policies/*: cleanup api and forms, use correct inheritance

This commit is contained in:
Jens Langhammer 2021-02-11 19:48:19 +01:00
parent 6fc740a98b
commit aa0f5df218
20 changed files with 148 additions and 69 deletions

View file

@ -25,7 +25,7 @@ class SourceSerializer(ModelSerializer, MetaNameSerializer):
class Meta: class Meta:
model = Source model = Source
fields = SOURCE_SERIALIZER_FIELDS = [ fields = [
"pk", "pk",
"name", "name",
"slug", "slug",

View file

@ -12,7 +12,6 @@ from rest_framework.serializers import (
) )
from rest_framework.viewsets import GenericViewSet, ModelViewSet, ReadOnlyModelViewSet from rest_framework.viewsets import GenericViewSet, ModelViewSet, ReadOnlyModelViewSet
from authentik.policies.forms import GENERAL_FIELDS
from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel
@ -49,22 +48,28 @@ class PolicyBindingModelForeignKey(PrimaryKeyRelatedField):
class PolicySerializer(ModelSerializer): class PolicySerializer(ModelSerializer):
"""Policy Serializer""" """Policy Serializer"""
__type__ = SerializerMethodField(method_name="get_type") _resolve_inheritance: bool
def get_type(self, obj): def __init__(self, *args, resolve_inheritance: bool = True, **kwargs):
super().__init__(*args, **kwargs)
self._resolve_inheritance = resolve_inheritance
object_type = SerializerMethodField()
def get_object_type(self, obj):
"""Get object type so that we know which API Endpoint to use to get the full object""" """Get object type so that we know which API Endpoint to use to get the full object"""
return obj._meta.object_name.lower().replace("policy", "") return obj._meta.object_name.lower().replace("provider", "")
def to_representation(self, instance: Policy): def to_representation(self, instance: Policy):
# pyright: reportGeneralTypeIssues=false # pyright: reportGeneralTypeIssues=false
if instance.__class__ == Policy: if instance.__class__ == Policy or not self._resolve_inheritance:
return super().to_representation(instance) return super().to_representation(instance)
return instance.serializer(instance=instance).data return instance.serializer(instance=instance, resolve_inheritance=False).data
class Meta: class Meta:
model = Policy model = Policy
fields = ["pk"] + GENERAL_FIELDS + ["__type__"] fields = ["pk", "name", "execution_logging", "object_type"]
depth = 3 depth = 3

View file

@ -1,17 +1,16 @@
"""Dummy Policy API Views""" """Dummy Policy API Views"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.policies.api import PolicySerializer
from authentik.policies.dummy.models import DummyPolicy from authentik.policies.dummy.models import DummyPolicy
from authentik.policies.forms import GENERAL_SERIALIZER_FIELDS
class DummyPolicySerializer(ModelSerializer): class DummyPolicySerializer(PolicySerializer):
"""Dummy Policy Serializer""" """Dummy Policy Serializer"""
class Meta: class Meta:
model = DummyPolicy model = DummyPolicy
fields = GENERAL_SERIALIZER_FIELDS + ["result", "wait_min", "wait_max"] fields = PolicySerializer.Meta.fields + ["result", "wait_min", "wait_max"]
class DummyPolicyViewSet(ModelViewSet): class DummyPolicyViewSet(ModelViewSet):

View file

@ -4,16 +4,16 @@ from django import forms
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from authentik.policies.dummy.models import DummyPolicy from authentik.policies.dummy.models import DummyPolicy
from authentik.policies.forms import GENERAL_FIELDS from authentik.policies.forms import PolicyForm
class DummyPolicyForm(forms.ModelForm): class DummyPolicyForm(PolicyForm):
"""DummyPolicyForm Form""" """DummyPolicyForm Form"""
class Meta: class Meta:
model = DummyPolicy model = DummyPolicy
fields = GENERAL_FIELDS + ["result", "wait_min", "wait_max"] fields = PolicyForm.Meta.fields + ["result", "wait_min", "wait_max"]
widgets = { widgets = {
"name": forms.TextInput(), "name": forms.TextInput(),
} }

View file

@ -1,17 +1,16 @@
"""Event Matcher Policy API""" """Event Matcher Policy API"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.policies.api import PolicySerializer
from authentik.policies.event_matcher.models import EventMatcherPolicy from authentik.policies.event_matcher.models import EventMatcherPolicy
from authentik.policies.forms import GENERAL_SERIALIZER_FIELDS
class EventMatcherPolicySerializer(ModelSerializer): class EventMatcherPolicySerializer(PolicySerializer):
"""Event Matcher Policy Serializer""" """Event Matcher Policy Serializer"""
class Meta: class Meta:
model = EventMatcherPolicy model = EventMatcherPolicy
fields = GENERAL_SERIALIZER_FIELDS + [ fields = PolicySerializer.Meta.fields + [
"action", "action",
"client_ip", "client_ip",
"app", "app",

View file

@ -4,16 +4,16 @@ from django import forms
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from authentik.policies.event_matcher.models import EventMatcherPolicy from authentik.policies.event_matcher.models import EventMatcherPolicy
from authentik.policies.forms import GENERAL_FIELDS from authentik.policies.forms import PolicyForm
class EventMatcherPolicyForm(forms.ModelForm): class EventMatcherPolicyForm(PolicyForm):
"""EventMatcherPolicy Form""" """EventMatcherPolicy Form"""
class Meta: class Meta:
model = EventMatcherPolicy model = EventMatcherPolicy
fields = GENERAL_FIELDS + [ fields = PolicyForm.Meta.fields + [
"action", "action",
"client_ip", "client_ip",
"app", "app",

View file

@ -1,17 +1,16 @@
"""Password Expiry Policy API Views""" """Password Expiry Policy API Views"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.policies.api import PolicySerializer
from authentik.policies.expiry.models import PasswordExpiryPolicy from authentik.policies.expiry.models import PasswordExpiryPolicy
from authentik.policies.forms import GENERAL_SERIALIZER_FIELDS
class PasswordExpiryPolicySerializer(ModelSerializer): class PasswordExpiryPolicySerializer(PolicySerializer):
"""Password Expiry Policy Serializer""" """Password Expiry Policy Serializer"""
class Meta: class Meta:
model = PasswordExpiryPolicy model = PasswordExpiryPolicy
fields = GENERAL_SERIALIZER_FIELDS + ["days", "deny_only"] fields = PolicySerializer.Meta.fields + ["days", "deny_only"]
class PasswordExpiryPolicyViewSet(ModelViewSet): class PasswordExpiryPolicyViewSet(ModelViewSet):

View file

@ -4,16 +4,16 @@ from django import forms
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from authentik.policies.expiry.models import PasswordExpiryPolicy from authentik.policies.expiry.models import PasswordExpiryPolicy
from authentik.policies.forms import GENERAL_FIELDS from authentik.policies.forms import PolicyForm
class PasswordExpiryPolicyForm(forms.ModelForm): class PasswordExpiryPolicyForm(PolicyForm):
"""Edit PasswordExpiryPolicy instances""" """Edit PasswordExpiryPolicy instances"""
class Meta: class Meta:
model = PasswordExpiryPolicy model = PasswordExpiryPolicy
fields = GENERAL_FIELDS + ["days", "deny_only"] fields = PolicyForm.Meta.fields + ["days", "deny_only"]
widgets = { widgets = {
"name": forms.TextInput(), "name": forms.TextInput(),
"order": forms.NumberInput(), "order": forms.NumberInput(),

View file

@ -1,17 +1,16 @@
"""Expression Policy API""" """Expression Policy API"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.policies.api import PolicySerializer
from authentik.policies.expression.models import ExpressionPolicy from authentik.policies.expression.models import ExpressionPolicy
from authentik.policies.forms import GENERAL_SERIALIZER_FIELDS
class ExpressionPolicySerializer(ModelSerializer): class ExpressionPolicySerializer(PolicySerializer):
"""Group Membership Policy Serializer""" """Group Membership Policy Serializer"""
class Meta: class Meta:
model = ExpressionPolicy model = ExpressionPolicy
fields = GENERAL_SERIALIZER_FIELDS + ["expression"] fields = PolicySerializer.Meta.fields + ["expression"]
class ExpressionPolicyViewSet(ModelViewSet): class ExpressionPolicyViewSet(ModelViewSet):

View file

@ -5,10 +5,10 @@ from django import forms
from authentik.admin.fields import CodeMirrorWidget from authentik.admin.fields import CodeMirrorWidget
from authentik.policies.expression.evaluator import PolicyEvaluator from authentik.policies.expression.evaluator import PolicyEvaluator
from authentik.policies.expression.models import ExpressionPolicy from authentik.policies.expression.models import ExpressionPolicy
from authentik.policies.forms import GENERAL_FIELDS from authentik.policies.forms import PolicyForm
class ExpressionPolicyForm(forms.ModelForm): class ExpressionPolicyForm(PolicyForm):
"""ExpressionPolicy Form""" """ExpressionPolicy Form"""
template_name = "policy/expression/form.html" template_name = "policy/expression/form.html"
@ -22,7 +22,7 @@ class ExpressionPolicyForm(forms.ModelForm):
class Meta: class Meta:
model = ExpressionPolicy model = ExpressionPolicy
fields = GENERAL_FIELDS + [ fields = PolicyForm.Meta.fields + [
"expression", "expression",
] ]
widgets = { widgets = {

View file

@ -5,9 +5,6 @@ from django import forms
from authentik.lib.widgets import GroupedModelChoiceField from authentik.lib.widgets import GroupedModelChoiceField
from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel
GENERAL_FIELDS = ["name", "execution_logging"]
GENERAL_SERIALIZER_FIELDS = ["pk", "name"]
class PolicyBindingForm(forms.ModelForm): class PolicyBindingForm(forms.ModelForm):
"""Form to edit Policy to PolicyBindingModel Binding""" """Form to edit Policy to PolicyBindingModel Binding"""
@ -29,3 +26,12 @@ class PolicyBindingForm(forms.ModelForm):
model = PolicyBinding model = PolicyBinding
fields = ["enabled", "policy", "target", "order", "timeout"] fields = ["enabled", "policy", "target", "order", "timeout"]
class PolicyForm(forms.ModelForm):
"""Base Policy form"""
class Meta:
model = Policy
fields = ["name", "execution_logging"]

View file

@ -1,17 +1,16 @@
"""Group Membership Policy API""" """Group Membership Policy API"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.policies.forms import GENERAL_SERIALIZER_FIELDS from authentik.policies.api import PolicySerializer
from authentik.policies.group_membership.models import GroupMembershipPolicy from authentik.policies.group_membership.models import GroupMembershipPolicy
class GroupMembershipPolicySerializer(ModelSerializer): class GroupMembershipPolicySerializer(PolicySerializer):
"""Group Membership Policy Serializer""" """Group Membership Policy Serializer"""
class Meta: class Meta:
model = GroupMembershipPolicy model = GroupMembershipPolicy
fields = GENERAL_SERIALIZER_FIELDS + [ fields = PolicySerializer.Meta.fields + [
"group", "group",
] ]

View file

@ -2,17 +2,17 @@
from django import forms from django import forms
from authentik.policies.forms import GENERAL_FIELDS from authentik.policies.forms import PolicyForm
from authentik.policies.group_membership.models import GroupMembershipPolicy from authentik.policies.group_membership.models import GroupMembershipPolicy
class GroupMembershipPolicyForm(forms.ModelForm): class GroupMembershipPolicyForm(PolicyForm):
"""GroupMembershipPolicy Form""" """GroupMembershipPolicy Form"""
class Meta: class Meta:
model = GroupMembershipPolicy model = GroupMembershipPolicy
fields = GENERAL_FIELDS + [ fields = PolicyForm.Meta.fields + [
"group", "group",
] ]
widgets = { widgets = {

View file

@ -1,17 +1,16 @@
"""Source API Views""" """Source API Views"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.policies.forms import GENERAL_SERIALIZER_FIELDS from authentik.policies.api import PolicySerializer
from authentik.policies.hibp.models import HaveIBeenPwendPolicy from authentik.policies.hibp.models import HaveIBeenPwendPolicy
class HaveIBeenPwendPolicySerializer(ModelSerializer): class HaveIBeenPwendPolicySerializer(PolicySerializer):
"""Have I Been Pwned Policy Serializer""" """Have I Been Pwned Policy Serializer"""
class Meta: class Meta:
model = HaveIBeenPwendPolicy model = HaveIBeenPwendPolicy
fields = GENERAL_SERIALIZER_FIELDS + ["password_field", "allowed_count"] fields = PolicySerializer.Meta.fields + ["password_field", "allowed_count"]
class HaveIBeenPwendPolicyViewSet(ModelViewSet): class HaveIBeenPwendPolicyViewSet(ModelViewSet):

View file

@ -2,17 +2,17 @@
from django import forms from django import forms
from authentik.policies.forms import GENERAL_FIELDS from authentik.policies.forms import PolicyForm
from authentik.policies.hibp.models import HaveIBeenPwendPolicy from authentik.policies.hibp.models import HaveIBeenPwendPolicy
class HaveIBeenPwnedPolicyForm(forms.ModelForm): class HaveIBeenPwnedPolicyForm(PolicyForm):
"""Edit HaveIBeenPwendPolicy instances""" """Edit HaveIBeenPwendPolicy instances"""
class Meta: class Meta:
model = HaveIBeenPwendPolicy model = HaveIBeenPwendPolicy
fields = GENERAL_FIELDS + ["password_field", "allowed_count"] fields = PolicyForm.Meta.fields + ["password_field", "allowed_count"]
widgets = { widgets = {
"name": forms.TextInput(), "name": forms.TextInput(),
"password_field": forms.TextInput(), "password_field": forms.TextInput(),

View file

@ -1,17 +1,16 @@
"""Password Policy API Views""" """Password Policy API Views"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.policies.forms import GENERAL_SERIALIZER_FIELDS from authentik.policies.api import PolicySerializer
from authentik.policies.password.models import PasswordPolicy from authentik.policies.password.models import PasswordPolicy
class PasswordPolicySerializer(ModelSerializer): class PasswordPolicySerializer(PolicySerializer):
"""Password Policy Serializer""" """Password Policy Serializer"""
class Meta: class Meta:
model = PasswordPolicy model = PasswordPolicy
fields = GENERAL_SERIALIZER_FIELDS + [ fields = PolicySerializer.Meta.fields + [
"password_field", "password_field",
"amount_uppercase", "amount_uppercase",
"amount_lowercase", "amount_lowercase",

View file

@ -3,17 +3,17 @@
from django import forms from django import forms
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from authentik.policies.forms import GENERAL_FIELDS from authentik.policies.forms import PolicyForm
from authentik.policies.password.models import PasswordPolicy from authentik.policies.password.models import PasswordPolicy
class PasswordPolicyForm(forms.ModelForm): class PasswordPolicyForm(PolicyForm):
"""PasswordPolicy Form""" """PasswordPolicy Form"""
class Meta: class Meta:
model = PasswordPolicy model = PasswordPolicy
fields = GENERAL_FIELDS + [ fields = PolicyForm.Meta.fields + [
"password_field", "password_field",
"amount_uppercase", "amount_uppercase",
"amount_lowercase", "amount_lowercase",

View file

@ -1,17 +1,20 @@
"""Source API Views""" """Source API Views"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.policies.forms import GENERAL_SERIALIZER_FIELDS from authentik.policies.api import PolicySerializer
from authentik.policies.reputation.models import ReputationPolicy from authentik.policies.reputation.models import ReputationPolicy
class ReputationPolicySerializer(ModelSerializer): class ReputationPolicySerializer(PolicySerializer):
"""Reputation Policy Serializer""" """Reputation Policy Serializer"""
class Meta: class Meta:
model = ReputationPolicy model = ReputationPolicy
fields = GENERAL_SERIALIZER_FIELDS + ["check_ip", "check_username", "threshold"] fields = PolicySerializer.Meta.fields + [
"check_ip",
"check_username",
"threshold",
]
class ReputationPolicyViewSet(ModelViewSet): class ReputationPolicyViewSet(ModelViewSet):

View file

@ -2,17 +2,17 @@
from django import forms from django import forms
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from authentik.policies.forms import GENERAL_FIELDS from authentik.policies.forms import PolicyForm
from authentik.policies.reputation.models import ReputationPolicy from authentik.policies.reputation.models import ReputationPolicy
class ReputationPolicyForm(forms.ModelForm): class ReputationPolicyForm(PolicyForm):
"""Form to edit ReputationPolicy""" """Form to edit ReputationPolicy"""
class Meta: class Meta:
model = ReputationPolicy model = ReputationPolicy
fields = GENERAL_FIELDS + ["check_ip", "check_username", "threshold"] fields = PolicyForm.Meta.fields + ["check_ip", "check_username", "threshold"]
widgets = { widgets = {
"name": forms.TextInput(), "name": forms.TextInput(),
"value": forms.TextInput(), "value": forms.TextInput(),

View file

@ -8626,8 +8626,8 @@ definitions:
description: When this option is enabled, all executions of this policy will description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged. be logged. By default, only execution errors are logged.
type: boolean type: boolean
__type__: object_type:
title: 'type ' title: Object type
type: string type: string
readOnly: true readOnly: true
PolicyBinding: PolicyBinding:
@ -8680,6 +8680,15 @@ definitions:
title: Name title: Name
type: string type: string
x-nullable: true x-nullable: true
execution_logging:
title: Execution logging
description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged.
type: boolean
object_type:
title: Object type
type: string
readOnly: true
result: result:
title: Result title: Result
type: boolean type: boolean
@ -8706,6 +8715,15 @@ definitions:
title: Name title: Name
type: string type: string
x-nullable: true x-nullable: true
execution_logging:
title: Execution logging
description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged.
type: boolean
object_type:
title: Object type
type: string
readOnly: true
action: action:
title: Action title: Action
description: Match created events with this action type. When left empty, description: Match created events with this action type. When left empty,
@ -8801,6 +8819,15 @@ definitions:
title: Name title: Name
type: string type: string
x-nullable: true x-nullable: true
execution_logging:
title: Execution logging
description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged.
type: boolean
object_type:
title: Object type
type: string
readOnly: true
expression: expression:
title: Expression title: Expression
type: string type: string
@ -8818,6 +8845,15 @@ definitions:
title: Name title: Name
type: string type: string
x-nullable: true x-nullable: true
execution_logging:
title: Execution logging
description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged.
type: boolean
object_type:
title: Object type
type: string
readOnly: true
group: group:
title: Group title: Group
type: string type: string
@ -8836,6 +8872,15 @@ definitions:
title: Name title: Name
type: string type: string
x-nullable: true x-nullable: true
execution_logging:
title: Execution logging
description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged.
type: boolean
object_type:
title: Object type
type: string
readOnly: true
password_field: password_field:
title: Password field title: Password field
description: Field key to check, field keys defined in Prompt stages are available. description: Field key to check, field keys defined in Prompt stages are available.
@ -8861,6 +8906,15 @@ definitions:
title: Name title: Name
type: string type: string
x-nullable: true x-nullable: true
execution_logging:
title: Execution logging
description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged.
type: boolean
object_type:
title: Object type
type: string
readOnly: true
password_field: password_field:
title: Password field title: Password field
description: Field key to check, field keys defined in Prompt stages are available. description: Field key to check, field keys defined in Prompt stages are available.
@ -8909,6 +8963,15 @@ definitions:
title: Name title: Name
type: string type: string
x-nullable: true x-nullable: true
execution_logging:
title: Execution logging
description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged.
type: boolean
object_type:
title: Object type
type: string
readOnly: true
days: days:
title: Days title: Days
type: integer type: integer
@ -8930,6 +8993,15 @@ definitions:
title: Name title: Name
type: string type: string
x-nullable: true x-nullable: true
execution_logging:
title: Execution logging
description: When this option is enabled, all executions of this policy will
be logged. By default, only execution errors are logged.
type: boolean
object_type:
title: Object type
type: string
readOnly: true
check_ip: check_ip:
title: Check ip title: Check ip
type: boolean type: boolean