start checkin

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/stages/authenticator_mobile/api/device.py

@@ -1,4 +1,5 @@
 """AuthenticatorMobileStage API Views"""
+from django.utils.translation import gettext_lazy as _
 from django_filters.rest_framework.backends import DjangoFilterBackend
 from drf_spectacular.utils import OpenApiResponse, extend_schema, inline_serializer
 from rest_framework import mixins
@@ -27,10 +28,30 @@ class MobileDeviceSerializer(ModelSerializer):
         depth = 2
 
 
+class MobileDeviceInfoSerializer(PassiveSerializer):
+    """Info about a mobile device"""
+
+    platform = ChoiceField(
+        (
+            ("ios", "iOS"),
+            ("android", "Android"),
+        )
+    )
+    version = CharField()
+    app_version = CharField()
+
+
+class MobileDeviceCheckInSerializer(PassiveSerializer):
+    """Check info into authentik"""
+
+    info = MobileDeviceInfoSerializer()
+
+
 class MobileDeviceEnrollmentSerializer(PassiveSerializer):
     """Enrollment request, send the device's unique identifier"""
 
     device_uid = CharField(required=True)
+    info = MobileDeviceInfoSerializer()
 
 
 class MobileDeviceSetPushKeySerializer(PassiveSerializer):
@@ -39,6 +60,25 @@ class MobileDeviceSetPushKeySerializer(PassiveSerializer):
     firebase_key = CharField(required=True)
 
 
+class MobileDeviceResponseSerializer(PassiveSerializer):
+    """Response from push sent to phone"""
+
+    tx_id = CharField(required=True)
+    status = ChoiceField(
+        (
+            (
+                "accept",
+                _("Accept"),
+            ),
+            (
+                "deny",
+                _("Deny"),
+            ),
+        ),
+        required=True,
+    )
+
+
 class MobileDeviceViewSet(
     mixins.RetrieveModelMixin,
     mixins.UpdateModelMixin,
@@ -137,6 +177,7 @@ class MobileDeviceViewSet(
         methods=["POST"],
         detail=True,
         permission_classes=[],
+        filter_backends=[],
         authentication_classes=[MobileDeviceTokenAuthentication],
     )
     def set_notification_key(self, request: Request, pk: str) -> Response:
@@ -148,10 +189,17 @@ class MobileDeviceViewSet(
         device.save()
         return Response(status=204)
 
+    @extend_schema(
+        responses={
+            204: OpenApiResponse(description="Key successfully set"),
+        },
+        request=MobileDeviceResponseSerializer,
+    )
     @action(
         methods=["POST"],
         detail=True,
         permission_classes=[],
+        filter_backends=[],
         authentication_classes=[MobileDeviceTokenAuthentication],
     )
     def receive_response(self, request: Request, pk: str) -> Response:

authentik/stages/authenticator_mobile/models.py

@@ -127,6 +127,7 @@ class MobileDevice(SerializerModel, Device):
                         badge=0,
                         sound="default",
                         content_available=True,
+                        category="authentik_push_authentication",
                     ),
                     interruption_level="time-sensitive",
                 ),

blueprints/schema.json

@@ -1613,7 +1613,8 @@
                                 "enum": [
                                     "absent",
                                     "present",
-                                    "created"
+                                    "created",
+                                    "must_created"
                                 ],
                                 "default": "present"
                             },
@@ -1649,7 +1650,8 @@
                                 "enum": [
                                     "absent",
                                     "present",
-                                    "created"
+                                    "created",
+                                    "must_created"
                                 ],
                                 "default": "present"
                             },

schema.yml

@@ -2259,17 +2259,13 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/MobileDeviceRequest'
+              $ref: '#/components/schemas/MobileDeviceResponseRequest'
         required: true
       security:
       - mobile_device_token: []
       responses:
-        '200':
+        '204':
-          content:
+          description: Key successfully set
-            application/json:
-              schema:
-                $ref: '#/components/schemas/MobileDevice'
-          description: ''
         '400':
           content:
             application/json:
@@ -18734,6 +18730,8 @@ paths:
           - authentik_sources_saml.usersamlsourceconnection
           - authentik_stages_authenticator_duo.authenticatorduostage
           - authentik_stages_authenticator_duo.duodevice
+          - authentik_stages_authenticator_mobile.authenticatormobilestage
+          - authentik_stages_authenticator_mobile.mobiledevice
           - authentik_stages_authenticator_sms.authenticatorsmsstage
           - authentik_stages_authenticator_sms.smsdevice
           - authentik_stages_authenticator_static.authenticatorstaticstage
@@ -18803,6 +18801,8 @@ paths:
           * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
           * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
           * `authentik_stages_authenticator_duo.duodevice` - Duo Device
+          * `authentik_stages_authenticator_mobile.authenticatormobilestage` - Mobile Authenticator Setup Stage
+          * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
           * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
           * `authentik_stages_authenticator_sms.smsdevice` - SMS Device
           * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
@@ -19028,6 +19028,8 @@ paths:
           - authentik_sources_saml.usersamlsourceconnection
           - authentik_stages_authenticator_duo.authenticatorduostage
           - authentik_stages_authenticator_duo.duodevice
+          - authentik_stages_authenticator_mobile.authenticatormobilestage
+          - authentik_stages_authenticator_mobile.mobiledevice
           - authentik_stages_authenticator_sms.authenticatorsmsstage
           - authentik_stages_authenticator_sms.smsdevice
           - authentik_stages_authenticator_static.authenticatorstaticstage
@@ -19097,6 +19099,8 @@ paths:
           * `authentik_sources_saml.usersamlsourceconnection` - User SAML Source Connection
           * `authentik_stages_authenticator_duo.authenticatorduostage` - Duo Authenticator Setup Stage
           * `authentik_stages_authenticator_duo.duodevice` - Duo Device
+          * `authentik_stages_authenticator_mobile.authenticatormobilestage` - Mobile Authenticator Setup Stage
+          * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
           * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
           * `authentik_stages_authenticator_sms.smsdevice` - SMS Device
           * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
@@ -35269,8 +35273,11 @@ components:
         device_uid:
           type: string
           minLength: 1
+        info:
+          $ref: '#/components/schemas/MobileDeviceInfoRequest'
       required:
       - device_uid
+      - info
     MobileDeviceEnrollmentStatus:
       type: object
       properties:
@@ -35286,6 +35293,22 @@ components:
       description: |-
         * `success` - Success
         * `waiting` - Waiting
+    MobileDeviceInfoRequest:
+      type: object
+      description: Info about a mobile device
+      properties:
+        platform:
+          $ref: '#/components/schemas/PlatformEnum'
+        version:
+          type: string
+          minLength: 1
+        app_version:
+          type: string
+          minLength: 1
+      required:
+      - app_version
+      - platform
+      - version
     MobileDeviceRequest:
       type: object
       description: Serializer for Mobile authenticator devices
@@ -35301,6 +35324,26 @@ components:
           maxLength: 64
       required:
       - name
+    MobileDeviceResponseRequest:
+      type: object
+      description: Response from push sent to phone
+      properties:
+        tx_id:
+          type: string
+          minLength: 1
+        status:
+          $ref: '#/components/schemas/MobileDeviceResponseStatusEnum'
+      required:
+      - status
+      - tx_id
+    MobileDeviceResponseStatusEnum:
+      enum:
+      - accept
+      - deny
+      type: string
+      description: |-
+        * `accept` - Accept
+        * `deny` - Deny
     MobileDeviceSetPushKeyRequest:
       type: object
       description: Set notification key
@@ -40528,6 +40571,14 @@ components:
           minLength: 1
       required:
       - permissions
+    PlatformEnum:
+      enum:
+      - ios
+      - android
+      type: string
+      description: |-
+        * `ios` - iOS
+        * `android` - Android
     PlexAuthenticationChallenge:
       type: object
       description: Challenge shown to the user in identification stage