +1,7 @@ """User API Views""" from django.db.models.base import Model +from django.urls import reverse_lazy +from django.utils.http import urlencode from drf_yasg2.utils import swagger_auto_schema, swagger_serializer_method from guardian.utils import get_anonymous_user from rest_framework.decorators import action @@ -10,11 +12,12 @@ from rest_framework.serializers import BooleanField, ModelSerializer, Serializer from rest_framework.viewsets import ModelViewSet from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h +from authentik.api.decorators import permission_required from authentik.core.middleware import ( SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER, ) -from authentik.core.models import User +from authentik.core.models import Token, TokenIntents, User from authentik.events.models import EventAction @@ -54,6 +57,18 @@ class SessionUserSerializer(Serializer): raise NotImplementedError +class UserRecoverySerializer(Serializer): + """Recovery link for a user to reset their password""" + + link = CharField() + + def create(self, validated_data: dict) -> Model: + raise NotImplementedError + + def update(self, instance: Model, validated_data: dict) -> Model: + raise NotImplementedError + + class UserMetricsSerializer(Serializer): """User Metrics""" @@ -116,6 +131,7 @@ class UserViewSet(ModelViewSet): serializer.is_valid() return Response(serializer.data) + @permission_required("authentik_core.view_user", "authentik_events.view_event") @swagger_auto_schema(responses={200: UserMetricsSerializer(many=False)}) @action(detail=False) def metrics(self, request: Request) -> Response: @@ -123,3 +139,23 @@ class UserViewSet(ModelViewSet): serializer = UserMetricsSerializer(True) serializer.context["request"] = request return Response(serializer.data) + + @permission_required("authentik_core.reset_user_password") + @swagger_auto_schema( + responses={"200": UserRecoverySerializer(many=False)}, + ) + @action(detail=True) + # pylint: disable=invalid-name, unused-argument + def recovery(self, request: Request, pk: int) -> Response: + """Create a temporary link that a user can use to recover their accounts""" + user: User = self.get_object() + token, __ = Token.objects.get_or_create( + identifier=f"{user.uid}-password-reset", + user=user, + intent=TokenIntents.INTENT_RECOVERY, + ) + querystring = urlencode({"token": token.key}) + link = request.build_absolute_uri( + reverse_lazy("authentik_flows:default-recovery") + f"?{querystring}" + ) + return Response({"link": link}) diff --git a/authentik/events/api/event.py b/authentik/events/api/event.py index 75cfbeae9..3eb7230bc 100644 --- a/authentik/events/api/event.py +++ b/authentik/events/api/event.py @@ -3,6 +3,7 @@ import django_filters from django.db.models.aggregates import Count from django.db.models.fields.json import KeyTextTransform from drf_yasg2.utils import swagger_auto_schema +from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action from rest_framework.fields import CharField, DictField, IntegerField from rest_framework.request import Request @@ -132,7 +133,8 @@ class EventViewSet(ReadOnlyModelViewSet): filtered_action = request.query_params.get("action", EventAction.LOGIN) top_n = request.query_params.get("top_n", 15) return Response( - Event.objects.filter(action=filtered_action) + get_objects_for_user(request.user, "authentik_events.view_event") + .filter(action=filtered_action) .exclude(context__authorized_application=None) .annotate(application=KeyTextTransform("authorized_application", "context")) .annotate(user_pk=KeyTextTransform("pk", "user")) diff --git a/authentik/events/api/notification_transport.py b/authentik/events/api/notification_transport.py index e951f2a9f..b36b2dd71 100644 --- a/authentik/events/api/notification_transport.py +++ b/authentik/events/api/notification_transport.py @@ -1,7 +1,6 @@ """NotificationTransport API Views""" from django.http.response import Http404 from drf_yasg2.utils import no_body, swagger_auto_schema -from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action from rest_framework.fields import CharField, ListField, SerializerMethodField from rest_framework.request import Request @@ -9,6 +8,7 @@ from rest_framework.response import Response from rest_framework.serializers import ModelSerializer, Serializer from rest_framework.viewsets import ModelViewSet +from authentik.api.decorators import permission_required from authentik.events.models import ( Notification, NotificationSeverity, @@ -57,18 +57,17 @@ class NotificationTransportViewSet(ModelViewSet): queryset = NotificationTransport.objects.all() serializer_class = NotificationTransportSerializer + @permission_required("authentik_events.change_notificationtransport") @swagger_auto_schema( responses={200: NotificationTransportTestSerializer(many=False)}, request_body=no_body, ) @action(detail=True, methods=["post"]) - # pylint: disable=invalid-name + # pylint: disable=invalid-name, unused-argument def test(self, request: Request, pk=None) -> Response: """Send example notification using selected transport. Requires Modify permissions.""" - transports = get_objects_for_user( - request.user, "authentik_events.change_notificationtransport" - ).filter(pk=pk) + transports = self.get_object() if not transports.exists(): raise Http404 transport: NotificationTransport = transports.first() diff --git a/authentik/flows/api/flows.py b/authentik/flows/api/flows.py index a87aff0b3..c2a886e4c 100644 --- a/authentik/flows/api/flows.py +++ b/authentik/flows/api/flows.py @@ -3,13 +3,11 @@ from dataclasses import dataclass from django.core.cache import cache from django.db.models import Model -from django.http.response import HttpResponseBadRequest, JsonResponse -from django.shortcuts import get_object_or_404 +from django.http.response import JsonResponse from drf_yasg2 import openapi from drf_yasg2.utils import no_body, swagger_auto_schema from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action -from rest_framework.exceptions import PermissionDenied from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ( @@ -21,6 +19,7 @@ from rest_framework.serializers import ( from rest_framework.viewsets import ModelViewSet from structlog.stdlib import get_logger +from authentik.api.decorators import permission_required from authentik.core.api.utils import CacheSerializer from authentik.flows.models import Flow from authentik.flows.planner import cache_key @@ -89,12 +88,14 @@ class FlowViewSet(ModelViewSet): search_fields = ["name", "slug", "designation", "title"] filterset_fields = ["flow_uuid", "name", "slug", "designation"] + @permission_required("authentik_flows.view_flow_cache") @swagger_auto_schema(responses={200: CacheSerializer(many=False)}) @action(detail=False) def cache_info(self, request: Request) -> Response: """Info about cached flows""" return Response(data={"count": len(cache.keys("flow_*"))}) + @permission_required("authentik_flows.clear_flow_cache") @swagger_auto_schema( request_body=no_body, responses={204: "Successfully cleared cache", 400: "Bad request"}, @@ -102,13 +103,12 @@ class FlowViewSet(ModelViewSet): @action(detail=False, methods=["POST"]) def cache_clear(self, request: Request) -> Response: """Clear flow cache""" - if not request.user.is_superuser: - return HttpResponseBadRequest() keys = cache.keys("flow_*") cache.delete_many(keys) LOGGER.debug("Cleared flow cache", keys=len(keys)) return Response(status=204) + @permission_required("authentik_flows.export_flow") @swagger_auto_schema( responses={ "200": openapi.Response( @@ -121,8 +121,6 @@ class FlowViewSet(ModelViewSet): def export(self, request: Request, slug: str) -> Response: """Export flow to .akflow file""" flow = self.get_object() - if not request.user.has_perm("authentik_flows.export_flow", flow): - raise PermissionDenied() exporter = FlowExporter(flow) response = JsonResponse(exporter.export(), encoder=DataclassEncoder, safe=False) response["Content-Disposition"] = f'attachment; filename="{flow.slug}.akflow"' @@ -130,13 +128,10 @@ class FlowViewSet(ModelViewSet): @swagger_auto_schema(responses={200: FlowDiagramSerializer()}) @action(detail=True, methods=["get"]) + # pylint: disable=unused-argument def diagram(self, request: Request, slug: str) -> Response: """Return diagram for flow with slug `slug`, in the format used by flowchart.js""" - flow = get_object_or_404( - get_objects_for_user(request.user, "authentik_flows.view_flow").filter( - slug=slug - ) - ) + flow = self.get_object() header = [ DiagramElement("st", "start", "Start"), ] diff --git a/authentik/flows/migrations/0017_auto_20210329_1334.py b/authentik/flows/migrations/0017_auto_20210329_1334.py new file mode 100644 index 000000000..bcaf18eef --- /dev/null +++ b/authentik/flows/migrations/0017_auto_20210329_1334.py @@ -0,0 +1,25 @@ +# Generated by Django 3.1.7 on 2021-03-29 13:34 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_flows", "0016_auto_20201202_1307"), + ] + + operations = [ + migrations.AlterModelOptions( + name="flow", + options={ + "permissions": [ + ("export_flow", "Can export a Flow"), + ("view_flow_cache", "View Flow's cache metrics"), + ("clear_flow_cache", "Clear Flow's cache metrics"), + ], + "verbose_name": "Flow", + "verbose_name_plural": "Flows", + }, + ), + ] diff --git a/authentik/flows/models.py b/authentik/flows/models.py index 136882acd..3db3db439 100644 --- a/authentik/flows/models.py +++ b/authentik/flows/models.py @@ -158,6 +158,8 @@ class Flow(SerializerModel, PolicyBindingModel): permissions = [ ("export_flow", "Can export a Flow"), + ("view_flow_cache", "View Flow's cache metrics"), + ("clear_flow_cache", "Clear Flow's cache metrics"), ] diff --git a/authentik/policies/api.py b/authentik/policies/api.py index 42ce8bc9f..c59cacfed 100644 --- a/authentik/policies/api.py +++ b/authentik/policies/api.py @@ -16,6 +16,7 @@ from rest_framework.serializers import ( from rest_framework.viewsets import GenericViewSet, ModelViewSet from structlog.stdlib import get_logger +from authentik.api.decorators import permission_required from authentik.core.api.applications import user_app_cache_key from authentik.core.api.utils import ( CacheSerializer, @@ -142,12 +143,14 @@ class PolicyViewSet( ) return Response(TypeCreateSerializer(data, many=True).data) + @permission_required("authentik_policies.view_policy_cache") @swagger_auto_schema(responses={200: CacheSerializer(many=False)}) @action(detail=False) def cache_info(self, request: Request) -> Response: """Info about cached policies""" return Response(data={"count": len(cache.keys("policy_*"))}) + @permission_required("authentik_policies.clear_policy_cache") @swagger_auto_schema( request_body=no_body, responses={204: "Successfully cleared cache", 400: "Bad request"}, diff --git a/authentik/policies/migrations/0006_auto_20210329_1334.py b/authentik/policies/migrations/0006_auto_20210329_1334.py new file mode 100644 index 000000000..e35b550a0 --- /dev/null +++ b/authentik/policies/migrations/0006_auto_20210329_1334.py @@ -0,0 +1,25 @@ +# Generated by Django 3.1.7 on 2021-03-29 13:34 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_policies", "0005_binding_group"), + ] + + operations = [ + migrations.AlterModelOptions( + name="policy", + options={ + "base_manager_name": "objects", + "permissions": [ + ("view_policy_cache", "View Policy's cache metrics"), + ("clear_policy_cache", "Clear Policy's cache metrics"), + ], + "verbose_name": "Policy", + "verbose_name_plural": "Policies", + }, + ), + ] diff --git a/authentik/policies/models.py b/authentik/policies/models.py index 9ad95422a..7e34131c3 100644 --- a/authentik/policies/models.py +++ b/authentik/policies/models.py @@ -149,3 +149,8 @@ class Policy(SerializerModel, CreatedUpdatedModel): verbose_name = _("Policy") verbose_name_plural = _("Policies") + + permissions = [ + ("view_policy_cache", "View Policy's cache metrics"), + ("clear_policy_cache", "Clear Policy's cache metrics"), + ] diff --git a/swagger.yaml b/swagger.yaml index da9fcb68f..27d16815e 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -1726,6 +1726,24 @@ paths: description: A unique integer value identifying this User. required: true type: integer + /core/users/{id}/recovery/: + get: + operationId: core_users_recovery + description: Create a temporary link that a user can use to recover their accounts + parameters: [] + responses: + '200': + description: Recovery link for a user to reset their password + schema: + $ref: '#/definitions/UserRecovery' + tags: + - core + parameters: + - name: id + in: path + description: A unique integer value identifying this User. + required: true + type: integer /crypto/certificatekeypairs/: get: operationId: crypto_certificatekeypairs_list @@ -11120,6 +11138,16 @@ definitions: items: $ref: '#/definitions/Coordinate' readOnly: true + UserRecovery: + description: Recovery link for a user to reset their password + required: + - link + type: object + properties: + link: + title: Link + type: string + minLength: 1 CertificateKeyPair: description: CertificateKeyPair Serializer required: From 59f5846d1a6dd4a02d943f12d5bb2ffcbc36d7ea Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 09:54:10 +0200 Subject: [PATCH 6/7] root: replace bumpversion with bump2version Signed-off-by: Jens Langhammer --- Pipfile | 2 +- Pipfile.lock | 118 ++++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 98 insertions(+), 22 deletions(-) diff --git a/Pipfile b/Pipfile index ca0f17763..9784a5652 100644 --- a/Pipfile +++ b/Pipfile @@ -51,7 +51,7 @@ python_version = "3.9" [dev-packages] bandit = "*" black = "==20.8b1" -bumpversion = "*" +bump2version = "*" colorama = "*" coverage = "*" pylint = "*" diff --git a/Pipfile.lock b/Pipfile.lock index 63c7e3e23..860f0977b 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "68769bb637149051a61453da2443f9b5d275a68a34bdb6e50cde2d899dd4c127" + "sha256": "5fce5772178e4bc782d7112fab658f5bbb21abb77bb93fc3c0a66e9db3a23a37" }, "pipfile-spec": 6, "requires": { @@ -56,6 +56,7 @@ "sha256:f881853d2643a29e643609da57b96d5f9c9b93f62429dcc1cbb413c7d07f0e1a", "sha256:fe60131d21b31fd1a14bd43e6bb88256f69dfc3188b3a89d736d6c71ed43ec95" ], + "markers": "python_version >= '3.6'", "version": "==3.7.4.post0" }, "aioredis": { @@ -70,6 +71,7 @@ "sha256:1e759a7f202d910939de6eca45c23a107f6b71111f41d1282c648e9ac3d21901", "sha256:affdd263d8b8eb3c98170b78bf83867cdb6a14901d586e00ddb65bfe2f0c4e60" ], + "markers": "python_version >= '3.6'", "version": "==5.0.5" }, "asgiref": { @@ -77,6 +79,7 @@ "sha256:5ee950735509d04eb673bd7f7120f8fa1c9e2df495394992c73234d526907e17", "sha256:7162a3cb30ab0609f1a4c95938fd73e8604f63bdba516a7f7d64b83ff09478f0" ], + "markers": "python_version >= '3.5'", "version": "==3.3.1" }, "async-timeout": { @@ -84,6 +87,7 @@ "sha256:0c3c816a028d47f659d6ff5c745cb2acf1f966da1fe5c19c77a70282b25f4c5f", "sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3" ], + "markers": "python_full_version >= '3.5.3'", "version": "==3.0.1" }, "attrs": { @@ -91,6 +95,7 @@ "sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6", "sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==20.3.0" }, "autobahn": { @@ -98,6 +103,7 @@ "sha256:9195df8af03b0ff29ccd4b7f5abbde957ee90273465942205f9a1bad6c3f07ac", "sha256:e126c1f583e872fb59e79d36977cfa1f2d0a8a79f90ae31f406faae7664b8e03" ], + "markers": "python_version >= '3.7'", "version": "==21.3.1" }, "automat": { @@ -116,7 +122,8 @@ }, "boto3": { "hashes": [ - "sha256:ee999b46b2c630e50e7b052d6dfe224203a348d83b00e168ca50009af0f276c1" + "sha256:ee999b46b2c630e50e7b052d6dfe224203a348d83b00e168ca50009af0f276c1", + "sha256:54380395ba52502a9877cd0c4c9c9834341ce74c96c9f1ecc6fd77bade1b201a" ], "index": "pypi", "version": "==1.17.40" @@ -126,6 +133,7 @@ "sha256:6a35a9977cdbd7a839d948dd5f9e3d260c19b7dde74e0a844c97206884d3bba0", "sha256:f2b68119050211139f21278166c9023d9251da84b500a4ccede4a4545d6a9514" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.20.40" }, "cachetools": { @@ -133,6 +141,7 @@ "sha256:1d9d5f567be80f7c07d765e21b814326d78c61eb0c3a637dffc0e5d1796cb2e2", "sha256:f469e29e7aa4cff64d8de4aad95ce76de8ea1125a16c68e0d93f65c3c3dc92e9" ], + "markers": "python_version ~= '3.5'", "version": "==4.2.1" }, "cbor2": { @@ -219,6 +228,7 @@ "sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa", "sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==4.0.0" }, "click": { @@ -226,6 +236,7 @@ "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a", "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==7.1.2" }, "click-didyoumean": { @@ -299,6 +310,7 @@ "sha256:0052c9887600c57054a5867d4b0240159fa009faa3bcf6a1627271d9cdcb005a", "sha256:c22b692707f514de9013651ecb687f2abe4f35cf6fe292ece634e9f1737bc7e3" ], + "markers": "python_version >= '3.6'", "version": "==3.0.1" }, "defusedxml": { @@ -424,6 +436,7 @@ "hashes": [ "sha256:b1bead90b70cf6ec3f0710ae53a525360fa360d306a86583adc6bf83a4db537d" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.18.2" }, "geoip2": { @@ -439,6 +452,7 @@ "sha256:9bd436d19ab047001a1340720d2b629eb96dd503258c524921ec2af3ee88a80e", "sha256:dcaba3aa9d4e0e96fd945bf25a86b6f878fcb05770b67adbeb50a63ca4d28a5e" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.28.0" }, "gunicorn": { @@ -453,6 +467,7 @@ "sha256:36a3cb8c0a032f56e2da7084577878a035d3b61d104230d4bd49c0c6b555a9c6", "sha256:47222cb6067e4a307d535814917cd98fd0a57b6788ce715755fa2b6c28b56042" ], + "markers": "python_version >= '3.6'", "version": "==0.12.0" }, "hiredis": { @@ -499,6 +514,7 @@ "sha256:f52010e0a44e3d8530437e7da38d11fb822acfb0d5b12e9cd5ba655509937ca0", "sha256:f8196f739092a78e4f6b1b2172679ed3343c39c61a3e9d722ce6fcf1dac2824a" ], + "markers": "python_version >= '3.6'", "version": "==2.0.0" }, "httptools": { @@ -544,6 +560,7 @@ "sha256:1a29730d366e996aaacffb2f1f1cb9593dc38e2ddd30c91250c6dde09ea9b417", "sha256:f38b2b640938a4f35ade69ac3d053042959b62a0f1076a5bbaa1b9526605a8a2" ], + "markers": "python_version >= '3.5'", "version": "==0.5.1" }, "itypes": { @@ -558,6 +575,7 @@ "sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419", "sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==2.11.3" }, "jmespath": { @@ -565,6 +583,7 @@ "sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9", "sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.10.0" }, "jsonschema": { @@ -579,6 +598,7 @@ "sha256:6dc509178ac4269b0e66ab4881f70a2035c33d3a622e20585f965986a5182006", "sha256:f4965fba0a4718d47d470beeb5d6446e3357a62402b16c510b6a2f251e05ac3c" ], + "markers": "python_version >= '3.6'", "version": "==5.0.2" }, "kubernetes": { @@ -591,8 +611,11 @@ }, "ldap3": { "hashes": [ - "sha256:18c3ee656a6775b9b0d60f7c6c5b094d878d1d90fc03d56731039f0a4b546a91", - "sha256:c1df41d89459be6f304e0ceec4b00fdea533dbbcd83c802b1272dcdb94620b57" + "sha256:afc6fc0d01f02af82cd7bfabd3bbfd5dc96a6ae91e97db0a2dab8a0f1b436056", + "sha256:c1df41d89459be6f304e0ceec4b00fdea533dbbcd83c802b1272dcdb94620b57", + "sha256:8c949edbad2be8a03e719ba48bd6779f327ec156929562814b3e84ab56889c8c", + "sha256:4139c91f0eef9782df7b77c8cbc6243086affcb6a8a249b768a9658438e5da59", + "sha256:18c3ee656a6775b9b0d60f7c6c5b094d878d1d90fc03d56731039f0a4b546a91" ], "index": "pypi", "version": "==2.9" @@ -694,12 +717,14 @@ "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be", "sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.1.1" }, "maxminddb": { "hashes": [ "sha256:47e86a084dd814fac88c99ea34ba3278a74bc9de5a25f4b815b608798747c7dc" ], + "markers": "python_version >= '3.6'", "version": "==2.0.3" }, "msgpack": { @@ -775,6 +800,7 @@ "sha256:f21756997ad8ef815d8ef3d34edd98804ab5ea337feedcd62fb52d22bf531281", "sha256:fc13a9524bc18b6fb6e0dbec3533ba0496bbed167c56d0aabefd965584557d80" ], + "markers": "python_version >= '3.6'", "version": "==5.1.0" }, "oauthlib": { @@ -782,6 +808,7 @@ "sha256:bee41cc35fcca6e988463cacc3bcb8a96224f470ca547e697b604cc697b2f889", "sha256:df884cd6cbe20e32633f1db1072e9356f53638e4361bef4e8b03c9127c9328ea" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==3.1.0" }, "packaging": { @@ -804,6 +831,7 @@ "sha256:bf00f22079f5fadc949f42ae8ff7f05702826a97059ffcc6281036ad40ac6f04", "sha256:e1b4f11b9336a28fa11810bc623c357420f69dfdb6d2dac41ca2c21a55c033bc" ], + "markers": "python_full_version >= '3.6.1'", "version": "==3.0.18" }, "psycopg2-binary": { @@ -849,15 +877,37 @@ }, "pyasn1": { "hashes": [ - "sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d", - "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba" + "sha256:7ab8a544af125fb704feadb008c99a88805126fb525280b2270bb25cc1d78a12", + "sha256:014c0e9976956a08139dc0712ae195324a75e142284d5f87f1a87ee1b068a359", + "sha256:99fcc3c8d804d1bc6d9a099921e39d827026409a58f2a720dcdb89374ea0c776", + "sha256:6e7545f1a61025a4e58bb336952c5061697da694db1cae97b116e9c46abcf7c8", + "sha256:fec3e9d8e36808a28efb59b489e4528c10ad0f480e57dcc32b4de5c9d8c9fdf3", + "sha256:78fa6da68ed2727915c4767bb386ab32cdba863caa7dbe473eaae45f9959da86", + "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba", + "sha256:08c3c53b75eaa48d71cf8c710312316392ed40899cb34710d092e96745a358b7", + "sha256:e89bf84b5437b532b0803ba5c9a5e054d21fec423a89952a74f87fa2c9b7bce2", + "sha256:5c9414dcfede6e441f7e8f81b43b34e834731003427e5b09e4e00e3172a10f00", + "sha256:03840c999ba71680a131cfaee6fab142e1ed9bbd9c693e285cc6aca0d555e576", + "sha256:0458773cfe65b153891ac249bcf1b5f8f320b7c2ce462151f8fa74de8934becf", + "sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d" ], "version": "==0.4.8" }, "pyasn1-modules": { "hashes": [ + "sha256:b80486a6c77252ea3a3e9b1e360bc9cf28eaac41263d173c032581ad2f20fe45", + "sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74", + "sha256:a99324196732f53093a84c4369c996713eb8c89d360a496b599fb1a9c47fc3eb", + "sha256:c29a5e5cc7a3f05926aff34e097e84f8589cd790ce0ed41b67aed6857b26aafd", + "sha256:cbac4bc38d117f2a49aeedec4407d23e8866ea4ac27ff2cf7fb3e5b570df19e0", + "sha256:fe0644d9ab041506b62782e92b06b8c68cca799e1a9636ec398675459e031405", + "sha256:0845a5582f6a02bb3e1bde9ecfc4bfcae6ec3210dd270522fee602365430c3f8", + "sha256:f39edd8c4ecaa4556e989147ebf219227e2cd2e8a43c7e7fcb1f1c18c5fd6a3d", + "sha256:65cebbaffc913f4fe9e4808735c95ea22d7a7775646ab690518c056784bc21b4", + "sha256:426edb7a5e8879f1ec54a1864f16b882c2837bfd06eee62f2c982315ee2473ed", "sha256:905f84c712230b2c592c19470d3ca8d552de726050d1d1716282a1f6146be65e", - "sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74" + "sha256:0fe1b68d1e486a1ed5473f1302bd991c1611d319bba158e98b106ff86e1d7199", + "sha256:15b7c67fabc7fc240d87fb9aabf999cf82311a6d6fb2c70d00d3d0604878c811" ], "version": "==0.2.8" }, @@ -866,6 +916,7 @@ "sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0", "sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.20" }, "pycryptodome": { @@ -937,6 +988,7 @@ "sha256:f933ecf4cb736c7af60a6a533db2bf569717f2318b265f92907acff1db43bc34", "sha256:fc9c55dc1ed57db76595f2d19a479fc1c3a1be2c9da8de798a93d286c5f65f38" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==3.10.1" }, "pyhamcrest": { @@ -944,6 +996,7 @@ "sha256:412e00137858f04bde0729913874a48485665f2d36fe9ee449f26be864af9316", "sha256:7ead136e03655af85069b6f47b23eb7c3e5c221aa9f022a4fbb499f5b7308f29" ], + "markers": "python_version >= '3.5'", "version": "==2.0.2" }, "pyjwkest": { @@ -965,12 +1018,14 @@ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.4.7" }, "pyrsistent": { "hashes": [ "sha256:2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e" ], + "markers": "python_version >= '3.5'", "version": "==0.17.3" }, "python-dateutil": { @@ -978,6 +1033,7 @@ "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.8.1" }, "python-dotenv": { @@ -1034,6 +1090,7 @@ "sha256:0e7e0cfca8660dea8b7d5cd8c4f6c5e29e11f31158c0b0ae91a397f00e5a05a2", "sha256:432b788c4530cfe16d8d943a09d40ca6c16149727e4afe8c2c9d5580c59d9f24" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==3.5.3" }, "requests": { @@ -1041,12 +1098,14 @@ "sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804", "sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==2.25.1" }, "requests-oauthlib": { "hashes": [ - "sha256:7f71572defaecd16372f9006f33c2ec8c077c3cfa6f5911a9a90202beb513f3d", - "sha256:b4261601a71fd721a8bd6d7aa1cc1d6a8a93b4a9f5e96626f8e4d91e8beeaa6a" + "sha256:b4261601a71fd721a8bd6d7aa1cc1d6a8a93b4a9f5e96626f8e4d91e8beeaa6a", + "sha256:fa6c47b933f01060936d87ae9327fead68768b69c6c9ea2109c48be30f2d4dbc", + "sha256:7f71572defaecd16372f9006f33c2ec8c077c3cfa6f5911a9a90202beb513f3d" ], "index": "pypi", "version": "==1.3.0" @@ -1064,6 +1123,7 @@ "sha256:0850def9ebca23b3a8c64c4b4115ebb6b364a10d49f89d289a26ee965e1e7d9d", "sha256:8f1e15421668b9edf30ed02899f5f81aff9808a4271935776f61a99a569a13da" ], + "markers": "python_version >= '3'", "version": "==0.17.2" }, "ruamel.yaml.clib": { @@ -1100,7 +1160,7 @@ "sha256:e9f7d1d8c26a6a12c23421061f9022bb62704e38211fe375c645485f38df34a2", "sha256:f6061a31880c1ed6b6ce341215336e2f3d0c1deccd84957b6fa8ca474b41e89f" ], - "markers": "platform_python_implementation == 'CPython' and python_version < '3.10'", + "markers": "python_version < '3.10' and platform_python_implementation == 'CPython'", "version": "==0.2.2" }, "s3transfer": { @@ -1131,6 +1191,7 @@ "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259", "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.15.0" }, "sqlparse": { @@ -1138,6 +1199,7 @@ "sha256:017cde379adbd6a1f15a61873f43e8274179378e95ef3fede90b5aa64d304ed0", "sha256:0f91fd2e829c44362cbcfab3e9ae12e22badaa8a29ad5ff599f9ec109f0454e8" ], + "markers": "python_version >= '3.5'", "version": "==0.4.1" }, "structlog": { @@ -1193,6 +1255,7 @@ "sha256:7d6f89745680233f1c4db9ddb748df5e88d2a7a37962be174c0fd04c8dba1dc8", "sha256:c16b55f9a67b2419cfdf8846576e2ec9ba94fe6978a83080c352a80db31c93fb" ], + "markers": "python_version >= '3.6'", "version": "==21.2.1" }, "typing-extensions": { @@ -1208,6 +1271,7 @@ "sha256:07620c3f3f8eed1f12600845892b0e036a2420acf513c53f7de0abd911a5894f", "sha256:5af8ad10cec94f215e3f48112de2022e1d5a37ed427fbd88652fa908f2ab7cae" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==3.0.1" }, "urllib3": { @@ -1252,6 +1316,7 @@ "sha256:4c9dceab6f76ed92105027c49c823800dd33cacce13bdedc5b914e3514b7fb30", "sha256:7d3b1624a953da82ef63462013bbd271d3eb75751489f9807598e8f340bd637e" ], + "markers": "python_version >= '3.6'", "version": "==5.0.0" }, "watchgod": { @@ -1281,6 +1346,7 @@ "sha256:44b5df8f08c74c3d82d28100fdc81f4536809ce98a17f0757557813275fbb663", "sha256:63509b41d158ae5b7f67eb4ad20fecbb4eee99434e73e140354dc3ff8e09716f" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.58.0" }, "websockets": { @@ -1369,6 +1435,7 @@ "sha256:f0b059678fd549c66b89bed03efcabb009075bd131c248ecdf087bdb6faba24a", "sha256:fcbb48a93e8699eae920f8d92f7160c03567b421bc17362a9ffbbd706a816f71" ], + "markers": "python_version >= '3.6'", "version": "==1.6.3" }, "zope.interface": { @@ -1425,6 +1492,7 @@ "sha256:fa939c2e2468142c9773443d4038e7c915b0cc1b670d3c9192bdc503f7ea73e9", "sha256:fcc5c1f95102989d2e116ffc8467963554ce89f30a65a3ea86a4d06849c498d8" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==5.3.0" } }, @@ -1441,6 +1509,7 @@ "sha256:6b0ed1af831570e500e2437625979eaa3b36011f66ddfc4ce930128610258ca9", "sha256:cd80bf957c49765dce6d92c43163ff9d2abc43132ce64d4b1b47717c6d2522df" ], + "markers": "python_version >= '3.6'", "version": "==2.5.2" }, "attrs": { @@ -1448,6 +1517,7 @@ "sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6", "sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==20.3.0" }, "bandit": { @@ -1470,21 +1540,15 @@ "sha256:37f927ea17cde7ae2d7baf832f8e80ce3777624554a653006c9144f8017fe410", "sha256:762cb2bfad61f4ec8e2bdf452c7c267416f8c70dd9ecb1653fd0bbb01fa936e6" ], - "version": "==1.0.1" - }, - "bumpversion": { - "hashes": [ - "sha256:4ba55e4080d373f80177b4dabef146c07ce73c7d1377aabf9d3c3ae1f94584a6", - "sha256:4eb3267a38194d09f048a2179980bb4803701969bff2c85fa8f6d1ce050be15e" - ], "index": "pypi", - "version": "==0.6.0" + "version": "==1.0.1" }, "click": { "hashes": [ "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a", "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==7.1.2" }, "colorama": { @@ -1558,6 +1622,7 @@ "sha256:6c4cc71933456991da20917998acbe6cf4fb41eeaab7d6d67fbc05ecd4c865b0", "sha256:96bf5c08b157a666fec41129e6d327235284cca4c81e92109260f353ba138005" ], + "markers": "python_version >= '3.4'", "version": "==4.0.7" }, "gitpython": { @@ -1565,6 +1630,7 @@ "sha256:3283ae2fba31c913d857e12e5ba5f9a7772bbc064ae2bb09efafa71b0dd4939b", "sha256:be27633e7509e58391f10207cd32b2a6cf5b908f92d9cd30da2e514e1137af61" ], + "markers": "python_version >= '3.4'", "version": "==3.1.14" }, "iniconfig": { @@ -1579,6 +1645,7 @@ "sha256:0a943902919f65c5684ac4e0154b1ad4fac6dcaa5d9f3426b732f1c8b5419be6", "sha256:2bb1680aad211e3c9944dbce1d4ba09a989f04e238296c87fe2139faa26d655d" ], + "markers": "python_version >= '3.6' and python_version < '4.0'", "version": "==5.8.0" }, "lazy-object-proxy": { @@ -1606,6 +1673,7 @@ "sha256:ed361bb83436f117f9917d282a456f9e5009ea12fd6de8742d1a4752c3017e93", "sha256:f5144c75445ae3ca2057faac03fda5a902eff196702b0a24daf1d6ce0650514b" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.6.0" }, "mccabe": { @@ -1642,6 +1710,7 @@ "sha256:5fad80b613c402d5b7df7bd84812548b2a61e9977387a80a5fc5c396492b13c9", "sha256:b236cde0ac9a6aedd5e3c34517b423cd4fd97ef723849da6b0d2231142d89c00" ], + "markers": "python_version >= '2.6'", "version": "==5.5.1" }, "pluggy": { @@ -1649,6 +1718,7 @@ "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.13.1" }, "py": { @@ -1656,15 +1726,16 @@ "sha256:21b81bda15b66ef5e1a777a21c4dcd9c20ad3efd0b3f817e7a809035269e1bd3", "sha256:3b80836aa6d1feeaa108e046da6423ab8f6ceda6468545ae8d02d9d58d18818a" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.10.0" }, "pylint": { "hashes": [ - "sha256:0e21d3b80b96740909d77206d741aa3ce0b06b41be375d92e1f3244a274c1f8a", - "sha256:d09b0b07ba06bcdff463958f53f23df25e740ecd81895f7d2699ec04bbd8dc3b" + "sha256:209d712ec870a0182df034ae19f347e725c1e615b2269519ab58a35b3fcbbe7a", + "sha256:bd38914c7731cdc518634a8d3c5585951302b6e2b6de60fbb3f7a0220e21eeee" ], "index": "pypi", - "version": "==2.7.2" + "version": "==2.7.4" }, "pylint-django": { "hashes": [ @@ -1686,6 +1757,7 @@ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.4.7" }, "pytest": { @@ -1798,6 +1870,7 @@ "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259", "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced" ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.15.0" }, "smmap": { @@ -1805,6 +1878,7 @@ "sha256:7e65386bd122d45405ddf795637b7f7d2b532e7e401d46bbe3fb49b9986d5182", "sha256:a9a7479e4c572e2e775c404dcd3080c8dc49f39918c2cf74913d30c4c478e3c2" ], + "markers": "python_version >= '3.5'", "version": "==4.0.0" }, "stevedore": { @@ -1812,6 +1886,7 @@ "sha256:3a5bbd0652bf552748871eaa73a4a8dc2899786bc497a2aa1fcb4dcdb0debeee", "sha256:50d7b78fbaf0d04cd62411188fa7eedcb03eb7f4c4b37005615ceebe582aa82a" ], + "markers": "python_version >= '3.6'", "version": "==3.3.0" }, "toml": { @@ -1819,6 +1894,7 @@ "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b", "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f" ], + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==0.10.2" }, "typed-ast": { From c180a521ecbad65075600231fefd470d0745ba5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Mar 2021 10:05:14 +0200 Subject: [PATCH 7/7] build(deps-dev): bump pylint from 2.7.2 to 2.7.3 (#674) * build(deps-dev): bump pylint from 2.7.2 to 2.7.3 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.7.2 to 2.7.3. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog) - [Commits](https://github.com/PyCQA/pylint/compare/pylint-2.7.2...pylint-2.7.3) Signed-off-by: dependabot[bot] * sources/saml: fix linting for SAMLBindingTypes.Redirect Signed-off-by: Jens Langhammer * sources/oauth: Fix linting for RequestKind Signed-off-by: Jens Langhammer * flows: fix linting for ChallengeTypes Signed-off-by: Jens Langhammer Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer --- .prospector.yaml | 12 ----- .pylintrc | 29 ----------- Pipfile.lock | 52 +++++++++---------- authentik/flows/challenge.py | 6 +-- authentik/flows/tests/test_views.py | 6 +-- authentik/flows/views.py | 8 +-- authentik/providers/saml/views/flows.py | 2 +- authentik/sources/oauth/types/azure_ad.py | 2 +- authentik/sources/oauth/types/discord.py | 4 +- authentik/sources/oauth/types/facebook.py | 4 +- authentik/sources/oauth/types/github.py | 2 +- authentik/sources/oauth/types/google.py | 4 +- authentik/sources/oauth/types/manager.py | 8 +-- authentik/sources/oauth/types/oidc.py | 4 +- authentik/sources/oauth/types/reddit.py | 4 +- authentik/sources/oauth/types/twitter.py | 2 +- authentik/sources/oauth/urls.py | 4 +- authentik/sources/saml/models.py | 4 +- authentik/sources/saml/views.py | 4 +- .../stages/authenticator_static/stage.py | 2 +- authentik/stages/authenticator_totp/stage.py | 2 +- .../stages/authenticator_validate/stage.py | 2 +- .../stages/authenticator_webauthn/stage.py | 2 +- authentik/stages/captcha/stage.py | 2 +- authentik/stages/consent/stage.py | 2 +- authentik/stages/deny/tests.py | 2 +- authentik/stages/dummy/stage.py | 2 +- authentik/stages/email/stage.py | 2 +- authentik/stages/identification/stage.py | 2 +- authentik/stages/identification/tests.py | 4 +- authentik/stages/invitation/tests.py | 2 +- authentik/stages/password/stage.py | 2 +- authentik/stages/password/tests.py | 4 +- authentik/stages/prompt/stage.py | 2 +- authentik/stages/user_delete/tests.py | 2 +- authentik/stages/user_login/tests.py | 4 +- authentik/stages/user_write/tests.py | 2 +- pyproject.toml | 35 +++++++++++++ pytest.ini | 5 -- setup.cfg | 3 -- swagger.yaml | 6 +-- tests/e2e/test_source_saml.py | 2 +- 42 files changed, 120 insertions(+), 134 deletions(-) delete mode 100644 .prospector.yaml delete mode 100644 .pylintrc delete mode 100644 pytest.ini delete mode 100644 setup.cfg diff --git a/.prospector.yaml b/.prospector.yaml deleted file mode 100644 index 3c1e3ca1f..000000000 --- a/.prospector.yaml +++ /dev/null @@ -1,12 +0,0 @@ -strictness: medium -test-warnings: true -doc-warnings: false - -ignore-paths: - - migrations - - docs - - node_modules - -uses: - - django - - celery diff --git a/.pylintrc b/.pylintrc deleted file mode 100644 index c2675db1b..000000000 --- a/.pylintrc +++ /dev/null @@ -1,29 +0,0 @@ -[MASTER] - -disable = - arguments-differ, - no-self-use, - fixme, - locally-disabled, - too-many-ancestors, - too-few-public-methods, - import-outside-toplevel, - bad-continuation, - signature-differs, - similarities, - cyclic-import, - protected-access, - raise-missing-from - -load-plugins=pylint_django,pylint.extensions.bad_builtin -django-settings-module=authentik.root.settings -extension-pkg-whitelist=lxml,xmlsec - -# Allow constants to be shorter than normal (and lowercase, for settings.py) -const-rgx=[a-zA-Z0-9_]{1,40}$ - -ignored-modules=django-otp -generated-members=xmlsec.constants.*,xmlsec.tree.*,xmlsec.template.* -ignore=migrations -max-attributes=12 -max-branches=20 diff --git a/Pipfile.lock b/Pipfile.lock index 860f0977b..3f80b1888 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -122,8 +122,8 @@ }, "boto3": { "hashes": [ - "sha256:ee999b46b2c630e50e7b052d6dfe224203a348d83b00e168ca50009af0f276c1", - "sha256:54380395ba52502a9877cd0c4c9c9834341ce74c96c9f1ecc6fd77bade1b201a" + "sha256:54380395ba52502a9877cd0c4c9c9834341ce74c96c9f1ecc6fd77bade1b201a", + "sha256:ee999b46b2c630e50e7b052d6dfe224203a348d83b00e168ca50009af0f276c1" ], "index": "pypi", "version": "==1.17.40" @@ -611,11 +611,11 @@ }, "ldap3": { "hashes": [ - "sha256:afc6fc0d01f02af82cd7bfabd3bbfd5dc96a6ae91e97db0a2dab8a0f1b436056", - "sha256:c1df41d89459be6f304e0ceec4b00fdea533dbbcd83c802b1272dcdb94620b57", - "sha256:8c949edbad2be8a03e719ba48bd6779f327ec156929562814b3e84ab56889c8c", + "sha256:18c3ee656a6775b9b0d60f7c6c5b094d878d1d90fc03d56731039f0a4b546a91", "sha256:4139c91f0eef9782df7b77c8cbc6243086affcb6a8a249b768a9658438e5da59", - "sha256:18c3ee656a6775b9b0d60f7c6c5b094d878d1d90fc03d56731039f0a4b546a91" + "sha256:8c949edbad2be8a03e719ba48bd6779f327ec156929562814b3e84ab56889c8c", + "sha256:afc6fc0d01f02af82cd7bfabd3bbfd5dc96a6ae91e97db0a2dab8a0f1b436056", + "sha256:c1df41d89459be6f304e0ceec4b00fdea533dbbcd83c802b1272dcdb94620b57" ], "index": "pypi", "version": "==2.9" @@ -877,37 +877,37 @@ }, "pyasn1": { "hashes": [ - "sha256:7ab8a544af125fb704feadb008c99a88805126fb525280b2270bb25cc1d78a12", "sha256:014c0e9976956a08139dc0712ae195324a75e142284d5f87f1a87ee1b068a359", - "sha256:99fcc3c8d804d1bc6d9a099921e39d827026409a58f2a720dcdb89374ea0c776", - "sha256:6e7545f1a61025a4e58bb336952c5061697da694db1cae97b116e9c46abcf7c8", - "sha256:fec3e9d8e36808a28efb59b489e4528c10ad0f480e57dcc32b4de5c9d8c9fdf3", - "sha256:78fa6da68ed2727915c4767bb386ab32cdba863caa7dbe473eaae45f9959da86", - "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba", - "sha256:08c3c53b75eaa48d71cf8c710312316392ed40899cb34710d092e96745a358b7", - "sha256:e89bf84b5437b532b0803ba5c9a5e054d21fec423a89952a74f87fa2c9b7bce2", - "sha256:5c9414dcfede6e441f7e8f81b43b34e834731003427e5b09e4e00e3172a10f00", "sha256:03840c999ba71680a131cfaee6fab142e1ed9bbd9c693e285cc6aca0d555e576", "sha256:0458773cfe65b153891ac249bcf1b5f8f320b7c2ce462151f8fa74de8934becf", - "sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d" + "sha256:08c3c53b75eaa48d71cf8c710312316392ed40899cb34710d092e96745a358b7", + "sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d", + "sha256:5c9414dcfede6e441f7e8f81b43b34e834731003427e5b09e4e00e3172a10f00", + "sha256:6e7545f1a61025a4e58bb336952c5061697da694db1cae97b116e9c46abcf7c8", + "sha256:78fa6da68ed2727915c4767bb386ab32cdba863caa7dbe473eaae45f9959da86", + "sha256:7ab8a544af125fb704feadb008c99a88805126fb525280b2270bb25cc1d78a12", + "sha256:99fcc3c8d804d1bc6d9a099921e39d827026409a58f2a720dcdb89374ea0c776", + "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba", + "sha256:e89bf84b5437b532b0803ba5c9a5e054d21fec423a89952a74f87fa2c9b7bce2", + "sha256:fec3e9d8e36808a28efb59b489e4528c10ad0f480e57dcc32b4de5c9d8c9fdf3" ], "version": "==0.4.8" }, "pyasn1-modules": { "hashes": [ - "sha256:b80486a6c77252ea3a3e9b1e360bc9cf28eaac41263d173c032581ad2f20fe45", + "sha256:0845a5582f6a02bb3e1bde9ecfc4bfcae6ec3210dd270522fee602365430c3f8", + "sha256:0fe1b68d1e486a1ed5473f1302bd991c1611d319bba158e98b106ff86e1d7199", + "sha256:15b7c67fabc7fc240d87fb9aabf999cf82311a6d6fb2c70d00d3d0604878c811", + "sha256:426edb7a5e8879f1ec54a1864f16b882c2837bfd06eee62f2c982315ee2473ed", + "sha256:65cebbaffc913f4fe9e4808735c95ea22d7a7775646ab690518c056784bc21b4", + "sha256:905f84c712230b2c592c19470d3ca8d552de726050d1d1716282a1f6146be65e", "sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74", "sha256:a99324196732f53093a84c4369c996713eb8c89d360a496b599fb1a9c47fc3eb", + "sha256:b80486a6c77252ea3a3e9b1e360bc9cf28eaac41263d173c032581ad2f20fe45", "sha256:c29a5e5cc7a3f05926aff34e097e84f8589cd790ce0ed41b67aed6857b26aafd", "sha256:cbac4bc38d117f2a49aeedec4407d23e8866ea4ac27ff2cf7fb3e5b570df19e0", - "sha256:fe0644d9ab041506b62782e92b06b8c68cca799e1a9636ec398675459e031405", - "sha256:0845a5582f6a02bb3e1bde9ecfc4bfcae6ec3210dd270522fee602365430c3f8", "sha256:f39edd8c4ecaa4556e989147ebf219227e2cd2e8a43c7e7fcb1f1c18c5fd6a3d", - "sha256:65cebbaffc913f4fe9e4808735c95ea22d7a7775646ab690518c056784bc21b4", - "sha256:426edb7a5e8879f1ec54a1864f16b882c2837bfd06eee62f2c982315ee2473ed", - "sha256:905f84c712230b2c592c19470d3ca8d552de726050d1d1716282a1f6146be65e", - "sha256:0fe1b68d1e486a1ed5473f1302bd991c1611d319bba158e98b106ff86e1d7199", - "sha256:15b7c67fabc7fc240d87fb9aabf999cf82311a6d6fb2c70d00d3d0604878c811" + "sha256:fe0644d9ab041506b62782e92b06b8c68cca799e1a9636ec398675459e031405" ], "version": "==0.2.8" }, @@ -1103,9 +1103,9 @@ }, "requests-oauthlib": { "hashes": [ + "sha256:7f71572defaecd16372f9006f33c2ec8c077c3cfa6f5911a9a90202beb513f3d", "sha256:b4261601a71fd721a8bd6d7aa1cc1d6a8a93b4a9f5e96626f8e4d91e8beeaa6a", - "sha256:fa6c47b933f01060936d87ae9327fead68768b69c6c9ea2109c48be30f2d4dbc", - "sha256:7f71572defaecd16372f9006f33c2ec8c077c3cfa6f5911a9a90202beb513f3d" + "sha256:fa6c47b933f01060936d87ae9327fead68768b69c6c9ea2109c48be30f2d4dbc" ], "index": "pypi", "version": "==1.3.0" diff --git a/authentik/flows/challenge.py b/authentik/flows/challenge.py index c03fb3ffc..6cfffc7fe 100644 --- a/authentik/flows/challenge.py +++ b/authentik/flows/challenge.py @@ -16,9 +16,9 @@ if TYPE_CHECKING: class ChallengeTypes(Enum): """Currently defined challenge types""" - native = "native" - shell = "shell" - redirect = "redirect" + NATIVE = "native" + SHELL = "shell" + REDIRECT = "redirect" class ErrorDetailSerializer(Serializer): diff --git a/authentik/flows/tests/test_views.py b/authentik/flows/tests/test_views.py index d75e507ef..f06ba18b5 100644 --- a/authentik/flows/tests/test_views.py +++ b/authentik/flows/tests/test_views.py @@ -94,7 +94,7 @@ class TestFlowExecutor(TestCase): "component": "ak-stage-access-denied", "error_message": FlowNonApplicableException.__doc__, "title": "", - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, }, ) @@ -415,7 +415,7 @@ class TestFlowExecutor(TestCase): force_str(response.content), { "background": flow.background.url, - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-dummy", "title": binding.stage.name, }, @@ -446,7 +446,7 @@ class TestFlowExecutor(TestCase): force_str(response.content), { "background": flow.background.url, - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-dummy", "title": binding4.stage.name, }, diff --git a/authentik/flows/views.py b/authentik/flows/views.py index 9020894c6..42e328f4c 100644 --- a/authentik/flows/views.py +++ b/authentik/flows/views.py @@ -241,7 +241,7 @@ class FlowExecutorView(APIView): { "error_message": error_message, "title": self.flow.title, - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-access-denied", } ) @@ -334,14 +334,14 @@ def to_stage_response(request: HttpRequest, source: HttpResponse) -> HttpRespons ) return HttpChallengeResponse( RedirectChallenge( - {"type": ChallengeTypes.redirect, "to": str(redirect_url)} + {"type": ChallengeTypes.REDIRECT, "to": str(redirect_url)} ) ) if isinstance(source, TemplateResponse): return HttpChallengeResponse( ShellChallenge( { - "type": ChallengeTypes.shell, + "type": ChallengeTypes.SHELL, "body": source.render().content.decode("utf-8"), } ) @@ -351,7 +351,7 @@ def to_stage_response(request: HttpRequest, source: HttpResponse) -> HttpRespons return HttpChallengeResponse( ShellChallenge( { - "type": ChallengeTypes.shell, + "type": ChallengeTypes.SHELL, "body": source.content.decode("utf-8"), } ) diff --git a/authentik/providers/saml/views/flows.py b/authentik/providers/saml/views/flows.py index eb03eb9c8..e6ebb368e 100644 --- a/authentik/providers/saml/views/flows.py +++ b/authentik/providers/saml/views/flows.py @@ -74,7 +74,7 @@ class SAMLFlowFinalView(ChallengeStageView): return super().get( self.request, **{ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-autosubmit", "title": "Redirecting to %(app)s..." % {"app": application.name}, "url": provider.acs_url, diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py index 7ca6468a2..697bc94fa 100644 --- a/authentik/sources/oauth/types/azure_ad.py +++ b/authentik/sources/oauth/types/azure_ad.py @@ -7,7 +7,7 @@ from authentik.sources.oauth.types.manager import MANAGER, RequestKind from authentik.sources.oauth.views.callback import OAuthCallback -@MANAGER.source(kind=RequestKind.callback, name="Azure AD") +@MANAGER.source(kind=RequestKind.CALLBACK, name="Azure AD") class AzureADOAuthCallback(OAuthCallback): """AzureAD OAuth2 Callback""" diff --git a/authentik/sources/oauth/types/discord.py b/authentik/sources/oauth/types/discord.py index 94ab600e6..b50aafa77 100644 --- a/authentik/sources/oauth/types/discord.py +++ b/authentik/sources/oauth/types/discord.py @@ -7,7 +7,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect -@MANAGER.source(kind=RequestKind.redirect, name="Discord") +@MANAGER.source(kind=RequestKind.REDIRECT, name="Discord") class DiscordOAuthRedirect(OAuthRedirect): """Discord OAuth2 Redirect""" @@ -17,7 +17,7 @@ class DiscordOAuthRedirect(OAuthRedirect): } -@MANAGER.source(kind=RequestKind.callback, name="Discord") +@MANAGER.source(kind=RequestKind.CALLBACK, name="Discord") class DiscordOAuth2Callback(OAuthCallback): """Discord OAuth2 Callback""" diff --git a/authentik/sources/oauth/types/facebook.py b/authentik/sources/oauth/types/facebook.py index 5b39c5265..3956413da 100644 --- a/authentik/sources/oauth/types/facebook.py +++ b/authentik/sources/oauth/types/facebook.py @@ -10,7 +10,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect -@MANAGER.source(kind=RequestKind.redirect, name="Facebook") +@MANAGER.source(kind=RequestKind.REDIRECT, name="Facebook") class FacebookOAuthRedirect(OAuthRedirect): """Facebook OAuth2 Redirect""" @@ -28,7 +28,7 @@ class FacebookOAuth2Client(OAuth2Client): return api.get_object("me", fields="id,name,email") -@MANAGER.source(kind=RequestKind.callback, name="Facebook") +@MANAGER.source(kind=RequestKind.CALLBACK, name="Facebook") class FacebookOAuth2Callback(OAuthCallback): """Facebook OAuth2 Callback""" diff --git a/authentik/sources/oauth/types/github.py b/authentik/sources/oauth/types/github.py index d016d6fcd..420fa6ba1 100644 --- a/authentik/sources/oauth/types/github.py +++ b/authentik/sources/oauth/types/github.py @@ -6,7 +6,7 @@ from authentik.sources.oauth.types.manager import MANAGER, RequestKind from authentik.sources.oauth.views.callback import OAuthCallback -@MANAGER.source(kind=RequestKind.callback, name="GitHub") +@MANAGER.source(kind=RequestKind.CALLBACK, name="GitHub") class GitHubOAuth2Callback(OAuthCallback): """GitHub OAuth2 Callback""" diff --git a/authentik/sources/oauth/types/google.py b/authentik/sources/oauth/types/google.py index 00143d324..c7d1ba8c8 100644 --- a/authentik/sources/oauth/types/google.py +++ b/authentik/sources/oauth/types/google.py @@ -7,7 +7,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect -@MANAGER.source(kind=RequestKind.redirect, name="Google") +@MANAGER.source(kind=RequestKind.REDIRECT, name="Google") class GoogleOAuthRedirect(OAuthRedirect): """Google OAuth2 Redirect""" @@ -17,7 +17,7 @@ class GoogleOAuthRedirect(OAuthRedirect): } -@MANAGER.source(kind=RequestKind.callback, name="Google") +@MANAGER.source(kind=RequestKind.CALLBACK, name="Google") class GoogleOAuth2Callback(OAuthCallback): """Google OAuth2 Callback""" diff --git a/authentik/sources/oauth/types/manager.py b/authentik/sources/oauth/types/manager.py index 6069947d5..ea51b7c5b 100644 --- a/authentik/sources/oauth/types/manager.py +++ b/authentik/sources/oauth/types/manager.py @@ -15,8 +15,8 @@ LOGGER = get_logger() class RequestKind(Enum): """Enum of OAuth Request types""" - callback = "callback" - redirect = "redirect" + CALLBACK = "callback" + REDIRECT = "redirect" class SourceTypeManager: @@ -52,9 +52,9 @@ class SourceTypeManager: have=self.__source_types[kind.value].keys(), ) # Return defaults - if kind == RequestKind.callback: + if kind == RequestKind.CALLBACK: return OAuthCallback - if kind == RequestKind.redirect: + if kind == RequestKind.REDIRECT: return OAuthRedirect raise KeyError( f"Provider Type {source.provider_type} (type {kind.value}) not found." diff --git a/authentik/sources/oauth/types/oidc.py b/authentik/sources/oauth/types/oidc.py index 00d4723e1..7fafaead2 100644 --- a/authentik/sources/oauth/types/oidc.py +++ b/authentik/sources/oauth/types/oidc.py @@ -7,7 +7,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect -@MANAGER.source(kind=RequestKind.redirect, name="OpenID Connect") +@MANAGER.source(kind=RequestKind.REDIRECT, name="OpenID Connect") class OpenIDConnectOAuthRedirect(OAuthRedirect): """OpenIDConnect OAuth2 Redirect""" @@ -17,7 +17,7 @@ class OpenIDConnectOAuthRedirect(OAuthRedirect): } -@MANAGER.source(kind=RequestKind.callback, name="OpenID Connect") +@MANAGER.source(kind=RequestKind.CALLBACK, name="OpenID Connect") class OpenIDConnectOAuth2Callback(OAuthCallback): """OpenIDConnect OAuth2 Callback""" diff --git a/authentik/sources/oauth/types/reddit.py b/authentik/sources/oauth/types/reddit.py index d032642ff..868bb23dc 100644 --- a/authentik/sources/oauth/types/reddit.py +++ b/authentik/sources/oauth/types/reddit.py @@ -10,7 +10,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect -@MANAGER.source(kind=RequestKind.redirect, name="reddit") +@MANAGER.source(kind=RequestKind.REDIRECT, name="reddit") class RedditOAuthRedirect(OAuthRedirect): """Reddit OAuth2 Redirect""" @@ -30,7 +30,7 @@ class RedditOAuth2Client(OAuth2Client): return super().get_access_token(auth=auth) -@MANAGER.source(kind=RequestKind.callback, name="reddit") +@MANAGER.source(kind=RequestKind.CALLBACK, name="reddit") class RedditOAuth2Callback(OAuthCallback): """Reddit OAuth2 Callback""" diff --git a/authentik/sources/oauth/types/twitter.py b/authentik/sources/oauth/types/twitter.py index ba90237bd..ff4105ee6 100644 --- a/authentik/sources/oauth/types/twitter.py +++ b/authentik/sources/oauth/types/twitter.py @@ -6,7 +6,7 @@ from authentik.sources.oauth.types.manager import MANAGER, RequestKind from authentik.sources.oauth.views.callback import OAuthCallback -@MANAGER.source(kind=RequestKind.callback, name="Twitter") +@MANAGER.source(kind=RequestKind.CALLBACK, name="Twitter") class TwitterOAuthCallback(OAuthCallback): """Twitter OAuth2 Callback""" diff --git a/authentik/sources/oauth/urls.py b/authentik/sources/oauth/urls.py index fabe02acf..7b38afe53 100644 --- a/authentik/sources/oauth/urls.py +++ b/authentik/sources/oauth/urls.py @@ -8,12 +8,12 @@ from authentik.sources.oauth.views.dispatcher import DispatcherView urlpatterns = [ path( "login//", - DispatcherView.as_view(kind=RequestKind.redirect), + DispatcherView.as_view(kind=RequestKind.REDIRECT), name="oauth-client-login", ), path( "callback//", - DispatcherView.as_view(kind=RequestKind.callback), + DispatcherView.as_view(kind=RequestKind.CALLBACK), name="oauth-client-callback", ), ] diff --git a/authentik/sources/saml/models.py b/authentik/sources/saml/models.py index aba16f81d..64f2b3f63 100644 --- a/authentik/sources/saml/models.py +++ b/authentik/sources/saml/models.py @@ -34,7 +34,7 @@ from authentik.sources.saml.processors.constants import ( class SAMLBindingTypes(models.TextChoices): """SAML Binding types""" - Redirect = "REDIRECT", _("Redirect Binding") + REDIRECT = "REDIRECT", _("Redirect Binding") POST = "POST", _("POST Binding") POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation") @@ -95,7 +95,7 @@ class SAMLSource(Source): binding_type = models.CharField( max_length=100, choices=SAMLBindingTypes.choices, - default=SAMLBindingTypes.Redirect, + default=SAMLBindingTypes.REDIRECT, ) temporary_user_delete_after = models.TextField( diff --git a/authentik/sources/saml/views.py b/authentik/sources/saml/views.py index 8a60b6828..8b27895fc 100644 --- a/authentik/sources/saml/views.py +++ b/authentik/sources/saml/views.py @@ -50,7 +50,7 @@ class AutosubmitStageView(ChallengeStageView): def get_challenge(self, *args, **kwargs) -> Challenge: return AutosubmitChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-autosubmit", "title": self.executor.plan.context.get(PLAN_CONTEXT_TITLE, ""), "url": self.executor.plan.context.get(PLAN_CONTEXT_URL, ""), @@ -103,7 +103,7 @@ class InitiateView(View): relay_state = request.GET.get("next", "") auth_n_req = RequestProcessor(source, request, relay_state) # If the source is configured for Redirect bindings, we can just redirect there - if source.binding_type == SAMLBindingTypes.Redirect: + if source.binding_type == SAMLBindingTypes.REDIRECT: url_args = urlencode(auth_n_req.build_auth_n_detached()) return redirect(f"{source.sso_url}?{url_args}") # As POST Binding we show a form diff --git a/authentik/stages/authenticator_static/stage.py b/authentik/stages/authenticator_static/stage.py index f0a834464..6cab085c5 100644 --- a/authentik/stages/authenticator_static/stage.py +++ b/authentik/stages/authenticator_static/stage.py @@ -31,7 +31,7 @@ class AuthenticatorStaticStageView(ChallengeStageView): tokens: list[StaticToken] = self.request.session[SESSION_STATIC_TOKENS] return AuthenticatorStaticChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-authenticator-static", "codes": [token.token for token in tokens], } diff --git a/authentik/stages/authenticator_totp/stage.py b/authentik/stages/authenticator_totp/stage.py index 060b1b6f8..84adbd398 100644 --- a/authentik/stages/authenticator_totp/stage.py +++ b/authentik/stages/authenticator_totp/stage.py @@ -51,7 +51,7 @@ class AuthenticatorTOTPStageView(ChallengeStageView): device: TOTPDevice = self.request.session[SESSION_TOTP_DEVICE] return AuthenticatorTOTPChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-authenticator-totp", "config_url": device.config_url, } diff --git a/authentik/stages/authenticator_validate/stage.py b/authentik/stages/authenticator_validate/stage.py index 4e2e9f86a..c900437e0 100644 --- a/authentik/stages/authenticator_validate/stage.py +++ b/authentik/stages/authenticator_validate/stage.py @@ -145,7 +145,7 @@ class AuthenticatorValidateStageView(ChallengeStageView): challenges = self.request.session["device_challenges"] return AuthenticatorChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-authenticator-validate", "device_challenges": challenges, } diff --git a/authentik/stages/authenticator_webauthn/stage.py b/authentik/stages/authenticator_webauthn/stage.py index d16e42615..8da09c44a 100644 --- a/authentik/stages/authenticator_webauthn/stage.py +++ b/authentik/stages/authenticator_webauthn/stage.py @@ -128,7 +128,7 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView): return AuthenticatorWebAuthnChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-authenticator-webauthn", "registration": registration_dict, } diff --git a/authentik/stages/captcha/stage.py b/authentik/stages/captcha/stage.py index 8b26a054c..98db7728a 100644 --- a/authentik/stages/captcha/stage.py +++ b/authentik/stages/captcha/stage.py @@ -63,7 +63,7 @@ class CaptchaStageView(ChallengeStageView): def get_challenge(self, *args, **kwargs) -> Challenge: return CaptchaChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-captcha", "site_key": self.executor.current_stage.public_key, } diff --git a/authentik/stages/consent/stage.py b/authentik/stages/consent/stage.py index 387ea0783..aba15031b 100644 --- a/authentik/stages/consent/stage.py +++ b/authentik/stages/consent/stage.py @@ -39,7 +39,7 @@ class ConsentStageView(ChallengeStageView): def get_challenge(self) -> Challenge: challenge = ConsentChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-consent", } ) diff --git a/authentik/stages/deny/tests.py b/authentik/stages/deny/tests.py index d82fdbaca..22b4babc9 100644 --- a/authentik/stages/deny/tests.py +++ b/authentik/stages/deny/tests.py @@ -49,7 +49,7 @@ class TestUserDenyStage(TestCase): "component": "ak-stage-access-denied", "error_message": None, "title": "", - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, }, ) diff --git a/authentik/stages/dummy/stage.py b/authentik/stages/dummy/stage.py index b4c2f844c..3ecef6f65 100644 --- a/authentik/stages/dummy/stage.py +++ b/authentik/stages/dummy/stage.py @@ -24,7 +24,7 @@ class DummyStageView(ChallengeStageView): def get_challenge(self, *args, **kwargs) -> Challenge: return DummyChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-dummy", "title": self.executor.current_stage.name, } diff --git a/authentik/stages/email/stage.py b/authentik/stages/email/stage.py index 03c2e5086..7c4c55831 100644 --- a/authentik/stages/email/stage.py +++ b/authentik/stages/email/stage.py @@ -96,7 +96,7 @@ class EmailStageView(ChallengeStageView): def get_challenge(self) -> Challenge: challenge = EmailChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-email", "title": "Email sent.", } diff --git a/authentik/stages/identification/stage.py b/authentik/stages/identification/stage.py index 4338af217..87f416789 100644 --- a/authentik/stages/identification/stage.py +++ b/authentik/stages/identification/stage.py @@ -78,7 +78,7 @@ class IdentificationStageView(ChallengeStageView): current_stage: IdentificationStage = self.executor.current_stage challenge = IdentificationChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-identification", "primary_action": _("Log in"), "input_type": "text", diff --git a/authentik/stages/identification/tests.py b/authentik/stages/identification/tests.py index 1e0daebb6..525f3250a 100644 --- a/authentik/stages/identification/tests.py +++ b/authentik/stages/identification/tests.py @@ -104,7 +104,7 @@ class TestIdentificationStage(TestCase): force_str(response.content), { "background": flow.background.url, - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-identification", "input_type": "email", "enroll_url": reverse( @@ -147,7 +147,7 @@ class TestIdentificationStage(TestCase): force_str(response.content), { "background": flow.background.url, - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-identification", "input_type": "email", "recovery_url": reverse( diff --git a/authentik/stages/invitation/tests.py b/authentik/stages/invitation/tests.py index 3f9220939..85b263c31 100644 --- a/authentik/stages/invitation/tests.py +++ b/authentik/stages/invitation/tests.py @@ -67,7 +67,7 @@ class TestUserLoginStage(TestCase): "component": "ak-stage-access-denied", "error_message": None, "title": "", - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, }, ) diff --git a/authentik/stages/password/stage.py b/authentik/stages/password/stage.py index d7ea70f41..1f2e7d6fb 100644 --- a/authentik/stages/password/stage.py +++ b/authentik/stages/password/stage.py @@ -78,7 +78,7 @@ class PasswordStageView(ChallengeStageView): def get_challenge(self) -> Challenge: challenge = PasswordChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-password", } ) diff --git a/authentik/stages/password/tests.py b/authentik/stages/password/tests.py index 9cb27c7a9..273c9834b 100644 --- a/authentik/stages/password/tests.py +++ b/authentik/stages/password/tests.py @@ -72,7 +72,7 @@ class TestPasswordStage(TestCase): "component": "ak-stage-access-denied", "error_message": None, "title": "", - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, }, ) @@ -206,6 +206,6 @@ class TestPasswordStage(TestCase): "component": "ak-stage-access-denied", "error_message": None, "title": "", - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, }, ) diff --git a/authentik/stages/prompt/stage.py b/authentik/stages/prompt/stage.py index 6d895e659..c926a20dd 100644 --- a/authentik/stages/prompt/stage.py +++ b/authentik/stages/prompt/stage.py @@ -164,7 +164,7 @@ class PromptStageView(ChallengeStageView): fields = list(self.executor.current_stage.fields.all().order_by("order")) challenge = PromptChallenge( data={ - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, "component": "ak-stage-prompt", "fields": [PromptSerializer(field).data for field in fields], }, diff --git a/authentik/stages/user_delete/tests.py b/authentik/stages/user_delete/tests.py index 135474c61..75d876b1c 100644 --- a/authentik/stages/user_delete/tests.py +++ b/authentik/stages/user_delete/tests.py @@ -55,7 +55,7 @@ class TestUserDeleteStage(TestCase): "component": "ak-stage-access-denied", "error_message": None, "title": "", - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, }, ) diff --git a/authentik/stages/user_login/tests.py b/authentik/stages/user_login/tests.py index 99ba9fe63..d05e6dc07 100644 --- a/authentik/stages/user_login/tests.py +++ b/authentik/stages/user_login/tests.py @@ -80,7 +80,7 @@ class TestUserLoginStage(TestCase): "component": "ak-stage-access-denied", "error_message": None, "title": "", - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, }, ) @@ -109,7 +109,7 @@ class TestUserLoginStage(TestCase): "component": "ak-stage-access-denied", "error_message": None, "title": "", - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, }, ) diff --git a/authentik/stages/user_write/tests.py b/authentik/stages/user_write/tests.py index 037f581ee..bd83b2e72 100644 --- a/authentik/stages/user_write/tests.py +++ b/authentik/stages/user_write/tests.py @@ -132,7 +132,7 @@ class TestUserWriteStage(TestCase): "component": "ak-stage-access-denied", "error_message": None, "title": "", - "type": ChallengeTypes.native.value, + "type": ChallengeTypes.NATIVE.value, }, ) diff --git a/pyproject.toml b/pyproject.toml index 12962af8b..6dcfd6a0d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -41,3 +41,38 @@ exclude_lines = [ "if __name__ == .__main__.:", ] show_missing = true + +[tool.pylint.master] +disable =[ + "arguments-differ", + "no-self-use", + "fixme", + "locally-disabled", + "too-many-ancestors", + "too-few-public-methods", + "import-outside-toplevel", + "bad-continuation", + "signature-differs", + "similarities", + "cyclic-import", + "protected-access", + "raise-missing-from",] + +load-plugins=["pylint_django","pylint.extensions.bad_builtin"] +django-settings-module="authentik.root.settings" +extension-pkg-whitelist=["lxml","xmlsec"] + +# Allow constants to be shorter than normal (and lowercase, for settings.py) +const-rgx="[a-zA-Z0-9_]{1,40}$" + +ignored-modules=["django-otp"] +generated-members=["xmlsec.constants.*","xmlsec.tree.*","xmlsec.template.*"] +ignore="migrations" +max-attributes=12 +max-branches=20 + +[tool.pytest.ini_options] +DJANGO_SETTINGS_MODULE = "authentik.root.settings" +python_files = ["tests.py", "test_*.py", "*_tests.py"] +junit_family = "xunit2" +addopts = "-p no:celery --junitxml=unittest.xml" diff --git a/pytest.ini b/pytest.ini deleted file mode 100644 index 59ca91fc1..000000000 --- a/pytest.ini +++ /dev/null @@ -1,5 +0,0 @@ -[pytest] -DJANGO_SETTINGS_MODULE = authentik.root.settings -python_files = tests.py test_*.py *_tests.py -junit_family = xunit2 -addopts = -p no:celery --junitxml=unittest.xml diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index ab259ac2d..000000000 --- a/setup.cfg +++ /dev/null @@ -1,3 +0,0 @@ -[pycodestyle] -ignore = E731,E121,W503 -max-line-length = 100 diff --git a/swagger.yaml b/swagger.yaml index 27d16815e..249a99719 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -11619,9 +11619,9 @@ definitions: title: Type type: string enum: - - native - - shell - - redirect + - NATIVE + - SHELL + - REDIRECT component: title: Component type: string diff --git a/tests/e2e/test_source_saml.py b/tests/e2e/test_source_saml.py index 413b3e69a..92faf70da 100644 --- a/tests/e2e/test_source_saml.py +++ b/tests/e2e/test_source_saml.py @@ -124,7 +124,7 @@ class TestSourceSAML(SeleniumTestCase): pre_authentication_flow=pre_authentication_flow, issuer="entity-id", sso_url="http://localhost:8080/simplesaml/saml2/idp/SSOService.php", - binding_type=SAMLBindingTypes.Redirect, + binding_type=SAMLBindingTypes.REDIRECT, signing_kp=keypair, )