build(deps-dev): bump pylint from 2.7.2 to 2.7.3 (#674)

* build(deps-dev): bump pylint from 2.7.2 to 2.7.3

Bumps [pylint](https://github.com/PyCQA/pylint) from 2.7.2 to 2.7.3.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Changelog](https://github.com/PyCQA/pylint/blob/master/ChangeLog)
- [Commits](https://github.com/PyCQA/pylint/compare/pylint-2.7.2...pylint-2.7.3)

Signed-off-by: dependabot[bot] <support@github.com>

* sources/saml: fix linting for SAMLBindingTypes.Redirect

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* sources/oauth: Fix linting for RequestKind

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: fix linting for ChallengeTypes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>

.prospector.yaml

@@ -1,12 +0,0 @@
-strictness: medium
-test-warnings: true
-doc-warnings: false
-
-ignore-paths:
-  - migrations
-  - docs
-  - node_modules
-
-uses:
-  - django
-  - celery

.pylintrc

@@ -1,29 +0,0 @@
-[MASTER]
-
-disable =
-    arguments-differ,
-    no-self-use,
-    fixme,
-    locally-disabled,
-    too-many-ancestors,
-    too-few-public-methods,
-    import-outside-toplevel,
-    bad-continuation,
-    signature-differs,
-    similarities,
-    cyclic-import,
-    protected-access,
-    raise-missing-from
-
-load-plugins=pylint_django,pylint.extensions.bad_builtin
-django-settings-module=authentik.root.settings
-extension-pkg-whitelist=lxml,xmlsec
-
-# Allow constants to be shorter than normal (and lowercase, for settings.py)
-const-rgx=[a-zA-Z0-9_]{1,40}$
-
-ignored-modules=django-otp
-generated-members=xmlsec.constants.*,xmlsec.tree.*,xmlsec.template.*
-ignore=migrations
-max-attributes=12
-max-branches=20

Pipfile.lock

@@ -122,8 +122,8 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:ee999b46b2c630e50e7b052d6dfe224203a348d83b00e168ca50009af0f276c1",
-                "sha256:54380395ba52502a9877cd0c4c9c9834341ce74c96c9f1ecc6fd77bade1b201a"
+                "sha256:54380395ba52502a9877cd0c4c9c9834341ce74c96c9f1ecc6fd77bade1b201a",
+                "sha256:ee999b46b2c630e50e7b052d6dfe224203a348d83b00e168ca50009af0f276c1"
             ],
             "index": "pypi",
             "version": "==1.17.40"
@@ -611,11 +611,11 @@
         },
         "ldap3": {
             "hashes": [
-                "sha256:afc6fc0d01f02af82cd7bfabd3bbfd5dc96a6ae91e97db0a2dab8a0f1b436056",
-                "sha256:c1df41d89459be6f304e0ceec4b00fdea533dbbcd83c802b1272dcdb94620b57",
-                "sha256:8c949edbad2be8a03e719ba48bd6779f327ec156929562814b3e84ab56889c8c",
+                "sha256:18c3ee656a6775b9b0d60f7c6c5b094d878d1d90fc03d56731039f0a4b546a91",
                 "sha256:4139c91f0eef9782df7b77c8cbc6243086affcb6a8a249b768a9658438e5da59",
-                "sha256:18c3ee656a6775b9b0d60f7c6c5b094d878d1d90fc03d56731039f0a4b546a91"
+                "sha256:8c949edbad2be8a03e719ba48bd6779f327ec156929562814b3e84ab56889c8c",
+                "sha256:afc6fc0d01f02af82cd7bfabd3bbfd5dc96a6ae91e97db0a2dab8a0f1b436056",
+                "sha256:c1df41d89459be6f304e0ceec4b00fdea533dbbcd83c802b1272dcdb94620b57"
             ],
             "index": "pypi",
             "version": "==2.9"
@@ -877,37 +877,37 @@
         },
         "pyasn1": {
             "hashes": [
-                "sha256:7ab8a544af125fb704feadb008c99a88805126fb525280b2270bb25cc1d78a12",
                 "sha256:014c0e9976956a08139dc0712ae195324a75e142284d5f87f1a87ee1b068a359",
-                "sha256:99fcc3c8d804d1bc6d9a099921e39d827026409a58f2a720dcdb89374ea0c776",
-                "sha256:6e7545f1a61025a4e58bb336952c5061697da694db1cae97b116e9c46abcf7c8",
-                "sha256:fec3e9d8e36808a28efb59b489e4528c10ad0f480e57dcc32b4de5c9d8c9fdf3",
-                "sha256:78fa6da68ed2727915c4767bb386ab32cdba863caa7dbe473eaae45f9959da86",
-                "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba",
-                "sha256:08c3c53b75eaa48d71cf8c710312316392ed40899cb34710d092e96745a358b7",
-                "sha256:e89bf84b5437b532b0803ba5c9a5e054d21fec423a89952a74f87fa2c9b7bce2",
-                "sha256:5c9414dcfede6e441f7e8f81b43b34e834731003427e5b09e4e00e3172a10f00",
                 "sha256:03840c999ba71680a131cfaee6fab142e1ed9bbd9c693e285cc6aca0d555e576",
                 "sha256:0458773cfe65b153891ac249bcf1b5f8f320b7c2ce462151f8fa74de8934becf",
-                "sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d"
+                "sha256:08c3c53b75eaa48d71cf8c710312316392ed40899cb34710d092e96745a358b7",
+                "sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d",
+                "sha256:5c9414dcfede6e441f7e8f81b43b34e834731003427e5b09e4e00e3172a10f00",
+                "sha256:6e7545f1a61025a4e58bb336952c5061697da694db1cae97b116e9c46abcf7c8",
+                "sha256:78fa6da68ed2727915c4767bb386ab32cdba863caa7dbe473eaae45f9959da86",
+                "sha256:7ab8a544af125fb704feadb008c99a88805126fb525280b2270bb25cc1d78a12",
+                "sha256:99fcc3c8d804d1bc6d9a099921e39d827026409a58f2a720dcdb89374ea0c776",
+                "sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba",
+                "sha256:e89bf84b5437b532b0803ba5c9a5e054d21fec423a89952a74f87fa2c9b7bce2",
+                "sha256:fec3e9d8e36808a28efb59b489e4528c10ad0f480e57dcc32b4de5c9d8c9fdf3"
             ],
             "version": "==0.4.8"
         },
         "pyasn1-modules": {
             "hashes": [
-                "sha256:b80486a6c77252ea3a3e9b1e360bc9cf28eaac41263d173c032581ad2f20fe45",
+                "sha256:0845a5582f6a02bb3e1bde9ecfc4bfcae6ec3210dd270522fee602365430c3f8",
+                "sha256:0fe1b68d1e486a1ed5473f1302bd991c1611d319bba158e98b106ff86e1d7199",
+                "sha256:15b7c67fabc7fc240d87fb9aabf999cf82311a6d6fb2c70d00d3d0604878c811",
+                "sha256:426edb7a5e8879f1ec54a1864f16b882c2837bfd06eee62f2c982315ee2473ed",
+                "sha256:65cebbaffc913f4fe9e4808735c95ea22d7a7775646ab690518c056784bc21b4",
+                "sha256:905f84c712230b2c592c19470d3ca8d552de726050d1d1716282a1f6146be65e",
                 "sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74",
                 "sha256:a99324196732f53093a84c4369c996713eb8c89d360a496b599fb1a9c47fc3eb",
+                "sha256:b80486a6c77252ea3a3e9b1e360bc9cf28eaac41263d173c032581ad2f20fe45",
                 "sha256:c29a5e5cc7a3f05926aff34e097e84f8589cd790ce0ed41b67aed6857b26aafd",
                 "sha256:cbac4bc38d117f2a49aeedec4407d23e8866ea4ac27ff2cf7fb3e5b570df19e0",
-                "sha256:fe0644d9ab041506b62782e92b06b8c68cca799e1a9636ec398675459e031405",
-                "sha256:0845a5582f6a02bb3e1bde9ecfc4bfcae6ec3210dd270522fee602365430c3f8",
                 "sha256:f39edd8c4ecaa4556e989147ebf219227e2cd2e8a43c7e7fcb1f1c18c5fd6a3d",
-                "sha256:65cebbaffc913f4fe9e4808735c95ea22d7a7775646ab690518c056784bc21b4",
-                "sha256:426edb7a5e8879f1ec54a1864f16b882c2837bfd06eee62f2c982315ee2473ed",
-                "sha256:905f84c712230b2c592c19470d3ca8d552de726050d1d1716282a1f6146be65e",
-                "sha256:0fe1b68d1e486a1ed5473f1302bd991c1611d319bba158e98b106ff86e1d7199",
-                "sha256:15b7c67fabc7fc240d87fb9aabf999cf82311a6d6fb2c70d00d3d0604878c811"
+                "sha256:fe0644d9ab041506b62782e92b06b8c68cca799e1a9636ec398675459e031405"
             ],
             "version": "==0.2.8"
         },
@@ -1103,9 +1103,9 @@
         },
         "requests-oauthlib": {
             "hashes": [
+                "sha256:7f71572defaecd16372f9006f33c2ec8c077c3cfa6f5911a9a90202beb513f3d",
                 "sha256:b4261601a71fd721a8bd6d7aa1cc1d6a8a93b4a9f5e96626f8e4d91e8beeaa6a",
-                "sha256:fa6c47b933f01060936d87ae9327fead68768b69c6c9ea2109c48be30f2d4dbc",
-                "sha256:7f71572defaecd16372f9006f33c2ec8c077c3cfa6f5911a9a90202beb513f3d"
+                "sha256:fa6c47b933f01060936d87ae9327fead68768b69c6c9ea2109c48be30f2d4dbc"
             ],
             "index": "pypi",
             "version": "==1.3.0"

authentik/flows/challenge.py

@@ -16,9 +16,9 @@ if TYPE_CHECKING:
 class ChallengeTypes(Enum):
     """Currently defined challenge types"""
 
-    native = "native"
-    shell = "shell"
-    redirect = "redirect"
+    NATIVE = "native"
+    SHELL = "shell"
+    REDIRECT = "redirect"
 
 
 class ErrorDetailSerializer(Serializer):

authentik/flows/tests/test_views.py

@@ -94,7 +94,7 @@ class TestFlowExecutor(TestCase):
                 "component": "ak-stage-access-denied",
                 "error_message": FlowNonApplicableException.__doc__,
                 "title": "",
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
             },
         )
 
@@ -415,7 +415,7 @@ class TestFlowExecutor(TestCase):
                 force_str(response.content),
                 {
                     "background": flow.background.url,
-                    "type": ChallengeTypes.native.value,
+                    "type": ChallengeTypes.NATIVE.value,
                     "component": "ak-stage-dummy",
                     "title": binding.stage.name,
                 },
@@ -446,7 +446,7 @@ class TestFlowExecutor(TestCase):
             force_str(response.content),
             {
                 "background": flow.background.url,
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-dummy",
                 "title": binding4.stage.name,
             },

authentik/flows/views.py

@@ -241,7 +241,7 @@ class FlowExecutorView(APIView):
                 {
                     "error_message": error_message,
                     "title": self.flow.title,
-                    "type": ChallengeTypes.native.value,
+                    "type": ChallengeTypes.NATIVE.value,
                     "component": "ak-stage-access-denied",
                 }
             )
@@ -334,14 +334,14 @@ def to_stage_response(request: HttpRequest, source: HttpResponse) -> HttpRespons
         )
         return HttpChallengeResponse(
             RedirectChallenge(
-                {"type": ChallengeTypes.redirect, "to": str(redirect_url)}
+                {"type": ChallengeTypes.REDIRECT, "to": str(redirect_url)}
             )
         )
     if isinstance(source, TemplateResponse):
         return HttpChallengeResponse(
             ShellChallenge(
                 {
-                    "type": ChallengeTypes.shell,
+                    "type": ChallengeTypes.SHELL,
                     "body": source.render().content.decode("utf-8"),
                 }
             )
@@ -351,7 +351,7 @@ def to_stage_response(request: HttpRequest, source: HttpResponse) -> HttpRespons
         return HttpChallengeResponse(
             ShellChallenge(
                 {
-                    "type": ChallengeTypes.shell,
+                    "type": ChallengeTypes.SHELL,
                     "body": source.content.decode("utf-8"),
                 }
             )

authentik/providers/saml/views/flows.py

@@ -74,7 +74,7 @@ class SAMLFlowFinalView(ChallengeStageView):
             return super().get(
                 self.request,
                 **{
-                    "type": ChallengeTypes.native.value,
+                    "type": ChallengeTypes.NATIVE.value,
                     "component": "ak-stage-autosubmit",
                     "title": "Redirecting to %(app)s..." % {"app": application.name},
                     "url": provider.acs_url,

authentik/sources/oauth/types/azure_ad.py

@@ -7,7 +7,7 @@ from authentik.sources.oauth.types.manager import MANAGER, RequestKind
 from authentik.sources.oauth.views.callback import OAuthCallback
 
 
-@MANAGER.source(kind=RequestKind.callback, name="Azure AD")
+@MANAGER.source(kind=RequestKind.CALLBACK, name="Azure AD")
 class AzureADOAuthCallback(OAuthCallback):
     """AzureAD OAuth2 Callback"""
 

authentik/sources/oauth/types/discord.py

@@ -7,7 +7,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback
 from authentik.sources.oauth.views.redirect import OAuthRedirect
 
 
-@MANAGER.source(kind=RequestKind.redirect, name="Discord")
+@MANAGER.source(kind=RequestKind.REDIRECT, name="Discord")
 class DiscordOAuthRedirect(OAuthRedirect):
     """Discord OAuth2 Redirect"""
 
@@ -17,7 +17,7 @@ class DiscordOAuthRedirect(OAuthRedirect):
         }
 
 
-@MANAGER.source(kind=RequestKind.callback, name="Discord")
+@MANAGER.source(kind=RequestKind.CALLBACK, name="Discord")
 class DiscordOAuth2Callback(OAuthCallback):
     """Discord OAuth2 Callback"""
 

authentik/sources/oauth/types/facebook.py

@@ -10,7 +10,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback
 from authentik.sources.oauth.views.redirect import OAuthRedirect
 
 
-@MANAGER.source(kind=RequestKind.redirect, name="Facebook")
+@MANAGER.source(kind=RequestKind.REDIRECT, name="Facebook")
 class FacebookOAuthRedirect(OAuthRedirect):
     """Facebook OAuth2 Redirect"""
 
@@ -28,7 +28,7 @@ class FacebookOAuth2Client(OAuth2Client):
         return api.get_object("me", fields="id,name,email")
 
 
-@MANAGER.source(kind=RequestKind.callback, name="Facebook")
+@MANAGER.source(kind=RequestKind.CALLBACK, name="Facebook")
 class FacebookOAuth2Callback(OAuthCallback):
     """Facebook OAuth2 Callback"""
 

authentik/sources/oauth/types/github.py

@@ -6,7 +6,7 @@ from authentik.sources.oauth.types.manager import MANAGER, RequestKind
 from authentik.sources.oauth.views.callback import OAuthCallback
 
 
-@MANAGER.source(kind=RequestKind.callback, name="GitHub")
+@MANAGER.source(kind=RequestKind.CALLBACK, name="GitHub")
 class GitHubOAuth2Callback(OAuthCallback):
     """GitHub OAuth2 Callback"""
 

authentik/sources/oauth/types/google.py

@@ -7,7 +7,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback
 from authentik.sources.oauth.views.redirect import OAuthRedirect
 
 
-@MANAGER.source(kind=RequestKind.redirect, name="Google")
+@MANAGER.source(kind=RequestKind.REDIRECT, name="Google")
 class GoogleOAuthRedirect(OAuthRedirect):
     """Google OAuth2 Redirect"""
 
@@ -17,7 +17,7 @@ class GoogleOAuthRedirect(OAuthRedirect):
         }
 
 
-@MANAGER.source(kind=RequestKind.callback, name="Google")
+@MANAGER.source(kind=RequestKind.CALLBACK, name="Google")
 class GoogleOAuth2Callback(OAuthCallback):
     """Google OAuth2 Callback"""
 

authentik/sources/oauth/types/manager.py

@@ -15,8 +15,8 @@ LOGGER = get_logger()
 class RequestKind(Enum):
     """Enum of OAuth Request types"""
 
-    callback = "callback"
-    redirect = "redirect"
+    CALLBACK = "callback"
+    REDIRECT = "redirect"
 
 
 class SourceTypeManager:
@@ -52,9 +52,9 @@ class SourceTypeManager:
                 have=self.__source_types[kind.value].keys(),
             )
             # Return defaults
-            if kind == RequestKind.callback:
+            if kind == RequestKind.CALLBACK:
                 return OAuthCallback
-            if kind == RequestKind.redirect:
+            if kind == RequestKind.REDIRECT:
                 return OAuthRedirect
         raise KeyError(
             f"Provider Type {source.provider_type} (type {kind.value}) not found."

authentik/sources/oauth/types/oidc.py

@@ -7,7 +7,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback
 from authentik.sources.oauth.views.redirect import OAuthRedirect
 
 
-@MANAGER.source(kind=RequestKind.redirect, name="OpenID Connect")
+@MANAGER.source(kind=RequestKind.REDIRECT, name="OpenID Connect")
 class OpenIDConnectOAuthRedirect(OAuthRedirect):
     """OpenIDConnect OAuth2 Redirect"""
 
@@ -17,7 +17,7 @@ class OpenIDConnectOAuthRedirect(OAuthRedirect):
         }
 
 
-@MANAGER.source(kind=RequestKind.callback, name="OpenID Connect")
+@MANAGER.source(kind=RequestKind.CALLBACK, name="OpenID Connect")
 class OpenIDConnectOAuth2Callback(OAuthCallback):
     """OpenIDConnect OAuth2 Callback"""
 

authentik/sources/oauth/types/reddit.py

@@ -10,7 +10,7 @@ from authentik.sources.oauth.views.callback import OAuthCallback
 from authentik.sources.oauth.views.redirect import OAuthRedirect
 
 
-@MANAGER.source(kind=RequestKind.redirect, name="reddit")
+@MANAGER.source(kind=RequestKind.REDIRECT, name="reddit")
 class RedditOAuthRedirect(OAuthRedirect):
     """Reddit OAuth2 Redirect"""
 
@@ -30,7 +30,7 @@ class RedditOAuth2Client(OAuth2Client):
         return super().get_access_token(auth=auth)
 
 
-@MANAGER.source(kind=RequestKind.callback, name="reddit")
+@MANAGER.source(kind=RequestKind.CALLBACK, name="reddit")
 class RedditOAuth2Callback(OAuthCallback):
     """Reddit OAuth2 Callback"""
 

authentik/sources/oauth/types/twitter.py

@@ -6,7 +6,7 @@ from authentik.sources.oauth.types.manager import MANAGER, RequestKind
 from authentik.sources.oauth.views.callback import OAuthCallback
 
 
-@MANAGER.source(kind=RequestKind.callback, name="Twitter")
+@MANAGER.source(kind=RequestKind.CALLBACK, name="Twitter")
 class TwitterOAuthCallback(OAuthCallback):
     """Twitter OAuth2 Callback"""
 

authentik/sources/oauth/urls.py

@@ -8,12 +8,12 @@ from authentik.sources.oauth.views.dispatcher import DispatcherView
 urlpatterns = [
     path(
         "login/<slug:source_slug>/",
-        DispatcherView.as_view(kind=RequestKind.redirect),
+        DispatcherView.as_view(kind=RequestKind.REDIRECT),
         name="oauth-client-login",
     ),
     path(
         "callback/<slug:source_slug>/",
-        DispatcherView.as_view(kind=RequestKind.callback),
+        DispatcherView.as_view(kind=RequestKind.CALLBACK),
         name="oauth-client-callback",
     ),
 ]

authentik/sources/saml/models.py

@@ -34,7 +34,7 @@ from authentik.sources.saml.processors.constants import (
 class SAMLBindingTypes(models.TextChoices):
     """SAML Binding types"""
 
-    Redirect = "REDIRECT", _("Redirect Binding")
+    REDIRECT = "REDIRECT", _("Redirect Binding")
     POST = "POST", _("POST Binding")
     POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation")
 
@@ -95,7 +95,7 @@ class SAMLSource(Source):
     binding_type = models.CharField(
         max_length=100,
         choices=SAMLBindingTypes.choices,
-        default=SAMLBindingTypes.Redirect,
+        default=SAMLBindingTypes.REDIRECT,
     )
 
     temporary_user_delete_after = models.TextField(

authentik/sources/saml/views.py

@@ -50,7 +50,7 @@ class AutosubmitStageView(ChallengeStageView):
     def get_challenge(self, *args, **kwargs) -> Challenge:
         return AutosubmitChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-autosubmit",
                 "title": self.executor.plan.context.get(PLAN_CONTEXT_TITLE, ""),
                 "url": self.executor.plan.context.get(PLAN_CONTEXT_URL, ""),
@@ -103,7 +103,7 @@ class InitiateView(View):
         relay_state = request.GET.get("next", "")
         auth_n_req = RequestProcessor(source, request, relay_state)
         # If the source is configured for Redirect bindings, we can just redirect there
-        if source.binding_type == SAMLBindingTypes.Redirect:
+        if source.binding_type == SAMLBindingTypes.REDIRECT:
             url_args = urlencode(auth_n_req.build_auth_n_detached())
             return redirect(f"{source.sso_url}?{url_args}")
         # As POST Binding we show a form

authentik/stages/authenticator_static/stage.py

@@ -31,7 +31,7 @@ class AuthenticatorStaticStageView(ChallengeStageView):
         tokens: list[StaticToken] = self.request.session[SESSION_STATIC_TOKENS]
         return AuthenticatorStaticChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-authenticator-static",
                 "codes": [token.token for token in tokens],
             }

authentik/stages/authenticator_totp/stage.py

@@ -51,7 +51,7 @@ class AuthenticatorTOTPStageView(ChallengeStageView):
         device: TOTPDevice = self.request.session[SESSION_TOTP_DEVICE]
         return AuthenticatorTOTPChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-authenticator-totp",
                 "config_url": device.config_url,
             }

authentik/stages/authenticator_validate/stage.py

@@ -145,7 +145,7 @@ class AuthenticatorValidateStageView(ChallengeStageView):
         challenges = self.request.session["device_challenges"]
         return AuthenticatorChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-authenticator-validate",
                 "device_challenges": challenges,
             }

authentik/stages/authenticator_webauthn/stage.py

@@ -128,7 +128,7 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
 
         return AuthenticatorWebAuthnChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-authenticator-webauthn",
                 "registration": registration_dict,
             }

authentik/stages/captcha/stage.py

@@ -63,7 +63,7 @@ class CaptchaStageView(ChallengeStageView):
     def get_challenge(self, *args, **kwargs) -> Challenge:
         return CaptchaChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-captcha",
                 "site_key": self.executor.current_stage.public_key,
             }

authentik/stages/consent/stage.py

@@ -39,7 +39,7 @@ class ConsentStageView(ChallengeStageView):
     def get_challenge(self) -> Challenge:
         challenge = ConsentChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-consent",
             }
         )

authentik/stages/deny/tests.py

@@ -49,7 +49,7 @@ class TestUserDenyStage(TestCase):
                 "component": "ak-stage-access-denied",
                 "error_message": None,
                 "title": "",
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
             },
         )
 

authentik/stages/dummy/stage.py

@@ -24,7 +24,7 @@ class DummyStageView(ChallengeStageView):
     def get_challenge(self, *args, **kwargs) -> Challenge:
         return DummyChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-dummy",
                 "title": self.executor.current_stage.name,
             }

authentik/stages/email/stage.py

@@ -96,7 +96,7 @@ class EmailStageView(ChallengeStageView):
     def get_challenge(self) -> Challenge:
         challenge = EmailChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-email",
                 "title": "Email sent.",
             }

authentik/stages/identification/stage.py

@@ -78,7 +78,7 @@ class IdentificationStageView(ChallengeStageView):
         current_stage: IdentificationStage = self.executor.current_stage
         challenge = IdentificationChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-identification",
                 "primary_action": _("Log in"),
                 "input_type": "text",

authentik/stages/identification/tests.py

@@ -104,7 +104,7 @@ class TestIdentificationStage(TestCase):
             force_str(response.content),
             {
                 "background": flow.background.url,
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-identification",
                 "input_type": "email",
                 "enroll_url": reverse(
@@ -147,7 +147,7 @@ class TestIdentificationStage(TestCase):
             force_str(response.content),
             {
                 "background": flow.background.url,
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-identification",
                 "input_type": "email",
                 "recovery_url": reverse(

authentik/stages/invitation/tests.py

@@ -67,7 +67,7 @@ class TestUserLoginStage(TestCase):
                 "component": "ak-stage-access-denied",
                 "error_message": None,
                 "title": "",
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
             },
         )
 

authentik/stages/password/stage.py

@@ -78,7 +78,7 @@ class PasswordStageView(ChallengeStageView):
     def get_challenge(self) -> Challenge:
         challenge = PasswordChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-password",
             }
         )

authentik/stages/password/tests.py

@@ -72,7 +72,7 @@ class TestPasswordStage(TestCase):
                 "component": "ak-stage-access-denied",
                 "error_message": None,
                 "title": "",
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
             },
         )
 
@@ -206,6 +206,6 @@ class TestPasswordStage(TestCase):
                 "component": "ak-stage-access-denied",
                 "error_message": None,
                 "title": "",
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
             },
         )

authentik/stages/prompt/stage.py

@@ -164,7 +164,7 @@ class PromptStageView(ChallengeStageView):
         fields = list(self.executor.current_stage.fields.all().order_by("order"))
         challenge = PromptChallenge(
             data={
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
                 "component": "ak-stage-prompt",
                 "fields": [PromptSerializer(field).data for field in fields],
             },

authentik/stages/user_delete/tests.py

@@ -55,7 +55,7 @@ class TestUserDeleteStage(TestCase):
                 "component": "ak-stage-access-denied",
                 "error_message": None,
                 "title": "",
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
             },
         )
 

authentik/stages/user_login/tests.py

@@ -80,7 +80,7 @@ class TestUserLoginStage(TestCase):
                 "component": "ak-stage-access-denied",
                 "error_message": None,
                 "title": "",
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
             },
         )
 
@@ -109,7 +109,7 @@ class TestUserLoginStage(TestCase):
                 "component": "ak-stage-access-denied",
                 "error_message": None,
                 "title": "",
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
             },
         )
 

authentik/stages/user_write/tests.py

@@ -132,7 +132,7 @@ class TestUserWriteStage(TestCase):
                 "component": "ak-stage-access-denied",
                 "error_message": None,
                 "title": "",
-                "type": ChallengeTypes.native.value,
+                "type": ChallengeTypes.NATIVE.value,
             },
         )
 

pyproject.toml

@@ -41,3 +41,38 @@ exclude_lines = [
   "if __name__ == .__main__.:",
 ]
 show_missing = true
+
+[tool.pylint.master]
+disable =[
+    "arguments-differ",
+    "no-self-use",
+    "fixme",
+    "locally-disabled",
+    "too-many-ancestors",
+    "too-few-public-methods",
+    "import-outside-toplevel",
+    "bad-continuation",
+    "signature-differs",
+    "similarities",
+    "cyclic-import",
+    "protected-access",
+    "raise-missing-from",]
+
+load-plugins=["pylint_django","pylint.extensions.bad_builtin"]
+django-settings-module="authentik.root.settings"
+extension-pkg-whitelist=["lxml","xmlsec"]
+
+# Allow constants to be shorter than normal (and lowercase, for settings.py)
+const-rgx="[a-zA-Z0-9_]{1,40}$"
+
+ignored-modules=["django-otp"]
+generated-members=["xmlsec.constants.*","xmlsec.tree.*","xmlsec.template.*"]
+ignore="migrations"
+max-attributes=12
+max-branches=20
+
+[tool.pytest.ini_options]
+DJANGO_SETTINGS_MODULE = "authentik.root.settings"
+python_files = ["tests.py", "test_*.py", "*_tests.py"]
+junit_family = "xunit2"
+addopts = "-p no:celery --junitxml=unittest.xml"

pytest.ini

@@ -1,5 +0,0 @@
-[pytest]
-DJANGO_SETTINGS_MODULE = authentik.root.settings
-python_files = tests.py test_*.py *_tests.py
-junit_family = xunit2
-addopts = -p no:celery --junitxml=unittest.xml

setup.cfg

@@ -1,3 +0,0 @@
-[pycodestyle]
-ignore = E731,E121,W503
-max-line-length = 100

swagger.yaml

@@ -11619,9 +11619,9 @@ definitions:
         title: Type
         type: string
         enum:
-          - native
-          - shell
-          - redirect
+          - NATIVE
+          - SHELL
+          - REDIRECT
       component:
         title: Component
         type: string

tests/e2e/test_source_saml.py

@@ -124,7 +124,7 @@ class TestSourceSAML(SeleniumTestCase):
             pre_authentication_flow=pre_authentication_flow,
             issuer="entity-id",
             sso_url="http://localhost:8080/simplesaml/saml2/idp/SSOService.php",
-            binding_type=SAMLBindingTypes.Redirect,
+            binding_type=SAMLBindingTypes.REDIRECT,
             signing_kp=keypair,
         )