core: add API to directly send recovery link to user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-08-10 13:54:59 +02:00
parent 68608087ec
commit 557724768a
8 changed files with 521 additions and 127 deletions

View file

@ -1,13 +1,16 @@
"""User API Views"""
from json import loads
from typing import Optional
from django.db.models.query import QuerySet
from django.urls import reverse_lazy
from django.utils.http import urlencode
from django.utils.translation import gettext as _
from django_filters.filters import BooleanFilter, CharFilter
from django_filters.filterset import FilterSet
from drf_spectacular.utils import extend_schema, extend_schema_field
from guardian.utils import get_anonymous_user
from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, extend_schema, extend_schema_field
from guardian.shortcuts import get_anonymous_user, get_objects_for_user
from rest_framework.decorators import action
from rest_framework.fields import CharField, JSONField, SerializerMethodField
from rest_framework.permissions import IsAuthenticated
@ -17,10 +20,12 @@ from rest_framework.serializers import (
BooleanField,
ListSerializer,
ModelSerializer,
Serializer,
ValidationError,
)
from rest_framework.viewsets import ModelViewSet
from rest_framework_guardian.filters import ObjectPermissionsFilter
from structlog.stdlib import get_logger
from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h
from authentik.api.decorators import permission_required
@ -30,8 +35,13 @@ from authentik.core.api.utils import LinkSerializer, PassiveSerializer, is_dict
from authentik.core.middleware import SESSION_IMPERSONATE_ORIGINAL_USER, SESSION_IMPERSONATE_USER
from authentik.core.models import Token, TokenIntents, User
from authentik.events.models import EventAction
from authentik.stages.email.models import EmailStage
from authentik.stages.email.tasks import send_mails
from authentik.stages.email.utils import TemplateEmailMessage
from authentik.tenants.models import Tenant
LOGGER = get_logger()
class UserSerializer(ModelSerializer):
"""User Serializer"""
@ -171,6 +181,28 @@ class UserViewSet(UsedByMixin, ModelViewSet):
def get_queryset(self): # pragma: no cover
return User.objects.all().exclude(pk=get_anonymous_user().pk)
def _create_recovery_link(self) -> tuple[Optional[str], Optional[Token]]:
"""Create a recovery link (when the current tenant has a recovery flow set),
that can either be shown to an admin or sent to the user directly"""
tenant: Tenant = self.request._request.tenant
# Check that there is a recovery flow, if not return an error
flow = tenant.flow_recovery
if not flow:
LOGGER.debug("No recovery flow set")
return None, None
user: User = self.get_object()
token, __ = Token.objects.get_or_create(
identifier=f"{user.uid}-password-reset",
user=user,
intent=TokenIntents.INTENT_RECOVERY,
)
querystring = urlencode({"token": token.key})
link = self.request.build_absolute_uri(
reverse_lazy("authentik_core:if-flow", kwargs={"flow_slug": flow.slug})
+ f"?{querystring}"
)
return link, token
@extend_schema(responses={200: SessionUserSerializer(many=False)})
@action(detail=False, pagination_class=None, filter_backends=[])
# pylint: disable=invalid-name
@ -226,24 +258,60 @@ class UserViewSet(UsedByMixin, ModelViewSet):
# pylint: disable=invalid-name, unused-argument
def recovery(self, request: Request, pk: int) -> Response:
"""Create a temporary link that a user can use to recover their accounts"""
tenant: Tenant = request._request.tenant
# Check that there is a recovery flow, if not return an error
flow = tenant.flow_recovery
if not flow:
link, _ = self._create_recovery_link()
if not link:
LOGGER.debug("Couldn't create token")
return Response({"link": ""}, status=404)
user: User = self.get_object()
token, __ = Token.objects.get_or_create(
identifier=f"{user.uid}-password-reset",
user=user,
intent=TokenIntents.INTENT_RECOVERY,
)
querystring = urlencode({"token": token.key})
link = request.build_absolute_uri(
reverse_lazy("authentik_core:if-flow", kwargs={"flow_slug": flow.slug})
+ f"?{querystring}"
)
return Response({"link": link})
@permission_required("authentik_core.reset_user_password")
@extend_schema(
parameters=[
OpenApiParameter(
name="email_stage",
location=OpenApiParameter.QUERY,
type=OpenApiTypes.STR,
required=True,
)
],
responses={
"204": Serializer(),
"404": Serializer(),
},
)
@action(detail=True, pagination_class=None, filter_backends=[])
# pylint: disable=invalid-name, unused-argument
def recovery_email(self, request: Request, pk: int) -> Response:
"""Create a temporary link that a user can use to recover their accounts"""
for_user = self.get_object()
if for_user.email == "":
LOGGER.debug("User doesn't have an email address")
return Response(status=404)
link, token = self._create_recovery_link()
if not link:
LOGGER.debug("Couldn't create token")
return Response(status=404)
# Lookup the email stage to assure the current user can access it
stages = get_objects_for_user(
request.user, "authentik_stages_email.view_emailstage"
).filter(pk=request.query_params.get("email_stage"))
if not stages.exists():
LOGGER.debug("Email stage does not exist/user has no permissions")
return Response(status=404)
email_stage: EmailStage = stages.first()
message = TemplateEmailMessage(
subject=_(email_stage.subject),
template_name=email_stage.template,
to=[for_user.email],
template_context={
"url": link,
"user": for_user,
"expires": token.expires,
},
)
send_mails(email_stage, message)
return Response(status=204)
def _filter_queryset_for_list(self, queryset: QuerySet) -> QuerySet:
"""Custom filter_queryset method which ignores guardian, but still supports sorting"""
for backend in list(self.filter_backends):

View file

@ -3,6 +3,9 @@ from django.urls.base import reverse
from rest_framework.test import APITestCase
from authentik.core.models import User
from authentik.flows.models import Flow, FlowDesignation
from authentik.stages.email.models import EmailStage
from authentik.tenants.models import Tenant
class TestUsersAPI(APITestCase):
@ -27,3 +30,78 @@ class TestUsersAPI(APITestCase):
reverse("authentik_api:user-metrics", kwargs={"pk": self.user.pk})
)
self.assertEqual(response.status_code, 403)
def test_recovery_no_flow(self):
"""Test user recovery link (no recovery flow set)"""
self.client.force_login(self.admin)
response = self.client.get(
reverse("authentik_api:user-recovery", kwargs={"pk": self.user.pk})
)
self.assertEqual(response.status_code, 404)
def test_recovery(self):
"""Test user recovery link (no recovery flow set)"""
flow = Flow.objects.create(
name="test", title="test", slug="test", designation=FlowDesignation.RECOVERY
)
tenant: Tenant = Tenant.objects.first()
tenant.flow_recovery = flow
tenant.save()
self.client.force_login(self.admin)
response = self.client.get(
reverse("authentik_api:user-recovery", kwargs={"pk": self.user.pk})
)
self.assertEqual(response.status_code, 200)
def test_recovery_email_no_flow(self):
"""Test user recovery link (no recovery flow set)"""
self.client.force_login(self.admin)
response = self.client.get(
reverse("authentik_api:user-recovery-email", kwargs={"pk": self.user.pk})
)
self.assertEqual(response.status_code, 404)
self.user.email = "foo@bar.baz"
self.user.save()
response = self.client.get(
reverse("authentik_api:user-recovery-email", kwargs={"pk": self.user.pk})
)
self.assertEqual(response.status_code, 404)
def test_recovery_email_no_stage(self):
"""Test user recovery link (no email stage)"""
self.user.email = "foo@bar.baz"
self.user.save()
flow = Flow.objects.create(
name="test", title="test", slug="test", designation=FlowDesignation.RECOVERY
)
tenant: Tenant = Tenant.objects.first()
tenant.flow_recovery = flow
tenant.save()
self.client.force_login(self.admin)
response = self.client.get(
reverse("authentik_api:user-recovery-email", kwargs={"pk": self.user.pk})
)
self.assertEqual(response.status_code, 404)
def test_recovery_email(self):
"""Test user recovery link"""
self.user.email = "foo@bar.baz"
self.user.save()
flow = Flow.objects.create(
name="test", title="test", slug="test", designation=FlowDesignation.RECOVERY
)
tenant: Tenant = Tenant.objects.first()
tenant.flow_recovery = flow
tenant.save()
stage = EmailStage.objects.create(name="email")
self.client.force_login(self.admin)
response = self.client.get(
reverse(
"authentik_api:user-recovery-email",
kwargs={"pk": self.user.pk},
)
+ f"?email_stage={stage.pk}"
)
self.assertEqual(response.status_code, 204)

View file

@ -3185,6 +3185,36 @@ paths:
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/api/v2beta/core/users/{id}/recovery_email/:
get:
operationId: core_users_recovery_email_retrieve
description: Create a temporary link that a user can use to recover their accounts
parameters:
- in: query
name: email_stage
schema:
type: string
required: true
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this User.
required: true
tags:
- core
security:
- authentik: []
- cookieAuth: []
responses:
'204':
description: No response body
'404':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/api/v2beta/core/users/{id}/used_by/:
get:
operationId: core_users_used_by_list

View file

@ -122,8 +122,13 @@ msgstr "Actions"
msgid "Actions over the last 24 hours"
msgstr "Actions over the last 24 hours"
#: src/pages/users/UserListPage.ts
msgid "Activate"
msgstr "Activate"
#: src/pages/groups/MemberSelectModal.ts
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts
msgid "Active"
msgstr "Active"
@ -560,6 +565,10 @@ msgstr "Certificates"
msgid "Change password"
msgstr "Change password"
#: src/pages/users/UserListPage.ts
msgid "Change status"
msgstr "Change status"
#: src/pages/user-settings/settings/UserSettingsPassword.ts
msgid "Change your password"
msgstr "Change your password"
@ -862,6 +871,10 @@ msgstr "Copy Key"
msgid "Copy download URL"
msgstr "Copy download URL"
#: src/pages/users/UserListPage.ts
msgid "Copy recovery link"
msgstr "Copy recovery link"
#: src/pages/applications/ApplicationForm.ts
#: src/pages/applications/ApplicationListPage.ts
#: src/pages/applications/ApplicationListPage.ts
@ -1042,6 +1055,10 @@ msgstr "Date"
msgid "Date Time"
msgstr "Date Time"
#: src/pages/users/UserListPage.ts
msgid "Deactivate"
msgstr "Deactivate"
#: src/pages/flows/FlowForm.ts
msgid "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik."
msgstr "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik."
@ -1200,10 +1217,10 @@ msgstr "Digest algorithm"
msgid "Digits"
msgstr "Digits"
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserListPage.ts
msgid "Disable"
msgstr "Disable"
#:
#:
#~ msgid "Disable"
#~ msgstr "Disable"
#: src/pages/user-settings/settings/UserSettingsAuthenticatorDuo.ts
msgid "Disable Duo authenticator"
@ -1286,7 +1303,6 @@ msgstr "Each provider has a different issuer, based on the application slug."
#: src/pages/sources/oauth/OAuthSourceViewPage.ts
#: src/pages/sources/plex/PlexSourceViewPage.ts
#: src/pages/sources/saml/SAMLSourceViewPage.ts
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts
msgid "Edit"
msgstr "Edit"
@ -1333,18 +1349,26 @@ msgstr "Email address"
msgid "Email info:"
msgstr "Email info:"
#: src/pages/users/UserListPage.ts
msgid "Email recovery link"
msgstr "Email recovery link"
#: src/pages/events/utils.ts
msgid "Email sent"
msgstr "Email sent"
#: src/pages/users/UserResetEmailForm.ts
msgid "Email stage"
msgstr "Email stage"
#: src/pages/stages/prompt/PromptForm.ts
msgid "Email: Text field with Email type."
msgstr "Email: Text field with Email type."
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserListPage.ts
msgid "Enable"
msgstr "Enable"
#:
#:
#~ msgid "Enable"
#~ msgstr "Enable"
#: src/pages/user-settings/settings/UserSettingsAuthenticatorDuo.ts
msgid "Enable Duo authenticator"
@ -1942,6 +1966,10 @@ msgstr "Import certificates of external providers or create certificates to sign
msgid "In case you can't access any other method."
msgstr "In case you can't access any other method."
#: src/pages/users/UserListPage.ts
msgid "Inactive"
msgstr "Inactive"
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
msgstr "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
@ -2210,6 +2238,7 @@ msgstr "Loading"
#: src/pages/tenants/TenantForm.ts
#: src/pages/tenants/TenantForm.ts
#: src/pages/tenants/TenantForm.ts
#: src/pages/users/UserResetEmailForm.ts
msgid "Loading..."
msgstr "Loading..."
@ -3066,6 +3095,7 @@ msgid "Receive a push notification on your phone to prove your identity."
msgstr "Receive a push notification on your phone to prove your identity."
#: src/pages/flows/FlowForm.ts
#: src/pages/users/UserListPage.ts
msgid "Recovery"
msgstr "Recovery"
@ -3082,6 +3112,10 @@ msgstr "Recovery flow. If left empty, the first applicable flow sorted by the sl
msgid "Recovery keys"
msgstr "Recovery keys"
#: src/pages/users/UserListPage.ts
msgid "Recovery link cannot be emailed, user has no email address saved."
msgstr "Recovery link cannot be emailed, user has no email address saved."
#: src/pages/providers/saml/SAMLProviderForm.ts
msgid "Redirect"
msgstr "Redirect"
@ -3114,6 +3148,10 @@ msgstr "Register device"
msgid "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression."
msgstr "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression."
#: src/pages/users/UserListPage.ts
msgid "Regular user"
msgstr "Regular user"
#: src/pages/applications/ApplicationViewPage.ts
#: src/pages/flows/FlowViewPage.ts
msgid "Related"
@ -3161,7 +3199,6 @@ msgstr "Required"
msgid "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only."
msgstr "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only."
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts
msgid "Reset Password"
msgstr "Reset Password"
@ -3362,6 +3399,10 @@ msgstr "Selection of backends to test the password against."
msgid "Send Email again."
msgstr "Send Email again."
#: src/pages/users/UserListPage.ts
msgid "Send link"
msgstr "Send link"
#: src/pages/events/RuleListPage.ts
msgid "Send notifications whenever a specific Event is created and matched by policies."
msgstr "Send notifications whenever a specific Event is created and matched by policies."
@ -3370,6 +3411,10 @@ msgstr "Send notifications whenever a specific Event is created and matched by p
msgid "Send once"
msgstr "Send once"
#: src/pages/users/UserListPage.ts
msgid "Send recovery link to user"
msgstr "Send recovery link to user"
#: src/pages/events/RuleListPage.ts
msgid "Sent to group"
msgstr "Sent to group"
@ -3793,6 +3838,10 @@ msgstr "Successfully imported flow."
msgid "Successfully imported provider."
msgstr "Successfully imported provider."
#: src/pages/users/UserResetEmailForm.ts
msgid "Successfully sent email."
msgstr "Successfully sent email."
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
#: src/pages/property-mappings/PropertyMappingTestForm.ts
@ -3925,6 +3974,7 @@ msgstr "Successfully updated user."
msgid "Successfully updated {0} {1}"
msgstr "Successfully updated {0} {1}"
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts
msgid "Superuser"
msgstr "Superuser"
@ -4569,6 +4619,10 @@ msgstr "User object filter"
msgid "User password writeback"
msgstr "User password writeback"
#: src/pages/users/UserListPage.ts
msgid "User status"
msgstr "User status"
#: src/pages/events/utils.ts
msgid "User was written to"
msgstr "User was written to"

View file

@ -122,8 +122,13 @@ msgstr ""
msgid "Actions over the last 24 hours"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Activate"
msgstr ""
#: src/pages/groups/MemberSelectModal.ts
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts
msgid "Active"
msgstr ""
@ -556,6 +561,10 @@ msgstr ""
msgid "Change password"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Change status"
msgstr ""
#: src/pages/user-settings/settings/UserSettingsPassword.ts
msgid "Change your password"
msgstr ""
@ -856,6 +865,10 @@ msgstr ""
msgid "Copy download URL"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Copy recovery link"
msgstr ""
#: src/pages/applications/ApplicationForm.ts
#: src/pages/applications/ApplicationListPage.ts
#: src/pages/applications/ApplicationListPage.ts
@ -1036,6 +1049,10 @@ msgstr ""
msgid "Date Time"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Deactivate"
msgstr ""
#: src/pages/flows/FlowForm.ts
msgid "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik."
msgstr ""
@ -1192,10 +1209,10 @@ msgstr ""
msgid "Digits"
msgstr ""
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserListPage.ts
msgid "Disable"
msgstr ""
#:
#:
#~ msgid "Disable"
#~ msgstr ""
#: src/pages/user-settings/settings/UserSettingsAuthenticatorDuo.ts
msgid "Disable Duo authenticator"
@ -1278,7 +1295,6 @@ msgstr ""
#: src/pages/sources/oauth/OAuthSourceViewPage.ts
#: src/pages/sources/plex/PlexSourceViewPage.ts
#: src/pages/sources/saml/SAMLSourceViewPage.ts
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts
msgid "Edit"
msgstr ""
@ -1325,18 +1341,26 @@ msgstr ""
msgid "Email info:"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Email recovery link"
msgstr ""
#: src/pages/events/utils.ts
msgid "Email sent"
msgstr ""
#: src/pages/users/UserResetEmailForm.ts
msgid "Email stage"
msgstr ""
#: src/pages/stages/prompt/PromptForm.ts
msgid "Email: Text field with Email type."
msgstr ""
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserListPage.ts
msgid "Enable"
msgstr ""
#:
#:
#~ msgid "Enable"
#~ msgstr ""
#: src/pages/user-settings/settings/UserSettingsAuthenticatorDuo.ts
msgid "Enable Duo authenticator"
@ -1934,6 +1958,10 @@ msgstr ""
msgid "In case you can't access any other method."
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Inactive"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderForm.ts
msgid "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
msgstr ""
@ -2202,6 +2230,7 @@ msgstr ""
#: src/pages/tenants/TenantForm.ts
#: src/pages/tenants/TenantForm.ts
#: src/pages/tenants/TenantForm.ts
#: src/pages/users/UserResetEmailForm.ts
msgid "Loading..."
msgstr ""
@ -3058,6 +3087,7 @@ msgid "Receive a push notification on your phone to prove your identity."
msgstr ""
#: src/pages/flows/FlowForm.ts
#: src/pages/users/UserListPage.ts
msgid "Recovery"
msgstr ""
@ -3074,6 +3104,10 @@ msgstr ""
msgid "Recovery keys"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Recovery link cannot be emailed, user has no email address saved."
msgstr ""
#: src/pages/providers/saml/SAMLProviderForm.ts
msgid "Redirect"
msgstr ""
@ -3106,6 +3140,10 @@ msgstr ""
msgid "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression."
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Regular user"
msgstr ""
#: src/pages/applications/ApplicationViewPage.ts
#: src/pages/flows/FlowViewPage.ts
msgid "Related"
@ -3153,7 +3191,6 @@ msgstr ""
msgid "Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only."
msgstr ""
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts
msgid "Reset Password"
msgstr ""
@ -3354,6 +3391,10 @@ msgstr ""
msgid "Send Email again."
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Send link"
msgstr ""
#: src/pages/events/RuleListPage.ts
msgid "Send notifications whenever a specific Event is created and matched by policies."
msgstr ""
@ -3362,6 +3403,10 @@ msgstr ""
msgid "Send once"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "Send recovery link to user"
msgstr ""
#: src/pages/events/RuleListPage.ts
msgid "Sent to group"
msgstr ""
@ -3785,6 +3830,10 @@ msgstr ""
msgid "Successfully imported provider."
msgstr ""
#: src/pages/users/UserResetEmailForm.ts
msgid "Successfully sent email."
msgstr ""
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
#: src/pages/property-mappings/PropertyMappingTestForm.ts
@ -3917,6 +3966,7 @@ msgstr ""
msgid "Successfully updated {0} {1}"
msgstr ""
#: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts
msgid "Superuser"
msgstr ""
@ -4554,6 +4604,10 @@ msgstr ""
msgid "User password writeback"
msgstr ""
#: src/pages/users/UserListPage.ts
msgid "User status"
msgstr ""
#: src/pages/events/utils.ts
msgid "User was written to"
msgstr ""

View file

@ -16,7 +16,7 @@ export class OutpostForm extends ModelForm<Outpost, string> {
type: OutpostTypeEnum = OutpostTypeEnum.Proxy;
@property({ type: Boolean })
embedded: boolean = false;
embedded = false;
loadInstance(pk: string): Promise<Outpost> {
return new OutpostsApi(DEFAULT_CONFIG)

View file

@ -1,10 +1,10 @@
import { t } from "@lingui/macro";
import { customElement, html, property, TemplateResult } from "lit-element";
import { CSSResult, customElement, html, property, TemplateResult } from "lit-element";
import { AKResponse } from "../../api/Client";
import { TablePage } from "../../elements/table/TablePage";
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
import "../../elements/forms/ModalForm";
import "../../elements/buttons/Dropdown";
import "../../elements/buttons/ActionButton";
import { TableColumn } from "../../elements/table/Table";
import { PAGE_SIZE } from "../../constants";
@ -13,6 +13,7 @@ import { DEFAULT_CONFIG, tenant } from "../../api/Config";
import "../../elements/forms/DeleteForm";
import "./UserActiveForm";
import "./UserForm";
import "./UserResetEmailForm";
import { showMessage } from "../../elements/messages/MessageContainer";
import { MessageLevel } from "../../elements/messages/Message";
import { first } from "../../utils";
@ -20,6 +21,9 @@ import { until } from "lit-html/directives/until";
@customElement("ak-user-list")
export class UserListPage extends TablePage<User> {
expandable = true;
checkbox = true;
searchEnabled(): boolean {
return true;
}
@ -39,6 +43,10 @@ export class UserListPage extends TablePage<User> {
@property({ type: Boolean })
hideServiceAccounts = true;
static get styles(): CSSResult[] {
return super.styles.concat(PFDescriptionList);
}
apiEndpoint(page: number): Promise<AKResponse<User>> {
return new CoreApi(DEFAULT_CONFIG).coreUsersList({
ordering: this.order,
@ -62,6 +70,29 @@ export class UserListPage extends TablePage<User> {
];
}
renderToolbarSelected(): TemplateResult {
const disabled = this.selectedElements.length !== 1;
const item = this.selectedElements[0];
return html` <ak-forms-delete
.obj=${item}
objectLabel=${t`User`}
.usedBy=${() => {
return new CoreApi(DEFAULT_CONFIG).coreUsersUsedByList({
id: item.pk,
});
}}
.delete=${() => {
return new CoreApi(DEFAULT_CONFIG).coreUsersDestroy({
id: item.pk,
});
}}
>
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
${t`Delete`}
</button>
</ak-forms-delete>`;
}
row(item: User): TemplateResult[] {
return [
html`<a href="#/identity/users/${item.pk}">
@ -74,100 +105,135 @@ export class UserListPage extends TablePage<User> {
<span slot="submit"> ${t`Update`} </span>
<span slot="header"> ${t`Update User`} </span>
<ak-user-form slot="form" .instancePk=${item.pk}> </ak-user-form>
<button slot="trigger" class="pf-m-secondary pf-c-button">${t`Edit`}</button>
</ak-forms-modal>
<ak-dropdown class="pf-c-dropdown">
<button class="pf-m-primary pf-c-dropdown__toggle" type="button">
<span class="pf-c-dropdown__toggle-text"
>${item.isActive ? t`Disable` : t`Enable`}</span
>
<i
class="fas fa-caret-down pf-c-dropdown__toggle-icon"
aria-hidden="true"
></i>
<button slot="trigger" class="pf-c-button pf-m-plain">
<i class="fas fa-edit"></i>
</button>
<ul class="pf-c-dropdown__menu" hidden>
<li>
<ak-user-active-form
.obj=${item}
objectLabel=${t`User`}
.delete=${() => {
return new CoreApi(DEFAULT_CONFIG).coreUsersPartialUpdate({
id: item.pk || 0,
patchedUserRequest: {
username: item.username,
name: item.name,
isActive: !item.isActive,
},
});
}}
>
<button slot="trigger" class="pf-c-dropdown__menu-item">
${item.isActive ? t`Disable` : t`Enable`}
</button>
</ak-user-active-form>
</li>
<li class="pf-c-divider" role="separator"></li>
<li>
<ak-forms-delete
.obj=${item}
objectLabel=${t`User`}
.usedBy=${() => {
return new CoreApi(DEFAULT_CONFIG).coreUsersUsedByList({
id: item.pk,
});
}}
.delete=${() => {
return new CoreApi(DEFAULT_CONFIG).coreUsersDestroy({
id: item.pk,
});
}}
>
<button slot="trigger" class="pf-c-dropdown__menu-item">
${t`Delete`}
</button>
</ak-forms-delete>
</li>
</ul>
</ak-dropdown>
${until(
tenant().then((te) => {
if (te.flowRecovery) {
return html` <ak-action-button
.apiRequest=${() => {
return new CoreApi(DEFAULT_CONFIG)
.coreUsersRecoveryRetrieve({
id: item.pk || 0,
})
.then((rec) => {
showMessage({
level: MessageLevel.success,
message: t`Successfully generated recovery link`,
description: rec.link,
});
})
.catch((ex: Response) => {
ex.json().then(() => {
showMessage({
level: MessageLevel.error,
message: t`No recovery flow is configured.`,
});
});
});
}}
>
${t`Reset Password`}
</ak-action-button>`;
}
return html``;
}),
)}
</ak-forms-modal>
<a class="pf-c-button pf-m-tertiary" href="${`/-/impersonation/${item.pk}/`}">
${t`Impersonate`}
</a>`,
];
}
renderExpanded(item: User): TemplateResult {
return html`<td role="cell" colspan="3">
<div class="pf-c-table__expandable-row-content">
<dl class="pf-c-description-list pf-m-horizontal">
<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text">${t`User status`}</span>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
${item.isActive ? t`Active` : t`Inactive`}
</div>
<div class="pf-c-description-list__text">
${item.isSuperuser ? t`Superuser` : t`Regular user`}
</div>
</dd>
</div>
<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text">${t`Change status`}</span>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
<ak-user-active-form
.obj=${item}
objectLabel=${t`User`}
.delete=${() => {
return new CoreApi(
DEFAULT_CONFIG,
).coreUsersPartialUpdate({
id: item.pk || 0,
patchedUserRequest: {
username: item.username,
name: item.name,
isActive: !item.isActive,
},
});
}}
>
<button slot="trigger" class="pf-c-button pf-m-warning">
${item.isActive ? t`Deactivate` : t`Activate`}
</button>
</ak-user-active-form>
</div>
</dd>
</div>
${until(
tenant().then((te) => {
if (!te.flowRecovery) {
return html``;
}
return html`<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${t`Recovery`}</span
>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
<ak-action-button
.apiRequest=${() => {
return new CoreApi(DEFAULT_CONFIG)
.coreUsersRecoveryRetrieve({
id: item.pk || 0,
})
.then((rec) => {
showMessage({
level: MessageLevel.success,
message: t`Successfully generated recovery link`,
description: rec.link,
});
})
.catch((ex: Response) => {
ex.json().then(() => {
showMessage({
level: MessageLevel.error,
message: t`No recovery flow is configured.`,
});
});
});
}}
>
${t`Copy recovery link`}
</ak-action-button>
${item.email
? html`<ak-forms-modal
.closeAfterSuccessfulSubmit=${false}
>
<span slot="submit"> ${t`Send link`} </span>
<span slot="header">
${t`Send recovery link to user`}
</span>
<ak-user-reset-email-form
slot="form"
.user=${item}
>
</ak-user-reset-email-form>
<button
slot="trigger"
class="pf-c-button pf-m-secondary"
>
${t`Email recovery link`}
</button>
</ak-forms-modal>`
: html`<span
>${t`Recovery link cannot be emailed, user has no email address saved.`}</span
>`}
</div>
</dd>
</div>`;
}),
)}
</dl>
</div>
</td>
<td></td>
<td></td>`;
}
renderToolbar(): TemplateResult {
return html`
<ak-forms-modal>

View file

@ -0,0 +1,44 @@
import { CoreApi, CoreUsersRecoveryEmailRetrieveRequest, StagesApi, User } from "authentik-api";
import { t } from "@lingui/macro";
import { customElement, property } from "lit-element";
import { html, TemplateResult } from "lit-html";
import { DEFAULT_CONFIG } from "../../api/Config";
import { Form } from "../../elements/forms/Form";
import { until } from "lit-html/directives/until";
import "../../elements/forms/HorizontalFormElement";
@customElement("ak-user-reset-email-form")
export class UserResetEmailForm extends Form<CoreUsersRecoveryEmailRetrieveRequest> {
@property({ attribute: false })
user!: User;
getSuccessMessage(): string {
return t`Successfully sent email.`;
}
send = (data: CoreUsersRecoveryEmailRetrieveRequest): Promise<void> => {
data.id = this.user.pk;
return new CoreApi(DEFAULT_CONFIG).coreUsersRecoveryEmailRetrieve(data);
};
renderForm(): TemplateResult {
return html`<form class="pf-c-form pf-m-horizontal">
<ak-form-element-horizontal label=${t`Email stage`} ?required=${true} name="emailStage">
<select class="pf-c-form-control">
${until(
new StagesApi(DEFAULT_CONFIG)
.stagesEmailList({
ordering: "name",
})
.then((stages) => {
return stages.results.map((stage) => {
return html`<option value=${stage.pk}>${stage.name}</option>`;
});
}),
html`<option>${t`Loading...`}</option>`,
)}
</select>
</ak-form-element-horizontal>
</form>`;
}
}