From 2b09d975228f4991c72dccf23f54d735f5a0bb4f Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 12 Oct 2021 17:45:10 +0200 Subject: [PATCH] core: fix squash migrations error when AK_ADMIN_TOKEN is set Signed-off-by: Jens Langhammer --- ...3_1737_squashed_0016_auto_20201202_2234.py | 118 ++++++++++++ ..._1345_squashed_0028_alter_token_intent.py} | 123 +----------- .../migrations/0001_squashed_0014_proxy_v2.py | 180 ++++++++++++++++++ 3 files changed, 299 insertions(+), 122 deletions(-) create mode 100644 authentik/core/migrations/0012_auto_20201003_1737_squashed_0016_auto_20201202_2234.py rename authentik/core/migrations/{0012_auto_20201003_1737_squashed_0028_alter_token_intent.py => 0018_auto_20210330_1345_squashed_0028_alter_token_intent.py} (62%) create mode 100644 authentik/providers/proxy/migrations/0001_squashed_0014_proxy_v2.py diff --git a/authentik/core/migrations/0012_auto_20201003_1737_squashed_0016_auto_20201202_2234.py b/authentik/core/migrations/0012_auto_20201003_1737_squashed_0016_auto_20201202_2234.py new file mode 100644 index 000000000..13366a547 --- /dev/null +++ b/authentik/core/migrations/0012_auto_20201003_1737_squashed_0016_auto_20201202_2234.py @@ -0,0 +1,118 @@ +# Generated by Django 3.2.8 on 2021-10-12 15:36 + +from django.apps.registry import Apps +from django.db import migrations, models +from django.db.backends.base.schema import BaseDatabaseSchemaEditor + +import authentik.core.models + + +def set_default_token_key(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): + db_alias = schema_editor.connection.alias + Token = apps.get_model("authentik_core", "Token") + + for token in Token.objects.using(db_alias).all(): + token.key = token.pk.hex + token.save() + + +class Migration(migrations.Migration): + + replaces = [ + ("authentik_core", "0012_auto_20201003_1737"), + ("authentik_core", "0013_auto_20201003_2132"), + ("authentik_core", "0014_auto_20201018_1158"), + ("authentik_core", "0015_application_icon"), + ("authentik_core", "0016_auto_20201202_2234"), + ] + + dependencies = [ + ("authentik_providers_saml", "0006_remove_samlprovider_name"), + ("authentik_providers_oauth2", "0006_remove_oauth2provider_name"), + ("authentik_core", "0011_provider_name_temp"), + ] + + operations = [ + migrations.RenameField( + model_name="provider", + old_name="name_temp", + new_name="name", + ), + migrations.AddField( + model_name="token", + name="identifier", + field=models.TextField(default=""), + preserve_default=False, + ), + migrations.AlterField( + model_name="token", + name="intent", + field=models.TextField( + choices=[ + ("verification", "Intent Verification"), + ("api", "Intent Api"), + ("recovery", "Intent Recovery"), + ], + default="verification", + ), + ), + migrations.AlterUniqueTogether( + name="token", + unique_together={("identifier", "user")}, + ), + migrations.AddField( + model_name="token", + name="key", + field=models.TextField(default=authentik.core.models.default_token_key), + ), + migrations.AlterUniqueTogether( + name="token", + unique_together=set(), + ), + migrations.AlterField( + model_name="token", + name="identifier", + field=models.SlugField(max_length=255), + ), + migrations.AddIndex( + model_name="token", + index=models.Index(fields=["key"], name="authentik_co_key_e45007_idx"), + ), + migrations.AddIndex( + model_name="token", + index=models.Index(fields=["identifier"], name="authentik_co_identif_1a34a8_idx"), + ), + migrations.RunPython( + code=set_default_token_key, + ), + migrations.RemoveField( + model_name="application", + name="meta_icon_url", + ), + migrations.AddField( + model_name="application", + name="meta_icon", + field=models.FileField(blank=True, default="", upload_to="application-icons/"), + ), + migrations.RemoveIndex( + model_name="token", + name="authentik_co_key_e45007_idx", + ), + migrations.RemoveIndex( + model_name="token", + name="authentik_co_identif_1a34a8_idx", + ), + migrations.RenameField( + model_name="user", + old_name="pb_groups", + new_name="ak_groups", + ), + migrations.AddIndex( + model_name="token", + index=models.Index(fields=["identifier"], name="authentik_c_identif_d9d032_idx"), + ), + migrations.AddIndex( + model_name="token", + index=models.Index(fields=["key"], name="authentik_c_key_f71355_idx"), + ), + ] diff --git a/authentik/core/migrations/0012_auto_20201003_1737_squashed_0028_alter_token_intent.py b/authentik/core/migrations/0018_auto_20210330_1345_squashed_0028_alter_token_intent.py similarity index 62% rename from authentik/core/migrations/0012_auto_20201003_1737_squashed_0028_alter_token_intent.py rename to authentik/core/migrations/0018_auto_20210330_1345_squashed_0028_alter_token_intent.py index e43211352..eb762a0a5 100644 --- a/authentik/core/migrations/0012_auto_20201003_1737_squashed_0028_alter_token_intent.py +++ b/authentik/core/migrations/0018_auto_20210330_1345_squashed_0028_alter_token_intent.py @@ -14,15 +14,6 @@ from django.db.models import Count import authentik.core.models -def set_default_token_key(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): - db_alias = schema_editor.connection.alias - Token = apps.get_model("authentik_core", "Token") - - for token in Token.objects.using(db_alias).all(): - token.key = token.pk.hex - token.save() - - def migrate_sessions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): db_alias = schema_editor.connection.alias from django.contrib.sessions.backends.cache import KEY_PREFIX @@ -68,12 +59,6 @@ def create_default_user_token(apps: Apps, schema_editor: BaseDatabaseSchemaEdito class Migration(migrations.Migration): replaces = [ - ("authentik_core", "0012_auto_20201003_1737"), - ("authentik_core", "0013_auto_20201003_2132"), - ("authentik_core", "0014_auto_20201018_1158"), - ("authentik_core", "0015_application_icon"), - ("authentik_core", "0016_auto_20201202_2234"), - ("authentik_core", "0017_managed"), ("authentik_core", "0018_auto_20210330_1345"), ("authentik_core", "0019_source_managed"), ("authentik_core", "0020_source_user_matching_mode"), @@ -88,116 +73,10 @@ class Migration(migrations.Migration): ] dependencies = [ - ("authentik_providers_saml", "0006_remove_samlprovider_name"), - ("authentik_core", "0011_provider_name_temp"), - ("authentik_providers_oauth2", "0006_remove_oauth2provider_name"), + ("authentik_core", "0017_managed"), ] operations = [ - migrations.RenameField( - model_name="provider", - old_name="name_temp", - new_name="name", - ), - migrations.AddField( - model_name="token", - name="identifier", - field=models.TextField(default=""), - preserve_default=False, - ), - migrations.AlterField( - model_name="token", - name="intent", - field=models.TextField( - choices=[ - ("verification", "Intent Verification"), - ("api", "Intent Api"), - ("recovery", "Intent Recovery"), - ], - default="verification", - ), - ), - migrations.AlterUniqueTogether( - name="token", - unique_together={("identifier", "user")}, - ), - migrations.AddField( - model_name="token", - name="key", - field=models.TextField(default=authentik.core.models.default_token_key), - ), - migrations.AlterUniqueTogether( - name="token", - unique_together=set(), - ), - migrations.AlterField( - model_name="token", - name="identifier", - field=models.SlugField(max_length=255), - ), - migrations.AddIndex( - model_name="token", - index=models.Index(fields=["key"], name="authentik_co_key_e45007_idx"), - ), - migrations.AddIndex( - model_name="token", - index=models.Index(fields=["identifier"], name="authentik_co_identif_1a34a8_idx"), - ), - migrations.RunPython( - code=set_default_token_key, - ), - migrations.RemoveField( - model_name="application", - name="meta_icon_url", - ), - migrations.AddField( - model_name="application", - name="meta_icon", - field=models.FileField(blank=True, default="", upload_to="application-icons/"), - ), - migrations.RemoveIndex( - model_name="token", - name="authentik_co_key_e45007_idx", - ), - migrations.RemoveIndex( - model_name="token", - name="authentik_co_identif_1a34a8_idx", - ), - migrations.RenameField( - model_name="user", - old_name="pb_groups", - new_name="ak_groups", - ), - migrations.AddIndex( - model_name="token", - index=models.Index(fields=["identifier"], name="authentik_c_identif_d9d032_idx"), - ), - migrations.AddIndex( - model_name="token", - index=models.Index(fields=["key"], name="authentik_c_key_f71355_idx"), - ), - migrations.AddField( - model_name="propertymapping", - name="managed", - field=models.TextField( - default=None, - help_text="Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.", - null=True, - unique=True, - verbose_name="Managed by authentik", - ), - ), - migrations.AddField( - model_name="token", - name="managed", - field=models.TextField( - default=None, - help_text="Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.", - null=True, - unique=True, - verbose_name="Managed by authentik", - ), - ), migrations.AlterModelOptions( name="token", options={ diff --git a/authentik/providers/proxy/migrations/0001_squashed_0014_proxy_v2.py b/authentik/providers/proxy/migrations/0001_squashed_0014_proxy_v2.py new file mode 100644 index 000000000..367a08b31 --- /dev/null +++ b/authentik/providers/proxy/migrations/0001_squashed_0014_proxy_v2.py @@ -0,0 +1,180 @@ +# Generated by Django 3.2.8 on 2021-10-12 15:39 + +import django.db.models.deletion +from django.apps.registry import Apps +from django.db import migrations, models +from django.db.backends.base.schema import BaseDatabaseSchemaEditor + +import authentik.lib.models +import authentik.providers.proxy.models + + +def migrate_defaults(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): + from authentik.providers.proxy.models import JWTAlgorithms, ProxyProvider + + db_alias = schema_editor.connection.alias + for provider in ProxyProvider.objects.using(db_alias).filter(jwt_alg=JWTAlgorithms.RS256): + provider.set_oauth_defaults() + provider.save() + + +def migrate_mode(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): + from authentik.providers.proxy.models import ProxyMode + + db_alias = schema_editor.connection.alias + ProxyProvider = apps.get_model("authentik_providers_proxy", "proxyprovider") + for provider in ProxyProvider.objects.using(db_alias).all(): + if provider.forward_auth_mode: + provider.mode = ProxyMode.FORWARD_SINGLE + provider.save() + + +class Migration(migrations.Migration): + + replaces = [ + ("authentik_providers_proxy", "0001_initial"), + ("authentik_providers_proxy", "0002_proxyprovider_cookie_secret"), + ("authentik_providers_proxy", "0003_proxyprovider_certificate"), + ("authentik_providers_proxy", "0004_auto_20200913_1947"), + ("authentik_providers_proxy", "0005_auto_20200914_1536"), + ("authentik_providers_proxy", "0006_proxyprovider_skip_path_regex"), + ("authentik_providers_proxy", "0007_auto_20200923_1017"), + ("authentik_providers_proxy", "0008_auto_20200930_0810"), + ("authentik_providers_proxy", "0009_auto_20201007_1721"), + ("authentik_providers_proxy", "0010_auto_20201214_0942"), + ("authentik_providers_proxy", "0011_proxyprovider_forward_auth_mode"), + ("authentik_providers_proxy", "0012_proxyprovider_cookie_domain"), + ("authentik_providers_proxy", "0013_mode"), + ("authentik_providers_proxy", "0014_proxy_v2"), + ] + + initial = True + + dependencies = [ + ("authentik_crypto", "0002_create_self_signed_kp"), + ("authentik_providers_oauth2", "0001_initial"), + ] + + operations = [ + migrations.CreateModel( + name="ProxyProvider", + fields=[ + ( + "oauth2provider_ptr", + models.OneToOneField( + auto_created=True, + on_delete=django.db.models.deletion.CASCADE, + parent_link=True, + primary_key=True, + serialize=False, + to="authentik_providers_oauth2.oauth2provider", + ), + ), + ( + "internal_host", + models.TextField( + blank=True, + validators=[ + authentik.lib.models.DomainlessURLValidator(schemes=("http", "https")) + ], + ), + ), + ( + "external_host", + models.TextField( + validators=[ + authentik.lib.models.DomainlessURLValidator(schemes=("http", "https")) + ] + ), + ), + ( + "cookie_secret", + models.TextField(default=authentik.providers.proxy.models.get_cookie_secret), + ), + ( + "certificate", + models.ForeignKey( + blank=True, + null=True, + on_delete=django.db.models.deletion.SET_NULL, + to="authentik_crypto.certificatekeypair", + ), + ), + ( + "skip_path_regex", + models.TextField( + blank=True, + default="", + help_text="Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.", + ), + ), + ( + "internal_host_ssl_validation", + models.BooleanField( + default=True, + help_text="Validate SSL Certificates of upstream servers", + verbose_name="Internal host SSL Validation", + ), + ), + ( + "basic_auth_enabled", + models.BooleanField( + default=False, + help_text="Set a custom HTTP-Basic Authentication header based on values from authentik.", + verbose_name="Set HTTP-Basic Authentication", + ), + ), + ( + "basic_auth_password_attribute", + models.TextField( + blank=True, + help_text="User/Group Attribute used for the password part of the HTTP-Basic Header.", + verbose_name="HTTP-Basic Password Key", + ), + ), + ( + "basic_auth_user_attribute", + models.TextField( + blank=True, + help_text="User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.", + verbose_name="HTTP-Basic Username Key", + ), + ), + ( + "forward_auth_mode", + models.BooleanField( + default=False, + help_text="Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.", + ), + ), + ("cookie_domain", models.TextField(blank=True, default="")), + ( + "mode", + models.TextField( + choices=[ + ("proxy", "Proxy"), + ("forward_single", "Forward Single"), + ("forward_domain", "Forward Domain"), + ], + default="proxy", + help_text="Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.", + ), + ), + ], + options={ + "verbose_name": "Proxy Provider", + "verbose_name_plural": "Proxy Providers", + }, + bases=("authentik_providers_oauth2.oauth2provider",), + ), + migrations.RunPython( + code=migrate_mode, + ), + migrations.RemoveField( + model_name="proxyprovider", + name="forward_auth_mode", + ), + migrations.RunPython( + code=migrate_defaults, + ), + ]