authentik/authentik/flows/challenge.py

"""Challenge helpers"""
from enum import Enum
from typing import TYPE_CHECKING, Optional

from django.http import JsonResponse
from rest_framework.fields import ChoiceField, DictField
from rest_framework.serializers import CharField

from authentik.core.api.utils import PassiveSerializer
from authentik.flows.transfer.common import DataclassEncoder

if TYPE_CHECKING:
    from authentik.flows.stage import StageView

PLAN_CONTEXT_TITLE = "title"
PLAN_CONTEXT_URL = "url"
PLAN_CONTEXT_ATTRS = "attrs"


class ChallengeTypes(Enum):
    """Currently defined challenge types"""

    NATIVE = "native"
    SHELL = "shell"
    REDIRECT = "redirect"


class ErrorDetailSerializer(PassiveSerializer):
    """Serializer for rest_framework's error messages"""

    string = CharField()
    code = CharField()


class ContextualFlowInfo(PassiveSerializer):
    """Contextual flow information for a challenge"""

    title = CharField(required=False, allow_blank=True)
    background = CharField(required=False)
    cancel_url = CharField()


class Challenge(PassiveSerializer):
    """Challenge that gets sent to the client based on which stage
    is currently active"""

    type = ChoiceField(
        choices=[(x.value, x.name) for x in ChallengeTypes],
    )
    flow_info = ContextualFlowInfo(required=False)
    component = CharField(default="")

    response_errors = DictField(
        child=ErrorDetailSerializer(many=True), allow_empty=True, required=False
    )


class RedirectChallenge(Challenge):
    """Challenge type to redirect the client"""

    to = CharField()
    component = CharField(default="xak-flow-redirect")


class ShellChallenge(Challenge):
    """challenge type to render HTML as-is"""

    body = CharField()
    component = CharField(default="xak-flow-shell")


class WithUserInfoChallenge(Challenge):
    """Challenge base which shows some user info"""

    pending_user = CharField(allow_blank=True)
    pending_user_avatar = CharField()


class AccessDeniedChallenge(WithUserInfoChallenge):
    """Challenge when a flow's active stage calls `stage_invalid()`."""

    error_message = CharField(required=False)
    component = CharField(default="ak-stage-access-denied")


class PermissionSerializer(PassiveSerializer):
    """Permission used for consent"""

    name = CharField()
    id = CharField()


class ChallengeResponse(PassiveSerializer):
    """Base class for all challenge responses"""

    stage: Optional["StageView"]
    component = CharField(default="xak-flow-response-default")

    def __init__(self, instance=None, data=None, **kwargs):
        self.stage = kwargs.pop("stage", None)
        super().__init__(instance=instance, data=data, **kwargs)


class AutosubmitChallenge(Challenge):
    """Autosubmit challenge used to send and navigate a POST request"""

    url = CharField()
    attrs = DictField(child=CharField())
    title = CharField(required=False)
    component = CharField(default="ak-stage-autosubmit")


class AutoSubmitChallengeResponse(ChallengeResponse):
    """Pseudo class for autosubmit response"""

    component = CharField(default="ak-stage-autosubmit")


class HttpChallengeResponse(JsonResponse):
    """Subclass of JsonResponse that uses the `DataclassEncoder`"""

    def __init__(self, challenge, **kwargs) -> None:
        # pyright: reportGeneralTypeIssues=false
        super().__init__(challenge.data, encoder=DataclassEncoder, **kwargs)
*: replace shortcuts.reverse with urls.reverse 2021-02-20 17:58:50 +00:00			`"""Challenge helpers"""`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`from enum import Enum`
stages/identification: move user validation to serializer 2021-02-20 19:16:20 +00:00			`from typing import TYPE_CHECKING, Optional`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00
			`from django.http import JsonResponse`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`from rest_framework.fields import ChoiceField, DictField`
*: add new base class for non-model serializers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-30 13:50:00 +00:00			`from rest_framework.serializers import CharField`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00
*: add new base class for non-model serializers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-30 13:50:00 +00:00			`from authentik.core.api.utils import PassiveSerializer`
*: replace shortcuts.reverse with urls.reverse 2021-02-20 17:58:50 +00:00			`from authentik.flows.transfer.common import DataclassEncoder`

stages/identification: move user validation to serializer 2021-02-20 19:16:20 +00:00			`if TYPE_CHECKING:`
			`from authentik.flows.stage import StageView`

flows: move autosubmit stage into flows package Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-14 10:06:19 +00:00			`PLAN_CONTEXT_TITLE = "title"`
			`PLAN_CONTEXT_URL = "url"`
			`PLAN_CONTEXT_ATTRS = "attrs"`

flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00
			`class ChallengeTypes(Enum):`
*: replace shortcuts.reverse with urls.reverse 2021-02-20 17:58:50 +00:00			`"""Currently defined challenge types"""`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00
build(deps-dev): bump pylint from 2.7.2 to 2.7.3 (#674) * build(deps-dev): bump pylint from 2.7.2 to 2.7.3 Bumps [pylint](https://github.com/PyCQA/pylint) from 2.7.2 to 2.7.3. - [Release notes](https://github.com/PyCQA/pylint/releases) - [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog) - [Commits](https://github.com/PyCQA/pylint/compare/pylint-2.7.2...pylint-2.7.3) Signed-off-by: dependabot[bot] <support@github.com> * sources/saml: fix linting for SAMLBindingTypes.Redirect Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * sources/oauth: Fix linting for RequestKind Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: fix linting for ChallengeTypes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-30 08:05:14 +00:00			`NATIVE = "native"`
			`SHELL = "shell"`
			`REDIRECT = "redirect"`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00

*: add new base class for non-model serializers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-30 13:50:00 +00:00			`class ErrorDetailSerializer(PassiveSerializer):`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`"""Serializer for rest_framework's error messages"""`

			`string = CharField()`
			`code = CharField()`


flows: move flow relevant info into ContextualFlowInfo Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-08 14:53:28 +00:00			`class ContextualFlowInfo(PassiveSerializer):`
			`"""Contextual flow information for a challenge"""`

			`title = CharField(required=False, allow_blank=True)`
			`background = CharField(required=False)`
			`cancel_url = CharField()`


*: add new base class for non-model serializers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-30 13:50:00 +00:00			`class Challenge(PassiveSerializer):`
*: replace shortcuts.reverse with urls.reverse 2021-02-20 17:58:50 +00:00			`"""Challenge that gets sent to the client based on which stage`
			`is currently active"""`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00
web: use generated API Client (#616) * api: fix types for config API * api: remove broken swagger UI * admin: re-fix system task enum * events: make event optional * events: fix Schema for notification transport test * flows: use APIView for Flow Executor * core: fix schema for Metrics APIs * web: rewrite to use generated API client * web: generate API Client in CI * admin: use x_cord and y_cord to prevent yaml issues * events: fix linting errors * web: don't lint generated code * core: fix fields not being required in TypeSerializer * flows: fix missing permission_classes * web: cleanup * web: fix rendering of graph on Overview page * web: cleanup imports * core: fix missing background image filter * flows: fix flows not advancing properly * stages/: fix warnings during get_challenge web: send Flow response as JSON instead of FormData * web: fix styles for horizontal tabs * web: add base chart class and custom chart for application view * root: generate ts client for e2e tests * web: don't attempt to connect to websocket in selenium tests * web: fix UserTokenList not being included in the build * web: fix styling for static token list * web: fix CSRF Token missing * stages/authenticator_static: fix error when disable static tokens * core: fix display issue when updating user info * web: fix Flow executor not showing spinner when redirecting 2021-03-08 10:14:00 +00:00			`type = ChoiceField(`
core: fix schema for Challenge's type enum Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-04 14:15:50 +00:00			`choices=[(x.value, x.name) for x in ChallengeTypes],`
web: use generated API Client (#616) * api: fix types for config API * api: remove broken swagger UI * admin: re-fix system task enum * events: make event optional * events: fix Schema for notification transport test * flows: use APIView for Flow Executor * core: fix schema for Metrics APIs * web: rewrite to use generated API client * web: generate API Client in CI * admin: use x_cord and y_cord to prevent yaml issues * events: fix linting errors * web: don't lint generated code * core: fix fields not being required in TypeSerializer * flows: fix missing permission_classes * web: cleanup * web: fix rendering of graph on Overview page * web: cleanup imports * core: fix missing background image filter * flows: fix flows not advancing properly * stages/: fix warnings during get_challenge web: send Flow response as JSON instead of FormData * web: fix styles for horizontal tabs * web: add base chart class and custom chart for application view * root: generate ts client for e2e tests * web: don't attempt to connect to websocket in selenium tests * web: fix UserTokenList not being included in the build * web: fix styling for static token list * web: fix CSRF Token missing * stages/authenticator_static: fix error when disable static tokens * core: fix display issue when updating user info * web: fix Flow executor not showing spinner when redirecting 2021-03-08 10:14:00 +00:00			`)`
core: add configure_url to UserSettings for both stages and sources Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-08 15:56:35 +00:00			`flow_info = ContextualFlowInfo(required=False)`
flows: make use of oneOf OpenAPI to annotate all challenge types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-24 12:08:54 +00:00			`component = CharField(default="")`
stages/*: update tests for new response 2021-02-20 18:41:32 +00:00
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`response_errors = DictField(`
flows: fix post-email continuation not working Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-24 10:57:56 +00:00			`child=ErrorDetailSerializer(many=True), allow_empty=True, required=False`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`)`

flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`class RedirectChallenge(Challenge):`
			`"""Challenge type to redirect the client"""`

			`to = CharField()`
flows: make use of oneOf OpenAPI to annotate all challenge types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-24 12:08:54 +00:00			`component = CharField(default="xak-flow-redirect")`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00

			`class ShellChallenge(Challenge):`
flows: make use of oneOf OpenAPI to annotate all challenge types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-24 12:08:54 +00:00			`"""challenge type to render HTML as-is"""`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00
			`body = CharField()`
flows: make use of oneOf OpenAPI to annotate all challenge types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-24 12:08:54 +00:00			`component = CharField(default="xak-flow-shell")`
*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00

stages/consent: migrate to SPA 2021-02-21 12:15:45 +00:00			`class WithUserInfoChallenge(Challenge):`
			`"""Challenge base which shows some user info"""`

flows: allow blank on WithUserInfo Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-25 10:53:48 +00:00			`pending_user = CharField(allow_blank=True)`
stages/consent: migrate to SPA 2021-02-21 12:15:45 +00:00			`pending_user_avatar = CharField()`


flows: use WithUserInfoChallenge for AccessDeniedChallenge Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #2039 2022-01-01 18:45:34 +00:00			`class AccessDeniedChallenge(WithUserInfoChallenge):`
flows: migrate access denied message to webcompoennts Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-23 16:23:44 +00:00			"""Challenge when a flow's active stage calls `stage_invalid()`."""

			`error_message = CharField(required=False)`
flows: make use of oneOf OpenAPI to annotate all challenge types Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-24 12:08:54 +00:00			`component = CharField(default="ak-stage-access-denied")`
flows: migrate access denied message to webcompoennts Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-23 16:23:44 +00:00

*: add new base class for non-model serializers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-30 13:50:00 +00:00			`class PermissionSerializer(PassiveSerializer):`
stages/consent: migrate to SPA 2021-02-21 12:15:45 +00:00			`"""Permission used for consent"""`

			`name = CharField()`
			`id = CharField()`


*: add new base class for non-model serializers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-03-30 13:50:00 +00:00			`class ChallengeResponse(PassiveSerializer):`
*: replace shortcuts.reverse with urls.reverse 2021-02-20 17:58:50 +00:00			`"""Base class for all challenge responses"""`
flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00
stages/identification: move user validation to serializer 2021-02-20 19:16:20 +00:00			`stage: Optional["StageView"]`
flows: add default challenge response Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-24 18:04:56 +00:00			`component = CharField(default="xak-flow-response-default")`
stages/identification: move user validation to serializer 2021-02-20 19:16:20 +00:00
web: use generated API Client (#616) * api: fix types for config API * api: remove broken swagger UI * admin: re-fix system task enum * events: make event optional * events: fix Schema for notification transport test * flows: use APIView for Flow Executor * core: fix schema for Metrics APIs * web: rewrite to use generated API client * web: generate API Client in CI * admin: use x_cord and y_cord to prevent yaml issues * events: fix linting errors * web: don't lint generated code * core: fix fields not being required in TypeSerializer * flows: fix missing permission_classes * web: cleanup * web: fix rendering of graph on Overview page * web: cleanup imports * core: fix missing background image filter * flows: fix flows not advancing properly * stages/: fix warnings during get_challenge web: send Flow response as JSON instead of FormData * web: fix styles for horizontal tabs * web: add base chart class and custom chart for application view * root: generate ts client for e2e tests * web: don't attempt to connect to websocket in selenium tests * web: fix UserTokenList not being included in the build * web: fix styling for static token list * web: fix CSRF Token missing * stages/authenticator_static: fix error when disable static tokens * core: fix display issue when updating user info * web: fix Flow executor not showing spinner when redirecting 2021-03-08 10:14:00 +00:00			`def __init__(self, instance=None, data=None, **kwargs):`
stages/identification: move user validation to serializer 2021-02-20 19:16:20 +00:00			`self.stage = kwargs.pop("stage", None)`
			`super().__init__(instance=instance, data=data, **kwargs)`

flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00
flows: move autosubmit stage into flows package Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-14 10:06:19 +00:00			`class AutosubmitChallenge(Challenge):`
			`"""Autosubmit challenge used to send and navigate a POST request"""`

			`url = CharField()`
			`attrs = DictField(child=CharField())`
			`title = CharField(required=False)`
			`component = CharField(default="ak-stage-autosubmit")`


			`class AutoSubmitChallengeResponse(ChallengeResponse):`
			`"""Pseudo class for autosubmit response"""`

			`component = CharField(default="ak-stage-autosubmit")`


flows: mount executor under api, implement initial challenge design 2021-02-17 22:52:49 +00:00			`class HttpChallengeResponse(JsonResponse):`
*: replace shortcuts.reverse with urls.reverse 2021-02-20 17:58:50 +00:00			"""Subclass of JsonResponse that uses the `DataclassEncoder`"""

*: cleanup code, return errors in challenge_invalid, fixup rendering 2021-02-20 22:19:27 +00:00			`def __init__(self, challenge, **kwargs) -> None:`
*: replace shortcuts.reverse with urls.reverse 2021-02-20 17:58:50 +00:00			`# pyright: reportGeneralTypeIssues=false`
stages/identification: implement challenge 2021-02-20 17:28:11 +00:00			`super().__init__(challenge.data, encoder=DataclassEncoder, **kwargs)`