change mobile device pk to uuid

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/api/v3/urls.py

@@ -1,6 +1,7 @@
 """api v3 urls"""
 from importlib import import_module
 
+from django.conf import settings
 from django.urls import path
 from django.urls.resolvers import URLPattern
 from django.views.decorators.cache import cache_page
@@ -11,7 +12,6 @@ from structlog.stdlib import get_logger
 from authentik.api.v3.config import ConfigView
 from authentik.api.views import APIBrowserView
 from authentik.lib.utils.reflection import get_apps
-from django.conf import settings
 
 LOGGER = get_logger()
 

authentik/stages/authenticator_mobile/api/device.py

@@ -1,16 +1,16 @@
 """AuthenticatorMobileStage API Views"""
 from django_filters.rest_framework.backends import DjangoFilterBackend
-from rest_framework import mixins
-from rest_framework.filters import OrderingFilter, SearchFilter
-from rest_framework.permissions import IsAdminUser
-from rest_framework.serializers import ModelSerializer
-from rest_framework.viewsets import GenericViewSet, ModelViewSet
 from drf_spectacular.utils import extend_schema, inline_serializer
+from rest_framework import mixins
 from rest_framework.decorators import action
 from rest_framework.fields import CharField, UUIDField
-
+from rest_framework.filters import OrderingFilter, SearchFilter
+from rest_framework.permissions import IsAdminUser
 from rest_framework.request import Request
 from rest_framework.response import Response
+from rest_framework.serializers import ModelSerializer
+from rest_framework.viewsets import GenericViewSet, ModelViewSet
+
 from authentik.api.authorization import OwnerFilter, OwnerPermissions
 from authentik.core.api.used_by import UsedByMixin
 from authentik.stages.authenticator_mobile.api.auth import MobileDeviceTokenAuthentication
@@ -80,10 +80,7 @@ class MobileDeviceViewSet(
         responses={
             200: inline_serializer(
                 "MobileDeviceEnrollmentCallbackSerializer",
-                {
+                {"device_token": CharField(required=True), "device_uuid": UUIDField(required=True)},
-                    "device_token": CharField(required=True),
-                    "device_uuid": UUIDField(required=True)
-                },
             ),
         },
         request=inline_serializer(

authentik/stages/authenticator_mobile/migrations/0001_initial.py

@@ -1,4 +1,6 @@
-# Generated by Django 4.1.10 on 2023-07-24 21:33
+# Generated by Django 4.2.4 on 2023-09-04 11:59
+
+import uuid
 
 import django.db.models.deletion
 from django.conf import settings
@@ -52,12 +54,6 @@ class Migration(migrations.Migration):
         migrations.CreateModel(
             name="MobileDevice",
             fields=[
-                (
-                    "id",
-                    models.AutoField(
-                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
-                    ),
-                ),
                 (
                     "name",
                     models.CharField(
@@ -68,6 +64,7 @@ class Migration(migrations.Migration):
                     "confirmed",
                     models.BooleanField(default=True, help_text="Is this device ready for use?"),
                 ),
+                ("uuid", models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
                 ("device_id", models.TextField(unique=True)),
                 (
                     "stage",
@@ -108,6 +105,7 @@ class Migration(migrations.Migration):
                         default=authentik.stages.authenticator_mobile.models.default_token_key
                     ),
                 ),
+                ("firebase_token", models.TextField(blank=True)),
                 (
                     "device",
                     models.ForeignKey(

authentik/stages/authenticator_mobile/models.py

@@ -1,5 +1,6 @@
 """Mobile authenticator stage"""
 from typing import Optional
+from uuid import uuid4
 
 from django.contrib.auth import get_user_model
 from django.db import models
@@ -60,6 +61,8 @@ class AuthenticatorMobileStage(ConfigurableStage, FriendlyNamedStage, Stage):
 class MobileDevice(SerializerModel, Device):
     """Mobile authenticator for a single user"""
 
+    uuid = models.UUIDField(primary_key=True, default=uuid4)
+
     user = models.ForeignKey(get_user_model(), on_delete=models.CASCADE)
 
     # Connect to the stage to when validating access we know the API Credentials

authentik/stages/authenticator_mobile/stage.py

@@ -10,7 +10,10 @@ from authentik.flows.challenge import (
     WithUserInfoChallenge,
 )
 from authentik.flows.stage import ChallengeStageView
-from authentik.stages.authenticator_mobile.models import AuthenticatorMobileStage, MobileDevice, MobileDeviceToken
+from authentik.stages.authenticator_mobile.models import (
+    MobileDevice,
+    MobileDeviceToken,
+)
 
 FLOW_PLAN_MOBILE_ENROLL = "authentik/stages/authenticator_mobile/enroll"
 

blueprints/schema.json

@@ -6148,6 +6148,11 @@
         "model_authentik_stages_authenticator_mobile.mobiledevice": {
             "type": "object",
             "properties": {
+                "pk": {
+                    "type": "string",
+                    "format": "uuid",
+                    "title": "Uuid"
+                },
                 "name": {
                     "type": "string",
                     "maxLength": 64,

schema.yml

@@ -648,16 +648,17 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-  /authenticators/admin/mobile/{id}/:
+  /authenticators/admin/mobile/{uuid}/:
     get:
       operationId: authenticators_admin_mobile_retrieve
       description: Viewset for Mobile authenticator devices (for admins)
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -687,10 +688,11 @@ paths:
       description: Viewset for Mobile authenticator devices (for admins)
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -726,10 +728,11 @@ paths:
       description: Viewset for Mobile authenticator devices (for admins)
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -764,10 +767,11 @@ paths:
       description: Viewset for Mobile authenticator devices (for admins)
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -2017,16 +2021,17 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-  /authenticators/mobile/{id}/:
+  /authenticators/mobile/{uuid}/:
     get:
       operationId: authenticators_mobile_retrieve
       description: Viewset for Mobile authenticator devices
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -2056,10 +2061,11 @@ paths:
       description: Viewset for Mobile authenticator devices
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -2095,10 +2101,11 @@ paths:
       description: Viewset for Mobile authenticator devices
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -2133,10 +2140,11 @@ paths:
       description: Viewset for Mobile authenticator devices
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -2157,16 +2165,17 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-  /authenticators/mobile/{id}/enrollment_callback/:
+  /authenticators/mobile/{uuid}/enrollment_callback/:
     post:
       operationId: authenticators_mobile_enrollment_callback_create
       description: Enrollment callback
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -2197,16 +2206,17 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-  /authenticators/mobile/{id}/receive_response/:
+  /authenticators/mobile/{uuid}/receive_response/:
     post:
       operationId: authenticators_mobile_receive_response_create
       description: Get response from notification on phone
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -2237,17 +2247,18 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-  /authenticators/mobile/{id}/set_notification_key/:
+  /authenticators/mobile/{uuid}/set_notification_key/:
     post:
       operationId: authenticators_mobile_set_notification_key_create
       description: Called by the phone whenever the firebase key changes and we need
         to update it
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -2274,16 +2285,17 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-  /authenticators/mobile/{id}/used_by/:
+  /authenticators/mobile/{uuid}/used_by/:
     get:
       operationId: authenticators_mobile_used_by_list
       description: Get a list of all objects that use this object
       parameters:
       - in: path
-        name: id
+        name: uuid
         schema:
-          type: integer
+          type: string
-        description: A unique integer value identifying this Mobile Device.
+          format: uuid
+        description: A UUID string identifying this Mobile Device.
         required: true
       tags:
       - authenticators
@@ -35194,16 +35206,15 @@ components:
       description: Serializer for Mobile authenticator devices
       properties:
         pk:
-          type: integer
+          type: string
-          readOnly: true
+          format: uuid
-          title: ID
+          title: Uuid
         name:
           type: string
           description: The human-readable name of this device.
           maxLength: 64
       required:
       - name
-      - pk
     MobileDeviceEnrollmentCallback:
       type: object
       properties:
@@ -35227,6 +35238,10 @@ components:
       type: object
       description: Serializer for Mobile authenticator devices
       properties:
+        pk:
+          type: string
+          format: uuid
+          title: Uuid
         name:
           type: string
           minLength: 1
@@ -39072,6 +39087,10 @@ components:
       type: object
       description: Serializer for Mobile authenticator devices
       properties:
+        pk:
+          type: string
+          format: uuid
+          title: Uuid
         name:
           type: string
           minLength: 1