diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index 5b6a4a199..e6a907bca 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -31,6 +31,7 @@ from drf_spectacular.utils import ( inline_serializer, ) from guardian.shortcuts import get_anonymous_user, get_objects_for_user +from rest_framework.authentication import SessionAuthentication from rest_framework.decorators import action from rest_framework.fields import CharField, IntegerField, ListField, SerializerMethodField from rest_framework.request import Request @@ -48,6 +49,7 @@ from rest_framework.viewsets import ModelViewSet from structlog.stdlib import get_logger from authentik.admin.api.metrics import CoordinateSerializer +from authentik.api.authentication import TokenAuthentication from authentik.api.decorators import permission_required from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT from authentik.core.api.used_by import UsedByMixin @@ -72,6 +74,7 @@ from authentik.flows.models import FlowToken from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner from authentik.flows.views.executor import QS_KEY_TOKEN from authentik.lib.config import CONFIG +from authentik.stages.authenticator_mobile.api.auth import MobileDeviceTokenAuthentication from authentik.stages.email.models import EmailStage from authentik.stages.email.tasks import send_mails from authentik.stages.email.utils import TemplateEmailMessage @@ -489,7 +492,18 @@ class UserViewSet(UsedByMixin, ModelViewSet): return Response(data={"non_field_errors": [str(exc)]}, status=400) @extend_schema(responses={200: SessionUserSerializer(many=False)}) - @action(url_path="me", url_name="me", detail=False, pagination_class=None, filter_backends=[]) + @action( + url_path="me", + url_name="me", + detail=False, + pagination_class=None, + filter_backends=[], + authentication_classes=[ + TokenAuthentication, + SessionAuthentication, + MobileDeviceTokenAuthentication, + ], + ) def user_me(self, request: Request) -> Response: """Get information about current user""" context = {"request": request} diff --git a/authentik/stages/authenticator_mobile/api/auth.py b/authentik/stages/authenticator_mobile/api/auth.py index 31c82cbc6..f38b6ede3 100644 --- a/authentik/stages/authenticator_mobile/api/auth.py +++ b/authentik/stages/authenticator_mobile/api/auth.py @@ -18,7 +18,9 @@ class MobileDeviceTokenAuthentication(BaseAuthentication): """Token-based authentication using HTTP Bearer authentication""" auth = get_authorization_header(request) raw_token = validate_auth(auth) - device_token: MobileDeviceToken = MobileDeviceToken.filter_not_expired(token=raw_token).first() + device_token: MobileDeviceToken = MobileDeviceToken.filter_not_expired( + token=raw_token + ).first() if not device_token: return None CTX_AUTH_VIA.set("mobile_token") diff --git a/authentik/stages/authenticator_mobile/models.py b/authentik/stages/authenticator_mobile/models.py index 7d967344f..a36312a61 100644 --- a/authentik/stages/authenticator_mobile/models.py +++ b/authentik/stages/authenticator_mobile/models.py @@ -127,7 +127,9 @@ class MobileTransaction(ExpiringModel): def send_message(self, request: Optional[HttpRequest], **context): """Send mobile message""" - app = initialize_app(credentials.Certificate(self.device.stage.firebase_config), name=str(self.tx_id)) + app = initialize_app( + credentials.Certificate(self.device.stage.firebase_config), name=str(self.tx_id) + ) branding = DEFAULT_TENANT.branding_title domain = "" if request: diff --git a/schema.yml b/schema.yml index 4a6b9f0a6..dea39b2f1 100644 --- a/schema.yml +++ b/schema.yml @@ -5740,6 +5740,7 @@ paths: - core security: - authentik: [] + - mobile_device_token: [] responses: '200': content: