core: overwrite user on token creation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
7a583cb7e6
commit
64fa04306c
|
@ -1,5 +0,0 @@
|
|||
{% load static %}
|
||||
{% load i18n %}
|
||||
|
||||
{% block content %}
|
||||
{% endblock %}
|
|
@ -1,5 +1,3 @@
|
|||
{% extends container_template|default:"administration/base.html" %}
|
||||
|
||||
{% load i18n %}
|
||||
{% load authentik_utils %}
|
||||
{% load static %}
|
||||
|
|
|
@ -18,7 +18,7 @@ from authentik.events.models import Event, EventAction
|
|||
class TokenSerializer(ModelSerializer):
|
||||
"""Token Serializer"""
|
||||
|
||||
user = UserSerializer()
|
||||
user = UserSerializer(required=False)
|
||||
|
||||
class Meta:
|
||||
|
||||
|
@ -61,6 +61,9 @@ class TokenViewSet(ModelViewSet):
|
|||
]
|
||||
ordering = ["expires"]
|
||||
|
||||
def perform_create(self, serializer: TokenSerializer):
|
||||
serializer.save(user=self.request.user)
|
||||
|
||||
@permission_required("authentik_core.view_token_key")
|
||||
@swagger_auto_schema(responses={200: TokenViewSerializer(many=False)})
|
||||
@action(detail=True)
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
"""Core user token form"""
|
||||
from django import forms
|
||||
|
||||
from authentik.core.models import Token
|
||||
|
||||
|
||||
class UserTokenForm(forms.ModelForm):
|
||||
"""Token form, for tokens created by endusers"""
|
||||
|
||||
class Meta:
|
||||
|
||||
model = Token
|
||||
fields = [
|
||||
"identifier",
|
||||
"expires",
|
||||
"expiring",
|
||||
"description",
|
||||
]
|
||||
widgets = {
|
||||
"identifier": forms.TextInput(),
|
||||
"description": forms.TextInput(),
|
||||
}
|
|
@ -5,7 +5,7 @@ from django.views.decorators.csrf import ensure_csrf_cookie
|
|||
from django.views.generic import RedirectView
|
||||
from django.views.generic.base import TemplateView
|
||||
|
||||
from authentik.core.views import impersonate, user
|
||||
from authentik.core.views import impersonate
|
||||
|
||||
urlpatterns = [
|
||||
path(
|
||||
|
@ -13,17 +13,6 @@ urlpatterns = [
|
|||
login_required(RedirectView.as_view(pattern_name="authentik_core:if-admin")),
|
||||
name="root-redirect",
|
||||
),
|
||||
# User views
|
||||
path(
|
||||
"-/user/tokens/create/",
|
||||
user.TokenCreateView.as_view(),
|
||||
name="user-tokens-create",
|
||||
),
|
||||
path(
|
||||
"-/user/tokens/<slug:identifier>/update/",
|
||||
user.TokenUpdateView.as_view(),
|
||||
name="user-tokens-update",
|
||||
),
|
||||
# Impersonation
|
||||
path(
|
||||
"-/impersonation/<int:user_id>/",
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
"""authentik core user views"""
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.contrib.auth.mixins import (
|
||||
PermissionRequiredMixin as DjangoPermissionRequiredMixin,
|
||||
)
|
||||
from django.contrib.messages.views import SuccessMessageMixin
|
||||
from django.http.response import HttpResponse
|
||||
from django.utils.translation import gettext as _
|
||||
from django.views.generic import UpdateView
|
||||
from guardian.mixins import PermissionRequiredMixin
|
||||
from guardian.shortcuts import get_objects_for_user
|
||||
|
||||
from authentik.core.forms.token import UserTokenForm
|
||||
from authentik.core.models import Token, TokenIntents
|
||||
from authentik.lib.views import CreateAssignPermView
|
||||
|
||||
|
||||
class TokenCreateView(
|
||||
SuccessMessageMixin,
|
||||
LoginRequiredMixin,
|
||||
DjangoPermissionRequiredMixin,
|
||||
CreateAssignPermView,
|
||||
):
|
||||
"""Create new Token"""
|
||||
|
||||
model = Token
|
||||
form_class = UserTokenForm
|
||||
permission_required = "authentik_core.add_token"
|
||||
|
||||
template_name = "generic/create.html"
|
||||
success_url = "/"
|
||||
success_message = _("Successfully created Token")
|
||||
|
||||
def form_valid(self, form: UserTokenForm) -> HttpResponse:
|
||||
form.instance.user = self.request.user
|
||||
form.instance.intent = TokenIntents.INTENT_API
|
||||
return super().form_valid(form)
|
||||
|
||||
|
||||
class TokenUpdateView(
|
||||
SuccessMessageMixin, LoginRequiredMixin, PermissionRequiredMixin, UpdateView
|
||||
):
|
||||
"""Update token"""
|
||||
|
||||
model = Token
|
||||
form_class = UserTokenForm
|
||||
permission_required = "authentik_core.change_token"
|
||||
template_name = "generic/update.html"
|
||||
success_url = "/"
|
||||
success_message = _("Successfully updated Token")
|
||||
|
||||
def get_object(self) -> Token:
|
||||
identifier = self.kwargs.get("identifier")
|
||||
return (
|
||||
get_objects_for_user(
|
||||
self.request.user, self.permission_required, self.model
|
||||
)
|
||||
.filter(intent=TokenIntents.INTENT_API, identifier=identifier)
|
||||
.first()
|
||||
)
|
Reference in a new issue