From 47cb4603da512e297a7b87e1893ccdbffe620e1c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 4 Sep 2023 19:52:33 +0200 Subject: [PATCH] start checkin Signed-off-by: Jens Langhammer --- .../stages/authenticator_mobile/api/device.py | 48 ++++++++++++++ .../stages/authenticator_mobile/models.py | 1 + blueprints/schema.json | 6 +- schema.yml | 65 +++++++++++++++++-- 4 files changed, 111 insertions(+), 9 deletions(-) diff --git a/authentik/stages/authenticator_mobile/api/device.py b/authentik/stages/authenticator_mobile/api/device.py index c546a2720..ad91bcaf4 100644 --- a/authentik/stages/authenticator_mobile/api/device.py +++ b/authentik/stages/authenticator_mobile/api/device.py @@ -1,4 +1,5 @@ """AuthenticatorMobileStage API Views""" +from django.utils.translation import gettext_lazy as _ from django_filters.rest_framework.backends import DjangoFilterBackend from drf_spectacular.utils import OpenApiResponse, extend_schema, inline_serializer from rest_framework import mixins @@ -27,10 +28,30 @@ class MobileDeviceSerializer(ModelSerializer): depth = 2 +class MobileDeviceInfoSerializer(PassiveSerializer): + """Info about a mobile device""" + + platform = ChoiceField( + ( + ("ios", "iOS"), + ("android", "Android"), + ) + ) + version = CharField() + app_version = CharField() + + +class MobileDeviceCheckInSerializer(PassiveSerializer): + """Check info into authentik""" + + info = MobileDeviceInfoSerializer() + + class MobileDeviceEnrollmentSerializer(PassiveSerializer): """Enrollment request, send the device's unique identifier""" device_uid = CharField(required=True) + info = MobileDeviceInfoSerializer() class MobileDeviceSetPushKeySerializer(PassiveSerializer): @@ -39,6 +60,25 @@ class MobileDeviceSetPushKeySerializer(PassiveSerializer): firebase_key = CharField(required=True) +class MobileDeviceResponseSerializer(PassiveSerializer): + """Response from push sent to phone""" + + tx_id = CharField(required=True) + status = ChoiceField( + ( + ( + "accept", + _("Accept"), + ), + ( + "deny", + _("Deny"), + ), + ), + required=True, + ) + + class MobileDeviceViewSet( mixins.RetrieveModelMixin, mixins.UpdateModelMixin, @@ -137,6 +177,7 @@ class MobileDeviceViewSet( methods=["POST"], detail=True, permission_classes=[], + filter_backends=[], authentication_classes=[MobileDeviceTokenAuthentication], ) def set_notification_key(self, request: Request, pk: str) -> Response: @@ -148,10 +189,17 @@ class MobileDeviceViewSet( device.save() return Response(status=204) + @extend_schema( + responses={ + 204: OpenApiResponse(description="Key successfully set"), + }, + request=MobileDeviceResponseSerializer, + ) @action( methods=["POST"], detail=True, permission_classes=[], + filter_backends=[], authentication_classes=[MobileDeviceTokenAuthentication], ) def receive_response(self, request: Request, pk: str) -> Response: diff --git a/authentik/stages/authenticator_mobile/models.py b/authentik/stages/authenticator_mobile/models.py index 1361cf7dd..136b4978e 100644 --- a/authentik/stages/authenticator_mobile/models.py +++ b/authentik/stages/authenticator_mobile/models.py @@ -127,6 +127,7 @@ class MobileDevice(SerializerModel, Device): badge=0, sound="default", content_available=True, + category="authentik_push_authentication", ), interruption_level="time-sensitive", ), diff --git a/blueprints/schema.json b/blueprints/schema.json index 582cb0dbd..0a50130cd 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -1613,7 +1613,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1649,7 +1650,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, diff --git a/schema.yml b/schema.yml index bae7089ae..225a22614 100644 --- a/schema.yml +++ b/schema.yml @@ -2259,17 +2259,13 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/MobileDeviceRequest' + $ref: '#/components/schemas/MobileDeviceResponseRequest' required: true security: - mobile_device_token: [] responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MobileDevice' - description: '' + '204': + description: Key successfully set '400': content: application/json: @@ -18734,6 +18730,8 @@ paths: - authentik_sources_saml.usersamlsourceconnection - authentik_stages_authenticator_duo.authenticatorduostage - authentik_stages_authenticator_duo.duodevice + - authentik_stages_authenticator_mobile.authenticatormobilestage + - authentik_stages_authenticator_mobile.mobiledevice - authentik_stages_authenticator_sms.authenticatorsmsstage - authentik_stages_authenticator_sms.smsdevice - authentik_stages_authenticator_static.authenticatorstaticstage @@ -18803,6 +18801,8 @@ paths: * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device + * `authentik_stages_authenticator_mobile.authenticatormobilestage` - Mobile Authenticator Setup Stage + * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage @@ -19028,6 +19028,8 @@ paths: - authentik_sources_saml.usersamlsourceconnection - authentik_stages_authenticator_duo.authenticatorduostage - authentik_stages_authenticator_duo.duodevice + - authentik_stages_authenticator_mobile.authenticatormobilestage + - authentik_stages_authenticator_mobile.mobiledevice - authentik_stages_authenticator_sms.authenticatorsmsstage - authentik_stages_authenticator_sms.smsdevice - authentik_stages_authenticator_static.authenticatorstaticstage @@ -19097,6 +19099,8 @@ paths: * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage * `authentik_stages_authenticator_duo.duodevice` - Duo Device + * `authentik_stages_authenticator_mobile.authenticatormobilestage` - Mobile Authenticator Setup Stage + * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage @@ -35269,8 +35273,11 @@ components: device_uid: type: string minLength: 1 + info: + $ref: '#/components/schemas/MobileDeviceInfoRequest' required: - device_uid + - info MobileDeviceEnrollmentStatus: type: object properties: @@ -35286,6 +35293,22 @@ components: description: |- * `success` - Success * `waiting` - Waiting + MobileDeviceInfoRequest: + type: object + description: Info about a mobile device + properties: + platform: + $ref: '#/components/schemas/PlatformEnum' + version: + type: string + minLength: 1 + app_version: + type: string + minLength: 1 + required: + - app_version + - platform + - version MobileDeviceRequest: type: object description: Serializer for Mobile authenticator devices @@ -35301,6 +35324,26 @@ components: maxLength: 64 required: - name + MobileDeviceResponseRequest: + type: object + description: Response from push sent to phone + properties: + tx_id: + type: string + minLength: 1 + status: + $ref: '#/components/schemas/MobileDeviceResponseStatusEnum' + required: + - status + - tx_id + MobileDeviceResponseStatusEnum: + enum: + - accept + - deny + type: string + description: |- + * `accept` - Accept + * `deny` - Deny MobileDeviceSetPushKeyRequest: type: object description: Set notification key @@ -40528,6 +40571,14 @@ components: minLength: 1 required: - permissions + PlatformEnum: + enum: + - ios + - android + type: string + description: |- + * `ios` - iOS + * `android` - Android PlexAuthenticationChallenge: type: object description: Challenge shown to the user in identification stage