stages/authenticator_duo: add missing duo device
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
ab25610643
commit
8183a51b72
|
@ -64,7 +64,11 @@ from authentik.sources.oauth.api.source_connection import (
|
||||||
)
|
)
|
||||||
from authentik.sources.plex.api import PlexSourceViewSet
|
from authentik.sources.plex.api import PlexSourceViewSet
|
||||||
from authentik.sources.saml.api import SAMLSourceViewSet
|
from authentik.sources.saml.api import SAMLSourceViewSet
|
||||||
from authentik.stages.authenticator_duo.api import AuthenticatorDuoStageViewSet
|
from authentik.stages.authenticator_duo.api import (
|
||||||
|
AuthenticatorDuoStageViewSet,
|
||||||
|
DuoAdminDeviceViewSet,
|
||||||
|
DuoDeviceViewSet,
|
||||||
|
)
|
||||||
from authentik.stages.authenticator_static.api import (
|
from authentik.stages.authenticator_static.api import (
|
||||||
AuthenticatorStaticStageViewSet,
|
AuthenticatorStaticStageViewSet,
|
||||||
StaticAdminDeviceViewSet,
|
StaticAdminDeviceViewSet,
|
||||||
|
@ -159,9 +163,15 @@ router.register("propertymappings/ldap", LDAPPropertyMappingViewSet)
|
||||||
router.register("propertymappings/saml", SAMLPropertyMappingViewSet)
|
router.register("propertymappings/saml", SAMLPropertyMappingViewSet)
|
||||||
router.register("propertymappings/scope", ScopeMappingViewSet)
|
router.register("propertymappings/scope", ScopeMappingViewSet)
|
||||||
|
|
||||||
|
router.register("authenticators/duo", DuoDeviceViewSet)
|
||||||
router.register("authenticators/static", StaticDeviceViewSet)
|
router.register("authenticators/static", StaticDeviceViewSet)
|
||||||
router.register("authenticators/totp", TOTPDeviceViewSet)
|
router.register("authenticators/totp", TOTPDeviceViewSet)
|
||||||
router.register("authenticators/webauthn", WebAuthnDeviceViewSet)
|
router.register("authenticators/webauthn", WebAuthnDeviceViewSet)
|
||||||
|
router.register(
|
||||||
|
"authenticators/admin/duo",
|
||||||
|
DuoAdminDeviceViewSet,
|
||||||
|
basename="admin-duodevice",
|
||||||
|
)
|
||||||
router.register(
|
router.register(
|
||||||
"authenticators/admin/static",
|
"authenticators/admin/static",
|
||||||
StaticAdminDeviceViewSet,
|
StaticAdminDeviceViewSet,
|
||||||
|
|
|
@ -15,7 +15,7 @@ from authentik.flows.models import ConfigurableStage, Stage
|
||||||
|
|
||||||
|
|
||||||
class AuthenticatorDuoStage(ConfigurableStage, Stage):
|
class AuthenticatorDuoStage(ConfigurableStage, Stage):
|
||||||
"""Duo stage"""
|
"""Setup Duo authenticator devices"""
|
||||||
|
|
||||||
client_id = models.TextField()
|
client_id = models.TextField()
|
||||||
client_secret = models.TextField()
|
client_secret = models.TextField()
|
||||||
|
|
317
schema.yml
317
schema.yml
|
@ -167,6 +167,82 @@ paths:
|
||||||
$ref: '#/components/schemas/ValidationError'
|
$ref: '#/components/schemas/ValidationError'
|
||||||
'403':
|
'403':
|
||||||
$ref: '#/components/schemas/GenericError'
|
$ref: '#/components/schemas/GenericError'
|
||||||
|
/api/v2beta/authenticators/admin/duo/:
|
||||||
|
get:
|
||||||
|
operationId: authenticators_admin_duo_list
|
||||||
|
description: Viewset for Duo authenticator devices (for admins)
|
||||||
|
parameters:
|
||||||
|
- in: query
|
||||||
|
name: name
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
- name: ordering
|
||||||
|
required: false
|
||||||
|
in: query
|
||||||
|
description: Which field to use when ordering the results.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
- name: page
|
||||||
|
required: false
|
||||||
|
in: query
|
||||||
|
description: A page number within the paginated result set.
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
- name: page_size
|
||||||
|
required: false
|
||||||
|
in: query
|
||||||
|
description: Number of results to return per page.
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
- name: search
|
||||||
|
required: false
|
||||||
|
in: query
|
||||||
|
description: A search term.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
tags:
|
||||||
|
- authenticators
|
||||||
|
security:
|
||||||
|
- authentik: []
|
||||||
|
- cookieAuth: []
|
||||||
|
responses:
|
||||||
|
'200':
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/PaginatedDuoDeviceList'
|
||||||
|
description: ''
|
||||||
|
'400':
|
||||||
|
$ref: '#/components/schemas/ValidationError'
|
||||||
|
'403':
|
||||||
|
$ref: '#/components/schemas/GenericError'
|
||||||
|
/api/v2beta/authenticators/admin/duo/{id}/:
|
||||||
|
get:
|
||||||
|
operationId: authenticators_admin_duo_retrieve
|
||||||
|
description: Viewset for Duo authenticator devices (for admins)
|
||||||
|
parameters:
|
||||||
|
- in: path
|
||||||
|
name: id
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
description: A unique integer value identifying this Duo Device.
|
||||||
|
required: true
|
||||||
|
tags:
|
||||||
|
- authenticators
|
||||||
|
security:
|
||||||
|
- authentik: []
|
||||||
|
- cookieAuth: []
|
||||||
|
responses:
|
||||||
|
'200':
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/DuoDevice'
|
||||||
|
description: ''
|
||||||
|
'400':
|
||||||
|
$ref: '#/components/schemas/ValidationError'
|
||||||
|
'403':
|
||||||
|
$ref: '#/components/schemas/GenericError'
|
||||||
/api/v2beta/authenticators/admin/static/:
|
/api/v2beta/authenticators/admin/static/:
|
||||||
get:
|
get:
|
||||||
operationId: authenticators_admin_static_list
|
operationId: authenticators_admin_static_list
|
||||||
|
@ -395,6 +471,179 @@ paths:
|
||||||
$ref: '#/components/schemas/ValidationError'
|
$ref: '#/components/schemas/ValidationError'
|
||||||
'403':
|
'403':
|
||||||
$ref: '#/components/schemas/GenericError'
|
$ref: '#/components/schemas/GenericError'
|
||||||
|
/api/v2beta/authenticators/duo/:
|
||||||
|
get:
|
||||||
|
operationId: authenticators_duo_list
|
||||||
|
description: Viewset for Duo authenticator devices
|
||||||
|
parameters:
|
||||||
|
- in: query
|
||||||
|
name: name
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
- name: ordering
|
||||||
|
required: false
|
||||||
|
in: query
|
||||||
|
description: Which field to use when ordering the results.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
- name: page
|
||||||
|
required: false
|
||||||
|
in: query
|
||||||
|
description: A page number within the paginated result set.
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
- name: page_size
|
||||||
|
required: false
|
||||||
|
in: query
|
||||||
|
description: Number of results to return per page.
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
- name: search
|
||||||
|
required: false
|
||||||
|
in: query
|
||||||
|
description: A search term.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
tags:
|
||||||
|
- authenticators
|
||||||
|
security:
|
||||||
|
- authentik: []
|
||||||
|
- cookieAuth: []
|
||||||
|
responses:
|
||||||
|
'200':
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/PaginatedDuoDeviceList'
|
||||||
|
description: ''
|
||||||
|
'400':
|
||||||
|
$ref: '#/components/schemas/ValidationError'
|
||||||
|
'403':
|
||||||
|
$ref: '#/components/schemas/GenericError'
|
||||||
|
/api/v2beta/authenticators/duo/{id}/:
|
||||||
|
get:
|
||||||
|
operationId: authenticators_duo_retrieve
|
||||||
|
description: Viewset for Duo authenticator devices
|
||||||
|
parameters:
|
||||||
|
- in: path
|
||||||
|
name: id
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
description: A unique integer value identifying this Duo Device.
|
||||||
|
required: true
|
||||||
|
tags:
|
||||||
|
- authenticators
|
||||||
|
security:
|
||||||
|
- authentik: []
|
||||||
|
- cookieAuth: []
|
||||||
|
responses:
|
||||||
|
'200':
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/DuoDevice'
|
||||||
|
description: ''
|
||||||
|
'400':
|
||||||
|
$ref: '#/components/schemas/ValidationError'
|
||||||
|
'403':
|
||||||
|
$ref: '#/components/schemas/GenericError'
|
||||||
|
put:
|
||||||
|
operationId: authenticators_duo_update
|
||||||
|
description: Viewset for Duo authenticator devices
|
||||||
|
parameters:
|
||||||
|
- in: path
|
||||||
|
name: id
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
description: A unique integer value identifying this Duo Device.
|
||||||
|
required: true
|
||||||
|
tags:
|
||||||
|
- authenticators
|
||||||
|
requestBody:
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/DuoDeviceRequest'
|
||||||
|
application/x-www-form-urlencoded:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/DuoDeviceRequest'
|
||||||
|
multipart/form-data:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/DuoDeviceRequest'
|
||||||
|
required: true
|
||||||
|
security:
|
||||||
|
- authentik: []
|
||||||
|
- cookieAuth: []
|
||||||
|
responses:
|
||||||
|
'200':
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/DuoDevice'
|
||||||
|
description: ''
|
||||||
|
'400':
|
||||||
|
$ref: '#/components/schemas/ValidationError'
|
||||||
|
'403':
|
||||||
|
$ref: '#/components/schemas/GenericError'
|
||||||
|
patch:
|
||||||
|
operationId: authenticators_duo_partial_update
|
||||||
|
description: Viewset for Duo authenticator devices
|
||||||
|
parameters:
|
||||||
|
- in: path
|
||||||
|
name: id
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
description: A unique integer value identifying this Duo Device.
|
||||||
|
required: true
|
||||||
|
tags:
|
||||||
|
- authenticators
|
||||||
|
requestBody:
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
|
||||||
|
application/x-www-form-urlencoded:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
|
||||||
|
multipart/form-data:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
|
||||||
|
security:
|
||||||
|
- authentik: []
|
||||||
|
- cookieAuth: []
|
||||||
|
responses:
|
||||||
|
'200':
|
||||||
|
content:
|
||||||
|
application/json:
|
||||||
|
schema:
|
||||||
|
$ref: '#/components/schemas/DuoDevice'
|
||||||
|
description: ''
|
||||||
|
'400':
|
||||||
|
$ref: '#/components/schemas/ValidationError'
|
||||||
|
'403':
|
||||||
|
$ref: '#/components/schemas/GenericError'
|
||||||
|
delete:
|
||||||
|
operationId: authenticators_duo_destroy
|
||||||
|
description: Viewset for Duo authenticator devices
|
||||||
|
parameters:
|
||||||
|
- in: path
|
||||||
|
name: id
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
description: A unique integer value identifying this Duo Device.
|
||||||
|
required: true
|
||||||
|
tags:
|
||||||
|
- authenticators
|
||||||
|
security:
|
||||||
|
- authentik: []
|
||||||
|
- cookieAuth: []
|
||||||
|
responses:
|
||||||
|
'204':
|
||||||
|
description: No response body
|
||||||
|
'400':
|
||||||
|
$ref: '#/components/schemas/ValidationError'
|
||||||
|
'403':
|
||||||
|
$ref: '#/components/schemas/GenericError'
|
||||||
/api/v2beta/authenticators/static/:
|
/api/v2beta/authenticators/static/:
|
||||||
get:
|
get:
|
||||||
operationId: authenticators_static_list
|
operationId: authenticators_static_list
|
||||||
|
@ -16316,6 +16565,31 @@ components:
|
||||||
$ref: '#/components/schemas/FlowRequest'
|
$ref: '#/components/schemas/FlowRequest'
|
||||||
required:
|
required:
|
||||||
- name
|
- name
|
||||||
|
DuoDevice:
|
||||||
|
type: object
|
||||||
|
description: Serializer for Duo authenticator devices
|
||||||
|
properties:
|
||||||
|
pk:
|
||||||
|
type: integer
|
||||||
|
readOnly: true
|
||||||
|
title: ID
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
description: The human-readable name of this device.
|
||||||
|
maxLength: 64
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
- pk
|
||||||
|
DuoDeviceRequest:
|
||||||
|
type: object
|
||||||
|
description: Serializer for Duo authenticator devices
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
description: The human-readable name of this device.
|
||||||
|
maxLength: 64
|
||||||
|
required:
|
||||||
|
- name
|
||||||
EmailChallenge:
|
EmailChallenge:
|
||||||
type: object
|
type: object
|
||||||
description: Email challenge
|
description: Email challenge
|
||||||
|
@ -18940,6 +19214,41 @@ components:
|
||||||
required:
|
required:
|
||||||
- pagination
|
- pagination
|
||||||
- results
|
- results
|
||||||
|
PaginatedDuoDeviceList:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
pagination:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
next:
|
||||||
|
type: number
|
||||||
|
previous:
|
||||||
|
type: number
|
||||||
|
count:
|
||||||
|
type: number
|
||||||
|
current:
|
||||||
|
type: number
|
||||||
|
total_pages:
|
||||||
|
type: number
|
||||||
|
start_index:
|
||||||
|
type: number
|
||||||
|
end_index:
|
||||||
|
type: number
|
||||||
|
required:
|
||||||
|
- next
|
||||||
|
- previous
|
||||||
|
- count
|
||||||
|
- current
|
||||||
|
- total_pages
|
||||||
|
- start_index
|
||||||
|
- end_index
|
||||||
|
results:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
$ref: '#/components/schemas/DuoDevice'
|
||||||
|
required:
|
||||||
|
- pagination
|
||||||
|
- results
|
||||||
PaginatedEmailStageList:
|
PaginatedEmailStageList:
|
||||||
type: object
|
type: object
|
||||||
properties:
|
properties:
|
||||||
|
@ -21421,6 +21730,14 @@ components:
|
||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
$ref: '#/components/schemas/FlowRequest'
|
$ref: '#/components/schemas/FlowRequest'
|
||||||
|
PatchedDuoDeviceRequest:
|
||||||
|
type: object
|
||||||
|
description: Serializer for Duo authenticator devices
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
description: The human-readable name of this device.
|
||||||
|
maxLength: 64
|
||||||
PatchedEmailStageRequest:
|
PatchedEmailStageRequest:
|
||||||
type: object
|
type: object
|
||||||
description: EmailStage Serializer
|
description: EmailStage Serializer
|
||||||
|
|
|
@ -100,7 +100,6 @@ export class FlowExecutor extends LitElement implements StageHost {
|
||||||
submit(payload: FlowChallengeResponseRequest): Promise<void> {
|
submit(payload: FlowChallengeResponseRequest): Promise<void> {
|
||||||
// @ts-ignore
|
// @ts-ignore
|
||||||
payload.component = this.challenge?.component;
|
payload.component = this.challenge?.component;
|
||||||
console.log(payload);
|
|
||||||
this.loading = true;
|
this.loading = true;
|
||||||
return new FlowsApi(DEFAULT_CONFIG).flowsExecutorSolve({
|
return new FlowsApi(DEFAULT_CONFIG).flowsExecutorSolve({
|
||||||
flowSlug: this.flowSlug,
|
flowSlug: this.flowSlug,
|
||||||
|
|
|
@ -13,7 +13,6 @@ import "../../../elements/forms/FormGroup";
|
||||||
export class SAMLProviderFormPage extends ModelForm<SAMLProvider, number> {
|
export class SAMLProviderFormPage extends ModelForm<SAMLProvider, number> {
|
||||||
|
|
||||||
loadInstance(pk: number): Promise<SAMLProvider> {
|
loadInstance(pk: number): Promise<SAMLProvider> {
|
||||||
console.log("reading saml provider");
|
|
||||||
return new ProvidersApi(DEFAULT_CONFIG).providersSamlRetrieve({
|
return new ProvidersApi(DEFAULT_CONFIG).providersSamlRetrieve({
|
||||||
id: pk,
|
id: pk,
|
||||||
});
|
});
|
||||||
|
|
|
@ -18,27 +18,17 @@ export class UserSettingsAuthenticatorDuo extends BaseUserSettings {
|
||||||
${t`Status: Enabled`}
|
${t`Status: Enabled`}
|
||||||
<i class="pf-icon pf-icon-ok"></i>
|
<i class="pf-icon pf-icon-ok"></i>
|
||||||
</p>
|
</p>
|
||||||
<ul class="ak-otp-tokens">
|
|
||||||
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticList({}).then((devices) => {
|
|
||||||
if (devices.results.length < 1) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
return devices.results[0].tokenSet?.map((token) => {
|
|
||||||
return html`<li>${token.token}</li>`;
|
|
||||||
});
|
|
||||||
}))}
|
|
||||||
</ul>
|
|
||||||
</div>
|
</div>
|
||||||
<div class="pf-c-card__footer">
|
<div class="pf-c-card__footer">
|
||||||
<button
|
<button
|
||||||
class="pf-c-button pf-m-danger"
|
class="pf-c-button pf-m-danger"
|
||||||
@click=${() => {
|
@click=${() => {
|
||||||
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticList({}).then((devices) => {
|
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsDuoList({}).then((devices) => {
|
||||||
if (devices.results.length < 1) {
|
if (devices.results.length < 1) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// TODO: Handle multiple devices, currently we assume only one TOTP Device
|
// TODO: Handle multiple devices, currently we assume only one TOTP Device
|
||||||
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticDestroy({
|
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsDuoDestroy({
|
||||||
id: devices.results[0].pk || 0
|
id: devices.results[0].pk || 0
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
@ -70,7 +60,7 @@ export class UserSettingsAuthenticatorDuo extends BaseUserSettings {
|
||||||
${t`Duo`}
|
${t`Duo`}
|
||||||
</div>
|
</div>
|
||||||
${this.renderDisabled()}
|
${this.renderDisabled()}
|
||||||
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticList({}).then((devices) => {
|
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsDuoList({}).then((devices) => {
|
||||||
return devices.results.length > 0 ? this.renderEnabled() : this.renderDisabled();
|
return devices.results.length > 0 ? this.renderEnabled() : this.renderDisabled();
|
||||||
}))}
|
}))}
|
||||||
</div>`;
|
</div>`;
|
||||||
|
|
Reference in a new issue