From b3c8ffb96c7c88283007453dbb42e5112d2f84e9 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 26 Apr 2021 14:46:29 +0200
Subject: [PATCH] outposts/ldap: use authorization_flow instead of separate
 field

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/providers/ldap/api.py                   |  3 +--
 .../providers/ldap/migrations/0001_initial.py     | 15 ++-------------
 authentik/providers/ldap/models.py                | 10 ----------
 outpost/pkg/ldap/api.go                           |  2 +-
 outpost/proxy.Dockerfile                          |  1 -
 swagger.yaml                                      |  7 -------
 web/src/pages/outposts/OutpostForm.ts             | 10 ++++++++++
 web/src/pages/providers/ldap/LDAPProviderForm.ts  |  4 ++--
 8 files changed, 16 insertions(+), 36 deletions(-)

diff --git a/authentik/providers/ldap/api.py b/authentik/providers/ldap/api.py
index 5e02ce2ac..30c15a878 100644
--- a/authentik/providers/ldap/api.py
+++ b/authentik/providers/ldap/api.py
@@ -14,7 +14,6 @@ class LDAPProviderSerializer(ProviderSerializer):
 
         model = LDAPProvider
         fields = ProviderSerializer.Meta.fields + [
-            "bind_flow",
             "base_dn",
         ]
 
@@ -31,7 +30,7 @@ class LDAPOutpostConfigSerializer(ModelSerializer):
     """LDAPProvider Serializer"""
 
     application_slug = CharField(source="application.slug")
-    bind_flow_slug = CharField(source="bind_flow.slug")
+    bind_flow_slug = CharField(source="authorization_flow.slug")
 
     class Meta:
 
diff --git a/authentik/providers/ldap/migrations/0001_initial.py b/authentik/providers/ldap/migrations/0001_initial.py
index 3e51ff2f4..eaf490403 100644
--- a/authentik/providers/ldap/migrations/0001_initial.py
+++ b/authentik/providers/ldap/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.2 on 2021-04-26 09:51
+# Generated by Django 3.2 on 2021-04-26 12:45
 
 import django.db.models.deletion
 from django.db import migrations, models
@@ -10,7 +10,6 @@ class Migration(migrations.Migration):
 
     dependencies = [
         ("authentik_core", "0019_source_managed"),
-        ("authentik_flows", "0018_oob_flows"),
     ]
 
     operations = [
@@ -35,21 +34,11 @@ class Migration(migrations.Migration):
                         help_text="DN under which objects are accessible.",
                     ),
                 ),
-                (
-                    "bind_flow",
-                    models.ForeignKey(
-                        default=None,
-                        help_text="Flow which is used to bind users. When left empty, no users will be able to bind.",
-                        null=True,
-                        on_delete=django.db.models.deletion.SET_DEFAULT,
-                        to="authentik_flows.flow",
-                    ),
-                ),
             ],
             options={
                 "verbose_name": "LDAP Provider",
                 "verbose_name_plural": "LDAP Providers",
             },
-            bases=("authentik_core.provider",),
+            bases=("authentik_core.provider", models.Model),
         ),
     ]
diff --git a/authentik/providers/ldap/models.py b/authentik/providers/ldap/models.py
index 8b94ad254..67d8dc6e3 100644
--- a/authentik/providers/ldap/models.py
+++ b/authentik/providers/ldap/models.py
@@ -18,16 +18,6 @@ class LDAPProvider(OutpostModel, Provider):
         help_text=_("DN under which objects are accessible."),
     )
 
-    bind_flow = models.ForeignKey(
-        Flow,
-        null=True,
-        default=None,
-        on_delete=models.SET_DEFAULT,
-        help_text=_(
-            "Flow which is used to bind users. When left empty, no users will be able to bind."
-        ),
-    )
-
     @property
     def launch_url(self) -> Optional[str]:
         """LDAP never has a launch URL"""
diff --git a/outpost/pkg/ldap/api.go b/outpost/pkg/ldap/api.go
index be3e2cdc1..23d357fdf 100644
--- a/outpost/pkg/ldap/api.go
+++ b/outpost/pkg/ldap/api.go
@@ -37,7 +37,7 @@ func (ls *LDAPServer) Refresh() error {
 }
 
 func (ls *LDAPServer) Start() error {
-	listen := "127.0.0.1:3390"
+	listen := "0.0.0.0:3389"
 	log.Debugf("Listening on %s", listen)
 	err := ls.s.ListenAndServe(listen)
 	if err != nil {
diff --git a/outpost/proxy.Dockerfile b/outpost/proxy.Dockerfile
index 99e81d256..4da2cafcc 100644
--- a/outpost/proxy.Dockerfile
+++ b/outpost/proxy.Dockerfile
@@ -6,7 +6,6 @@ COPY . .
 
 RUN go build -o /work/proxy ./cmd/proxy
 
-# Copy binary to alpine
 FROM gcr.io/distroless/base-debian10:debug
 
 COPY --from=builder /work/proxy /
diff --git a/swagger.yaml b/swagger.yaml
index c27cea7ce..afe9a4f7b 100755
--- a/swagger.yaml
+++ b/swagger.yaml
@@ -17101,13 +17101,6 @@ definitions:
         title: Verbose name plural
         type: string
         readOnly: true
-      bind_flow:
-        title: Bind flow
-        description: Flow which is used to bind users. When left empty, no users will
-          be able to bind.
-        type: string
-        format: uuid
-        x-nullable: true
       base_dn:
         title: Base dn
         description: DN under which objects are accessible.
diff --git a/web/src/pages/outposts/OutpostForm.ts b/web/src/pages/outposts/OutpostForm.ts
index af9b7c3d7..dfec1651e 100644
--- a/web/src/pages/outposts/OutpostForm.ts
+++ b/web/src/pages/outposts/OutpostForm.ts
@@ -89,6 +89,16 @@ export class OutpostForm extends Form<Outpost> {
                             return html`<option value=${ifDefined(provider.pk)} ?selected=${selected}>${provider.verboseName} ${provider.name}</option>`;
                         });
                     }), html`<option>${t`Loading...`}</option>`)}
+                    ${until(new ProvidersApi(DEFAULT_CONFIG).providersLdapList({
+                        ordering: "pk"
+                    }).then(providers => {
+                        return providers.results.map(provider => {
+                            const selected = Array.from(this.outpost?.providers || []).some(sp => {
+                                return sp == provider.pk;
+                            });
+                            return html`<option value=${ifDefined(provider.pk)} ?selected=${selected}>${provider.verboseName} ${provider.name}</option>`;
+                        });
+                    }), html`<option>${t`Loading...`}</option>`)}
                 </select>
                 <p class="pf-c-form__helper-text">${t`Hold control/command to select multiple items.`}</p>
             </ak-form-element-horizontal>
diff --git a/web/src/pages/providers/ldap/LDAPProviderForm.ts b/web/src/pages/providers/ldap/LDAPProviderForm.ts
index 137096132..dc2d6a577 100644
--- a/web/src/pages/providers/ldap/LDAPProviderForm.ts
+++ b/web/src/pages/providers/ldap/LDAPProviderForm.ts
@@ -56,14 +56,14 @@ export class LDAPProviderFormPage extends Form<LDAPProvider> {
             <ak-form-element-horizontal
                 label=${t`Bind flow`}
                 ?required=${true}
-                name="bindFlow">
+                name="authorizationFlow">
                 <select class="pf-c-form-control">
                     ${until(new FlowsApi(DEFAULT_CONFIG).flowsInstancesList({
                         ordering: "pk",
                         designation: FlowDesignationEnum.Authentication,
                     }).then(flows => {
                         return flows.results.map(flow => {
-                            return html`<option value=${ifDefined(flow.pk)} ?selected=${this.provider?.bindFlow === flow.pk}>${flow.name} (${flow.slug})</option>`;
+                            return html`<option value=${ifDefined(flow.pk)} ?selected=${this.provider?.authorizationFlow === flow.pk}>${flow.name} (${flow.slug})</option>`;
                         });
                     }), html`<option>${t`Loading...`}</option>`)}
                 </select>