stages/authenticator_*: migrate remaining stages to webcomponents
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
1ef5a8e6c5
commit
a085632b8e
|
@ -1,4 +1,6 @@
|
||||||
"""Authenticator Static stage"""
|
"""Authenticator Static stage"""
|
||||||
|
from importlib import import_module
|
||||||
|
|
||||||
from django.apps import AppConfig
|
from django.apps import AppConfig
|
||||||
|
|
||||||
|
|
||||||
|
@ -8,4 +10,6 @@ class AuthentikStageAuthenticatorStaticConfig(AppConfig):
|
||||||
name = "authentik.stages.authenticator_static"
|
name = "authentik.stages.authenticator_static"
|
||||||
label = "authentik_stages_authenticator_static"
|
label = "authentik_stages_authenticator_static"
|
||||||
verbose_name = "authentik Stages.Authenticator.Static"
|
verbose_name = "authentik Stages.Authenticator.Static"
|
||||||
mountpoint = "-/user/authenticator/static/"
|
|
||||||
|
def ready(self):
|
||||||
|
import_module("authentik.stages.authenticator_static.signals")
|
||||||
|
|
|
@ -3,12 +3,11 @@ from typing import Optional, Type
|
||||||
|
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.forms import ModelForm
|
from django.forms import ModelForm
|
||||||
from django.urls import reverse
|
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from rest_framework.serializers import BaseSerializer
|
from rest_framework.serializers import BaseSerializer
|
||||||
|
|
||||||
from authentik.flows.challenge import Challenge, ChallengeTypes
|
from authentik.core.types import UserSettingSerializer
|
||||||
from authentik.flows.models import ConfigurableStage, Stage
|
from authentik.flows.models import ConfigurableStage, Stage
|
||||||
|
|
||||||
|
|
||||||
|
@ -42,15 +41,11 @@ class AuthenticatorStaticStage(ConfigurableStage, Stage):
|
||||||
return AuthenticatorStaticStageForm
|
return AuthenticatorStaticStageForm
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def ui_user_settings(self) -> Optional[Challenge]:
|
def ui_user_settings(self) -> Optional[UserSettingSerializer]:
|
||||||
return Challenge(
|
return UserSettingSerializer(
|
||||||
data={
|
data={
|
||||||
"type": ChallengeTypes.shell.value,
|
|
||||||
"title": str(self._meta.verbose_name),
|
"title": str(self._meta.verbose_name),
|
||||||
"component": reverse(
|
"component": "ak-user-settings-authenticator-static",
|
||||||
"authentik_stages_authenticator_static:user-settings",
|
|
||||||
kwargs={"stage_uuid": self.stage_uuid},
|
|
||||||
),
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
"""totp authenticator signals"""
|
||||||
|
from django.db.models.signals import pre_delete
|
||||||
|
from django.dispatch import receiver
|
||||||
|
from django_otp.plugins.otp_static.models import StaticDevice
|
||||||
|
|
||||||
|
from authentik.events.models import Event
|
||||||
|
|
||||||
|
|
||||||
|
@receiver(pre_delete, sender=StaticDevice)
|
||||||
|
# pylint: disable=unused-argument
|
||||||
|
def pre_delete_event(sender, instance: StaticDevice, **_):
|
||||||
|
# Create event with email notification
|
||||||
|
event = Event.new(
|
||||||
|
"static_authenticator_disable", message="User disabled Static OTP Tokens."
|
||||||
|
)
|
||||||
|
event.set_user(instance.user)
|
||||||
|
event.save()
|
|
@ -1,31 +0,0 @@
|
||||||
{% load i18n %}
|
|
||||||
|
|
||||||
<div class="pf-c-card">
|
|
||||||
<div class="pf-c-card__title">
|
|
||||||
{% trans "Static One-Time Passwords" %}
|
|
||||||
</div>
|
|
||||||
<div class="pf-c-card__body">
|
|
||||||
<p>
|
|
||||||
{% blocktrans with state=state|yesno:"Enabled,Disabled" %}
|
|
||||||
Status: {{ state }}
|
|
||||||
{% endblocktrans %}
|
|
||||||
{% if state %}
|
|
||||||
<i class="pf-icon pf-icon-ok"></i>
|
|
||||||
{% else %}
|
|
||||||
<i class="pf-icon pf-icon-error-circle-o"></i>
|
|
||||||
{% endif %}
|
|
||||||
</p>
|
|
||||||
<ul class="ak-otp-tokens">
|
|
||||||
{% for token in tokens %}
|
|
||||||
<li>{{ token.token }}</li>
|
|
||||||
{% endfor %}
|
|
||||||
</ul>
|
|
||||||
{% if not state %}
|
|
||||||
{% if stage.configure_flow %}
|
|
||||||
<a href="{% url 'authentik_flows:configure' stage_uuid=stage.stage_uuid %}?next=/%23user" class="ak-root-link pf-c-button pf-m-primary">{% trans "Enable Static Tokens" %}</a>
|
|
||||||
{% endif %}
|
|
||||||
{% else %}
|
|
||||||
<a href="{% url 'authentik_stages_authenticator_static:disable' stage_uuid=stage.stage_uuid %}" class="ak-root-pf-c-button pf-m-danger">{% trans "Disable Static Tokens" %}</a>
|
|
||||||
{% endif %}
|
|
||||||
</div>
|
|
||||||
</div>
|
|
|
@ -1,11 +0,0 @@
|
||||||
"""Static Authenticator urls"""
|
|
||||||
from django.urls import path
|
|
||||||
|
|
||||||
from authentik.stages.authenticator_static.views import DisableView, UserSettingsView
|
|
||||||
|
|
||||||
urlpatterns = [
|
|
||||||
path(
|
|
||||||
"<uuid:stage_uuid>/settings/", UserSettingsView.as_view(), name="user-settings"
|
|
||||||
),
|
|
||||||
path("<uuid:stage_uuid>/disable/", DisableView.as_view(), name="disable"),
|
|
||||||
]
|
|
|
@ -1,47 +0,0 @@
|
||||||
"""Static Authenticator view Tokens"""
|
|
||||||
from django.contrib import messages
|
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
|
||||||
from django.http import HttpRequest, HttpResponse
|
|
||||||
from django.shortcuts import get_object_or_404, redirect
|
|
||||||
from django.views import View
|
|
||||||
from django.views.generic import TemplateView
|
|
||||||
from django_otp.plugins.otp_static.models import StaticDevice, StaticToken
|
|
||||||
|
|
||||||
from authentik.events.models import Event
|
|
||||||
from authentik.stages.authenticator_static.models import AuthenticatorStaticStage
|
|
||||||
|
|
||||||
|
|
||||||
class UserSettingsView(LoginRequiredMixin, TemplateView):
|
|
||||||
"""View for user settings to control OTP"""
|
|
||||||
|
|
||||||
template_name = "stages/authenticator_static/user_settings.html"
|
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
|
||||||
kwargs = super().get_context_data(**kwargs)
|
|
||||||
stage = get_object_or_404(
|
|
||||||
AuthenticatorStaticStage, pk=self.kwargs["stage_uuid"]
|
|
||||||
)
|
|
||||||
kwargs["stage"] = stage
|
|
||||||
static_devices = StaticDevice.objects.filter(
|
|
||||||
user=self.request.user, confirmed=True
|
|
||||||
)
|
|
||||||
kwargs["state"] = static_devices.exists()
|
|
||||||
if static_devices.exists():
|
|
||||||
kwargs["tokens"] = StaticToken.objects.filter(device=static_devices.first())
|
|
||||||
return kwargs
|
|
||||||
|
|
||||||
|
|
||||||
class DisableView(LoginRequiredMixin, View):
|
|
||||||
"""Disable Static Tokens for user"""
|
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
|
||||||
def get(self, request: HttpRequest, **kwargs) -> HttpResponse:
|
|
||||||
"""Delete all the devices for user"""
|
|
||||||
devices = StaticDevice.objects.filter(user=request.user, confirmed=True)
|
|
||||||
devices.delete()
|
|
||||||
messages.success(request, "Successfully disabled Static OTP Tokens")
|
|
||||||
# Create event with email notification
|
|
||||||
Event.new(
|
|
||||||
"static_otp_disable", message="User disabled Static OTP Tokens."
|
|
||||||
).from_http(request)
|
|
||||||
return redirect("/")
|
|
|
@ -1,4 +1,6 @@
|
||||||
"""OTP Time"""
|
"""TOTP"""
|
||||||
|
from importlib import import_module
|
||||||
|
|
||||||
from django.apps import AppConfig
|
from django.apps import AppConfig
|
||||||
|
|
||||||
|
|
||||||
|
@ -8,4 +10,6 @@ class AuthentikStageAuthenticatorTOTPConfig(AppConfig):
|
||||||
name = "authentik.stages.authenticator_totp"
|
name = "authentik.stages.authenticator_totp"
|
||||||
label = "authentik_stages_authenticator_totp"
|
label = "authentik_stages_authenticator_totp"
|
||||||
verbose_name = "authentik Stages.Authenticator.TOTP"
|
verbose_name = "authentik Stages.Authenticator.TOTP"
|
||||||
mountpoint = "-/user/authenticator/totp/"
|
|
||||||
|
def ready(self):
|
||||||
|
import_module("authentik.stages.authenticator_totp.signals")
|
||||||
|
|
|
@ -3,12 +3,11 @@ from typing import Optional, Type
|
||||||
|
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.forms import ModelForm
|
from django.forms import ModelForm
|
||||||
from django.urls import reverse
|
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from rest_framework.serializers import BaseSerializer
|
from rest_framework.serializers import BaseSerializer
|
||||||
|
|
||||||
from authentik.flows.challenge import Challenge, ChallengeTypes
|
from authentik.core.types import UserSettingSerializer
|
||||||
from authentik.flows.models import ConfigurableStage, Stage
|
from authentik.flows.models import ConfigurableStage, Stage
|
||||||
|
|
||||||
|
|
||||||
|
@ -45,15 +44,11 @@ class AuthenticatorTOTPStage(ConfigurableStage, Stage):
|
||||||
return AuthenticatorTOTPStageForm
|
return AuthenticatorTOTPStageForm
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def ui_user_settings(self) -> Optional[Challenge]:
|
def ui_user_settings(self) -> Optional[UserSettingSerializer]:
|
||||||
return Challenge(
|
return UserSettingSerializer(
|
||||||
data={
|
data={
|
||||||
"type": ChallengeTypes.shell.value,
|
|
||||||
"title": str(self._meta.verbose_name),
|
"title": str(self._meta.verbose_name),
|
||||||
"component": reverse(
|
"component": "ak-user-settings-authenticator-totp",
|
||||||
"authentik_stages_authenticator_totp:user-settings",
|
|
||||||
kwargs={"stage_uuid": self.stage_uuid},
|
|
||||||
),
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
"""totp authenticator signals"""
|
||||||
|
from django.db.models.signals import pre_delete
|
||||||
|
from django.dispatch import receiver
|
||||||
|
from django_otp.plugins.otp_totp.models import TOTPDevice
|
||||||
|
|
||||||
|
from authentik.events.models import Event
|
||||||
|
|
||||||
|
|
||||||
|
@receiver(pre_delete, sender=TOTPDevice)
|
||||||
|
# pylint: disable=unused-argument
|
||||||
|
def pre_delete_event(sender, instance: TOTPDevice, **_):
|
||||||
|
# Create event with email notification
|
||||||
|
event = Event.new("totp_disable", message="User disabled Time-based OTP.")
|
||||||
|
event.set_user(instance.user)
|
||||||
|
event.save()
|
|
@ -1,28 +0,0 @@
|
||||||
{% load i18n %}
|
|
||||||
|
|
||||||
<div class="pf-c-card">
|
|
||||||
<div class="pf-c-card__title">
|
|
||||||
{% trans "Time-based One-Time Passwords" %}
|
|
||||||
</div>
|
|
||||||
<div class="pf-c-card__body">
|
|
||||||
<p>
|
|
||||||
{% blocktrans with state=state|yesno:"Enabled,Disabled" %}
|
|
||||||
Status: {{ state }}
|
|
||||||
{% endblocktrans %}
|
|
||||||
{% if state %}
|
|
||||||
<i class="pf-icon pf-icon-ok"></i>
|
|
||||||
{% else %}
|
|
||||||
<i class="pf-icon pf-icon-error-circle-o"></i>
|
|
||||||
{% endif %}
|
|
||||||
</p>
|
|
||||||
<p>
|
|
||||||
{% if not state %}
|
|
||||||
{% if stage.configure_flow %}
|
|
||||||
<a href="{% url 'authentik_flows:configure' stage_uuid=stage.stage_uuid %}?next=/%23user" class="ak-root-link pf-c-button pf-m-primary">{% trans "Enable Time-based OTP" %}</a>
|
|
||||||
{% endif %}
|
|
||||||
{% else %}
|
|
||||||
<a href="{% url 'authentik_stages_authenticator_totp:disable' stage_uuid=stage.stage_uuid %}" class="ak-root-pf-c-button pf-m-danger">{% trans "Disable Time-based OTP" %}</a>
|
|
||||||
{% endif %}
|
|
||||||
</p>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
|
@ -1,11 +0,0 @@
|
||||||
"""OTP Time urls"""
|
|
||||||
from django.urls import path
|
|
||||||
|
|
||||||
from authentik.stages.authenticator_totp.views import DisableView, UserSettingsView
|
|
||||||
|
|
||||||
urlpatterns = [
|
|
||||||
path(
|
|
||||||
"<uuid:stage_uuid>/settings/", UserSettingsView.as_view(), name="user-settings"
|
|
||||||
),
|
|
||||||
path("<uuid:stage_uuid>/disable/", DisableView.as_view(), name="disable"),
|
|
||||||
]
|
|
|
@ -1,42 +0,0 @@
|
||||||
"""otp time-based view"""
|
|
||||||
from django.contrib import messages
|
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
|
||||||
from django.http import HttpRequest, HttpResponse
|
|
||||||
from django.shortcuts import get_object_or_404, redirect
|
|
||||||
from django.views import View
|
|
||||||
from django.views.generic import TemplateView
|
|
||||||
from django_otp.plugins.otp_totp.models import TOTPDevice
|
|
||||||
|
|
||||||
from authentik.events.models import Event
|
|
||||||
from authentik.stages.authenticator_totp.models import AuthenticatorTOTPStage
|
|
||||||
|
|
||||||
|
|
||||||
class UserSettingsView(LoginRequiredMixin, TemplateView):
|
|
||||||
"""View for user settings to control OTP"""
|
|
||||||
|
|
||||||
template_name = "stages/authenticator_totp/user_settings.html"
|
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
|
||||||
kwargs = super().get_context_data(**kwargs)
|
|
||||||
stage = get_object_or_404(AuthenticatorTOTPStage, pk=self.kwargs["stage_uuid"])
|
|
||||||
kwargs["stage"] = stage
|
|
||||||
|
|
||||||
totp_devices = TOTPDevice.objects.filter(user=self.request.user, confirmed=True)
|
|
||||||
kwargs["state"] = totp_devices.exists()
|
|
||||||
return kwargs
|
|
||||||
|
|
||||||
|
|
||||||
class DisableView(LoginRequiredMixin, View):
|
|
||||||
"""Disable TOTP for user"""
|
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
|
||||||
def get(self, request: HttpRequest, **kwargs) -> HttpResponse:
|
|
||||||
"""Delete all the devices for user"""
|
|
||||||
totp = TOTPDevice.objects.filter(user=request.user, confirmed=True)
|
|
||||||
totp.delete()
|
|
||||||
messages.success(request, "Successfully disabled Time-based OTP")
|
|
||||||
# Create event with email notification
|
|
||||||
Event.new("totp_disable", message="User disabled Time-based OTP.").from_http(
|
|
||||||
request
|
|
||||||
)
|
|
||||||
return redirect("/")
|
|
|
@ -13,18 +13,7 @@ import "../../../elements/forms/FormElement";
|
||||||
import "../../../elements/EmptyState";
|
import "../../../elements/EmptyState";
|
||||||
import "../../FormStatic";
|
import "../../FormStatic";
|
||||||
|
|
||||||
export interface AuthenticatorStaticChallenge extends WithUserInfoChallenge {
|
export const STATIC_TOKEN_STYLE = css`
|
||||||
codes: number[];
|
|
||||||
}
|
|
||||||
|
|
||||||
@customElement("ak-stage-authenticator-static")
|
|
||||||
export class AuthenticatorStaticStage extends BaseStage {
|
|
||||||
|
|
||||||
@property({ attribute: false })
|
|
||||||
challenge?: AuthenticatorStaticChallenge;
|
|
||||||
|
|
||||||
static get styles(): CSSResult[] {
|
|
||||||
return [PFBase, PFLogin, PFForm, PFFormControl, PFTitle, PFButton, AKGlobal].concat(css`
|
|
||||||
/* Static OTP Tokens */
|
/* Static OTP Tokens */
|
||||||
.ak-otp-tokens {
|
.ak-otp-tokens {
|
||||||
list-style: circle;
|
list-style: circle;
|
||||||
|
@ -37,7 +26,20 @@ export class AuthenticatorStaticStage extends BaseStage {
|
||||||
font-size: var(--pf-global--FontSize--2xl);
|
font-size: var(--pf-global--FontSize--2xl);
|
||||||
font-family: monospace;
|
font-family: monospace;
|
||||||
}
|
}
|
||||||
`);
|
`;
|
||||||
|
|
||||||
|
export interface AuthenticatorStaticChallenge extends WithUserInfoChallenge {
|
||||||
|
codes: number[];
|
||||||
|
}
|
||||||
|
|
||||||
|
@customElement("ak-stage-authenticator-static")
|
||||||
|
export class AuthenticatorStaticStage extends BaseStage {
|
||||||
|
|
||||||
|
@property({ attribute: false })
|
||||||
|
challenge?: AuthenticatorStaticChallenge;
|
||||||
|
|
||||||
|
static get styles(): CSSResult[] {
|
||||||
|
return [PFBase, PFLogin, PFForm, PFFormControl, PFTitle, PFButton, AKGlobal, STATIC_TOKEN_STYLE];
|
||||||
}
|
}
|
||||||
|
|
||||||
render(): TemplateResult {
|
render(): TemplateResult {
|
||||||
|
|
|
@ -20,8 +20,10 @@ import { ifDefined } from "lit-html/directives/if-defined";
|
||||||
import "../../elements/Tabs";
|
import "../../elements/Tabs";
|
||||||
import "../tokens/UserTokenList";
|
import "../tokens/UserTokenList";
|
||||||
import "../generic/SiteShell";
|
import "../generic/SiteShell";
|
||||||
import "./settings/AuthenticatorWebAuthnDevices";
|
import "./settings/UserSettingsAuthenticatorTOTP";
|
||||||
import "./settings/Password";
|
import "./settings/UserSettingsAuthenticatorStatic";
|
||||||
|
import "./settings/UserSettingsAuthenticatorWebAuthnDevices";
|
||||||
|
import "./settings/UserSettingsPassword";
|
||||||
|
|
||||||
@customElement("ak-user-settings")
|
@customElement("ak-user-settings")
|
||||||
export class UserSettingsPage extends LitElement {
|
export class UserSettingsPage extends LitElement {
|
||||||
|
@ -38,6 +40,12 @@ export class UserSettingsPage extends LitElement {
|
||||||
case "ak-user-settings-password":
|
case "ak-user-settings-password":
|
||||||
return html`<ak-user-settings-password stageId=${stage.objectUid}>
|
return html`<ak-user-settings-password stageId=${stage.objectUid}>
|
||||||
</ak-user-settings-password>`;
|
</ak-user-settings-password>`;
|
||||||
|
case "ak-user-settings-authenticator-totp":
|
||||||
|
return html`<ak-user-settings-authenticator-totp stageId=${stage.objectUid}>
|
||||||
|
</ak-user-settings-authenticator-totp>`;
|
||||||
|
case "ak-user-settings-authenticator-static":
|
||||||
|
return html`<ak-user-settings-authenticator-static stageId=${stage.objectUid}>
|
||||||
|
</ak-user-settings-authenticator-static>`;
|
||||||
default:
|
default:
|
||||||
return html`<div class="pf-u-display-flex pf-u-justify-content-center">
|
return html`<div class="pf-u-display-flex pf-u-justify-content-center">
|
||||||
<div class="pf-u-w-75">
|
<div class="pf-u-w-75">
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
import { CSSResult, LitElement, property } from "lit-element";
|
||||||
|
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||||
|
import PFCard from "@patternfly/patternfly/components/Card/card.css";
|
||||||
|
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||||
|
import AKGlobal from "../../../authentik.css";
|
||||||
|
|
||||||
|
export abstract class BaseUserSettings extends LitElement {
|
||||||
|
|
||||||
|
@property()
|
||||||
|
objectId!: string;
|
||||||
|
|
||||||
|
static get styles(): CSSResult[] {
|
||||||
|
return [PFBase, PFCard, PFButton, AKGlobal];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -1,35 +0,0 @@
|
||||||
import { CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
|
|
||||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
|
||||||
import PFCard from "@patternfly/patternfly/components/Card/card.css";
|
|
||||||
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
|
||||||
import AKGlobal from "../../../authentik.css";
|
|
||||||
import { gettext } from "django";
|
|
||||||
import { FlowURLManager } from "../../../api/legacy";
|
|
||||||
|
|
||||||
@customElement("ak-user-settings-password")
|
|
||||||
export class UserSettingsPassword extends LitElement {
|
|
||||||
|
|
||||||
@property()
|
|
||||||
stageId!: string;
|
|
||||||
|
|
||||||
static get styles(): CSSResult[] {
|
|
||||||
return [PFBase, PFCard, PFButton, AKGlobal];
|
|
||||||
}
|
|
||||||
|
|
||||||
render(): TemplateResult {
|
|
||||||
// For this stage we don't need to check for a configureFlow,
|
|
||||||
// as the stage won't return any UI Elements if no configureFlow is set.
|
|
||||||
return html`<div class="pf-c-card">
|
|
||||||
<div class="pf-c-card__title">
|
|
||||||
${gettext('Change your password')}
|
|
||||||
</div>
|
|
||||||
<div class="pf-c-card__body">
|
|
||||||
<a href="${FlowURLManager.configure(this.stageId, '?next=/%23user')}"
|
|
||||||
class="pf-c-button pf-m-primary">
|
|
||||||
${gettext('Change password')}
|
|
||||||
</a>
|
|
||||||
</div>
|
|
||||||
</div>`;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -0,0 +1,69 @@
|
||||||
|
import { AuthenticatorsApi, StagesApi } from "authentik-api";
|
||||||
|
import { gettext } from "django";
|
||||||
|
import { customElement, html, TemplateResult } from "lit-element";
|
||||||
|
import { until } from "lit-html/directives/until";
|
||||||
|
import { DEFAULT_CONFIG } from "../../../api/Config";
|
||||||
|
import { FlowURLManager } from "../../../api/legacy";
|
||||||
|
import { BaseUserSettings } from "./BaseUserSettings";
|
||||||
|
|
||||||
|
@customElement("ak-user-settings-authenticator-static")
|
||||||
|
export class UserSettingsAuthenticatorStatic extends BaseUserSettings {
|
||||||
|
|
||||||
|
renderEnabled(): TemplateResult {
|
||||||
|
return html`<div class="pf-c-card__body">
|
||||||
|
<p>
|
||||||
|
${gettext("Status: Enabled")}
|
||||||
|
<i class="pf-icon pf-icon-ok"></i>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
<div class="pf-c-card__footer">
|
||||||
|
<button
|
||||||
|
class="pf-c-button pf-m-danger"
|
||||||
|
@click=${() => {
|
||||||
|
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsTotpList({}).then((devices) => {
|
||||||
|
if (devices.results.length < 1) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// TODO: Handle multiple devices, currently we assume only one TOTP Device
|
||||||
|
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsTotpDelete({
|
||||||
|
id: devices.results[0].pk || 0
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}}>
|
||||||
|
${gettext("Disable Time-based OTP")}
|
||||||
|
</button>
|
||||||
|
</div>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
renderDisabled(): TemplateResult {
|
||||||
|
return html`
|
||||||
|
<div class="pf-c-card__body">
|
||||||
|
<p>
|
||||||
|
${gettext("Status: Disabled")}
|
||||||
|
<i class="pf-icon pf-icon-error-circle-o"></i>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
<div class="pf-c-card__footer">
|
||||||
|
${until(new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorTotpRead({ stageUuid: this.objectId}).then((stage) => {
|
||||||
|
if (stage.configureFlow) {
|
||||||
|
return html`<a href="${FlowURLManager.configure(stage.pk || "", "?next=/%23%2Fuser")}"
|
||||||
|
class="pf-c-button pf-m-primary">${gettext("Enable Time-based OTP")}
|
||||||
|
</a>`;
|
||||||
|
}
|
||||||
|
return html``;
|
||||||
|
}))}
|
||||||
|
</div>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
render(): TemplateResult {
|
||||||
|
return html`<div class="pf-c-card">
|
||||||
|
<div class="pf-c-card__title">
|
||||||
|
${gettext("Time-based One-Time Passwords")}
|
||||||
|
</div>
|
||||||
|
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsTotpList({}).then((devices) => {
|
||||||
|
return devices.results.length > 0 ? this.renderEnabled() : this.renderDisabled();
|
||||||
|
}))}
|
||||||
|
</div>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,84 @@
|
||||||
|
import { AuthenticatorsApi, StagesApi } from "authentik-api";
|
||||||
|
import { gettext } from "django";
|
||||||
|
import { CSSResult, customElement, html, TemplateResult } from "lit-element";
|
||||||
|
import { until } from "lit-html/directives/until";
|
||||||
|
import { DEFAULT_CONFIG } from "../../../api/Config";
|
||||||
|
import { FlowURLManager } from "../../../api/legacy";
|
||||||
|
import { STATIC_TOKEN_STYLE } from "../../../flows/stages/authenticator_static/AuthenticatorStaticStage";
|
||||||
|
import { BaseUserSettings } from "./BaseUserSettings";
|
||||||
|
|
||||||
|
@customElement("ak-user-settings-authenticator-totp")
|
||||||
|
export class UserSettingsAuthenticatorTOTP extends BaseUserSettings {
|
||||||
|
|
||||||
|
static get styles(): CSSResult[] {
|
||||||
|
return super.styles.concat(STATIC_TOKEN_STYLE);
|
||||||
|
}
|
||||||
|
|
||||||
|
renderEnabled(): TemplateResult {
|
||||||
|
return html`<div class="pf-c-card__body">
|
||||||
|
<p>
|
||||||
|
${gettext("Status: Enabled")}
|
||||||
|
<i class="pf-icon pf-icon-ok"></i>
|
||||||
|
</p>
|
||||||
|
<ul class="ak-otp-tokens">
|
||||||
|
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticList({}).then((devices) => {
|
||||||
|
if (devices.results.length < 1) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
return devices.results[0].tokenSet?.map((token) => {
|
||||||
|
return html`<li>${token.token}</li>`;
|
||||||
|
});
|
||||||
|
}))}
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<div class="pf-c-card__footer">
|
||||||
|
<button
|
||||||
|
class="pf-c-button pf-m-danger"
|
||||||
|
@click=${() => {
|
||||||
|
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticList({}).then((devices) => {
|
||||||
|
if (devices.results.length < 1) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// TODO: Handle multiple devices, currently we assume only one TOTP Device
|
||||||
|
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticDelete({
|
||||||
|
id: devices.results[0].pk || 0
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}}>
|
||||||
|
${gettext("Disable Static Tokens")}
|
||||||
|
</button>
|
||||||
|
</div>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
renderDisabled(): TemplateResult {
|
||||||
|
return html`
|
||||||
|
<div class="pf-c-card__body">
|
||||||
|
<p>
|
||||||
|
${gettext("Status: Disabled")}
|
||||||
|
<i class="pf-icon pf-icon-error-circle-o"></i>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
<div class="pf-c-card__footer">
|
||||||
|
${until(new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorStaticRead({ stageUuid: this.objectId}).then((stage) => {
|
||||||
|
if (stage.configureFlow) {
|
||||||
|
return html`<a href="${FlowURLManager.configure(stage.pk || "", "?next=/%23%2Fuser")}"
|
||||||
|
class="pf-c-button pf-m-primary">${gettext("Enable Static Tokens")}
|
||||||
|
</a>`;
|
||||||
|
}
|
||||||
|
return html``;
|
||||||
|
}))}
|
||||||
|
</div>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
render(): TemplateResult {
|
||||||
|
return html`<div class="pf-c-card">
|
||||||
|
<div class="pf-c-card__title">
|
||||||
|
${gettext("Static Tokens")}
|
||||||
|
</div>
|
||||||
|
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsTotpList({}).then((devices) => {
|
||||||
|
return devices.results.length > 0 ? this.renderEnabled() : this.renderDisabled();
|
||||||
|
}))}
|
||||||
|
</div>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -1,24 +1,16 @@
|
||||||
import { CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
|
import { customElement, html, TemplateResult } from "lit-element";
|
||||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
|
||||||
import PFCard from "@patternfly/patternfly/components/Card/card.css";
|
|
||||||
import PFDataList from "@patternfly/patternfly/components/DataList/data-list.css";
|
|
||||||
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
|
||||||
import AKGlobal from "../../../authentik.css";
|
|
||||||
import { gettext } from "django";
|
import { gettext } from "django";
|
||||||
import { AuthenticatorsApi, StagesApi } from "authentik-api";
|
import { AuthenticatorsApi, StagesApi } from "authentik-api";
|
||||||
import { until } from "lit-html/directives/until";
|
import { until } from "lit-html/directives/until";
|
||||||
import { FlowURLManager, UserURLManager } from "../../../api/legacy";
|
import { FlowURLManager, UserURLManager } from "../../../api/legacy";
|
||||||
import { DEFAULT_CONFIG } from "../../../api/Config";
|
import { DEFAULT_CONFIG } from "../../../api/Config";
|
||||||
|
import { BaseUserSettings } from "./BaseUserSettings";
|
||||||
|
import "../../../elements/buttons/ModalButton";
|
||||||
|
import "../../../elements/buttons/SpinnerButton";
|
||||||
|
import "../../../elements/forms/DeleteForm";
|
||||||
|
|
||||||
@customElement("ak-user-settings-authenticator-webauthn")
|
@customElement("ak-user-settings-authenticator-webauthn")
|
||||||
export class UserSettingsAuthenticatorWebAuthnDevices extends LitElement {
|
export class UserSettingsAuthenticatorWebAuthnDevices extends BaseUserSettings {
|
||||||
|
|
||||||
@property()
|
|
||||||
stageId!: string;
|
|
||||||
|
|
||||||
static get styles(): CSSResult[] {
|
|
||||||
return [PFBase, PFCard, PFButton, PFDataList, AKGlobal];
|
|
||||||
}
|
|
||||||
|
|
||||||
render(): TemplateResult {
|
render(): TemplateResult {
|
||||||
return html`<div class="pf-c-card">
|
return html`<div class="pf-c-card">
|
||||||
|
@ -39,7 +31,7 @@ export class UserSettingsAuthenticatorWebAuthnDevices extends LitElement {
|
||||||
<div class="pf-c-data-list__cell">
|
<div class="pf-c-data-list__cell">
|
||||||
<ak-modal-button href="${UserURLManager.authenticatorWebauthn(`devices/${device.pk}/update/`)}">
|
<ak-modal-button href="${UserURLManager.authenticatorWebauthn(`devices/${device.pk}/update/`)}">
|
||||||
<ak-spinner-button slot="trigger" class="pf-m-primary">
|
<ak-spinner-button slot="trigger" class="pf-m-primary">
|
||||||
${gettext('Update')}
|
${gettext("Update")}
|
||||||
</ak-spinner-button>
|
</ak-spinner-button>
|
||||||
<div slot="modal"></div>
|
<div slot="modal"></div>
|
||||||
</ak-modal-button>
|
</ak-modal-button>
|
||||||
|
@ -64,9 +56,9 @@ export class UserSettingsAuthenticatorWebAuthnDevices extends LitElement {
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
<div class="pf-c-card__footer">
|
<div class="pf-c-card__footer">
|
||||||
${until(new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnRead({stageUuid: this.stageId}).then((stage) => {
|
${until(new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorWebauthnRead({ stageUuid: this.objectId}).then((stage) => {
|
||||||
if (stage.configureFlow) {
|
if (stage.configureFlow) {
|
||||||
return html`<a href="${FlowURLManager.configure(stage.pk || "", '?next=/%23user')}"
|
return html`<a href="${FlowURLManager.configure(stage.pk || "", "?next=/%23%2Fuser")}"
|
||||||
class="pf-c-button pf-m-primary">${gettext("Configure WebAuthn")}
|
class="pf-c-button pf-m-primary">${gettext("Configure WebAuthn")}
|
||||||
</a>`;
|
</a>`;
|
||||||
}
|
}
|
|
@ -0,0 +1,25 @@
|
||||||
|
import { customElement, html, TemplateResult } from "lit-element";
|
||||||
|
import { gettext } from "django";
|
||||||
|
import { FlowURLManager } from "../../../api/legacy";
|
||||||
|
import { BaseUserSettings } from "./BaseUserSettings";
|
||||||
|
|
||||||
|
@customElement("ak-user-settings-password")
|
||||||
|
export class UserSettingsPassword extends BaseUserSettings {
|
||||||
|
|
||||||
|
render(): TemplateResult {
|
||||||
|
// For this stage we don't need to check for a configureFlow,
|
||||||
|
// as the stage won't return any UI Elements if no configureFlow is set.
|
||||||
|
return html`<div class="pf-c-card">
|
||||||
|
<div class="pf-c-card__title">
|
||||||
|
${gettext("Change your password")}
|
||||||
|
</div>
|
||||||
|
<div class="pf-c-card__body">
|
||||||
|
<a href="${FlowURLManager.configure(this.objectId, "?next=/%23%2Fuser")}"
|
||||||
|
class="pf-c-button pf-m-primary">
|
||||||
|
${gettext("Change password")}
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
</div>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Reference in New Issue