From c65b2944b319b9e9cf267602c3dd3e176be45494 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 1 Mar 2021 20:22:37 +0100 Subject: [PATCH] stages/reputation: add API for user and IP Score --- authentik/api/v2/urls.py | 8 +- authentik/policies/reputation/api.py | 48 ++++- swagger.yaml | 311 ++++++++++++++++++++++++++- 3 files changed, 358 insertions(+), 9 deletions(-) diff --git a/authentik/api/v2/urls.py b/authentik/api/v2/urls.py index 648b468c1..b8d36666b 100644 --- a/authentik/api/v2/urls.py +++ b/authentik/api/v2/urls.py @@ -41,7 +41,11 @@ from authentik.policies.expression.api import ExpressionPolicyViewSet from authentik.policies.group_membership.api import GroupMembershipPolicyViewSet from authentik.policies.hibp.api import HaveIBeenPwendPolicyViewSet from authentik.policies.password.api import PasswordPolicyViewSet -from authentik.policies.reputation.api import ReputationPolicyViewSet +from authentik.policies.reputation.api import ( + IPReputationViewSet, + ReputationPolicyViewSet, + UserReputationViewSet, +) from authentik.providers.oauth2.api import OAuth2ProviderViewSet, ScopeMappingViewSet from authentik.providers.proxy.api import ( ProxyOutpostConfigViewSet, @@ -117,6 +121,8 @@ router.register("policies/group_membership", GroupMembershipPolicyViewSet) router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet) router.register("policies/password_expiry", PasswordExpiryPolicyViewSet) router.register("policies/password", PasswordPolicyViewSet) +router.register("policies/reputation/users", UserReputationViewSet) +router.register("policies/reputation/ips", IPReputationViewSet) router.register("policies/reputation", ReputationPolicyViewSet) router.register("providers/all", ProviderViewSet) diff --git a/authentik/policies/reputation/api.py b/authentik/policies/reputation/api.py index 23eb78c41..e75d48fac 100644 --- a/authentik/policies/reputation/api.py +++ b/authentik/policies/reputation/api.py @@ -2,7 +2,11 @@ from rest_framework.viewsets import ModelViewSet from authentik.policies.api import PolicySerializer -from authentik.policies.reputation.models import ReputationPolicy +from authentik.policies.reputation.models import ( + IPReputation, + ReputationPolicy, + UserReputation, +) class ReputationPolicySerializer(PolicySerializer): @@ -18,7 +22,47 @@ class ReputationPolicySerializer(PolicySerializer): class ReputationPolicyViewSet(ModelViewSet): - """Source Viewset""" + """Reputation Policy Viewset""" queryset = ReputationPolicy.objects.all() serializer_class = ReputationPolicySerializer + + +class IPReputationSerializer(PolicySerializer): + """IPReputation Serializer""" + + class Meta: + model = IPReputation + fields = [ + "pk", + "ip", + "score", + "updated", + ] + + +class IPReputationViewSet(ModelViewSet): + """IPReputation Viewset""" + + queryset = IPReputation.objects.all() + serializer_class = IPReputationSerializer + + +class UserReputationSerializer(PolicySerializer): + """UserReputation Serializer""" + + class Meta: + model = UserReputation + fields = [ + "pk", + "user", + "score", + "updated", + ] + + +class UserReputationViewSet(ModelViewSet): + """UserReputation Viewset""" + + queryset = UserReputation.objects.all() + serializer_class = UserReputationSerializer diff --git a/swagger.yaml b/swagger.yaml index 92bd46365..5b1a3437c 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -3821,7 +3821,7 @@ paths: /policies/reputation/: get: operationId: policies_reputation_list - description: Source Viewset + description: Reputation Policy Viewset parameters: - name: ordering in: query @@ -3870,7 +3870,7 @@ paths: - policies post: operationId: policies_reputation_create - description: Source Viewset + description: Reputation Policy Viewset parameters: - name: data in: body @@ -3885,10 +3885,262 @@ paths: tags: - policies parameters: [] + /policies/reputation/ips/: + get: + operationId: policies_reputation_ips_list + description: IPReputation Viewset + parameters: + - name: ordering + in: query + description: Which field to use when ordering the results. + required: false + type: string + - name: search + in: query + description: A search term. + required: false + type: string + - name: page + in: query + description: A page number within the paginated result set. + required: false + type: integer + - name: page_size + in: query + description: Number of results to return per page. + required: false + type: integer + responses: + '200': + description: '' + schema: + required: + - count + - results + type: object + properties: + count: + type: integer + next: + type: string + format: uri + x-nullable: true + previous: + type: string + format: uri + x-nullable: true + results: + type: array + items: + $ref: '#/definitions/IPReputation' + tags: + - policies + post: + operationId: policies_reputation_ips_create + description: IPReputation Viewset + parameters: + - name: data + in: body + required: true + schema: + $ref: '#/definitions/IPReputation' + responses: + '201': + description: '' + schema: + $ref: '#/definitions/IPReputation' + tags: + - policies + parameters: [] + /policies/reputation/ips/{id}/: + get: + operationId: policies_reputation_ips_read + description: IPReputation Viewset + parameters: [] + responses: + '200': + description: '' + schema: + $ref: '#/definitions/IPReputation' + tags: + - policies + put: + operationId: policies_reputation_ips_update + description: IPReputation Viewset + parameters: + - name: data + in: body + required: true + schema: + $ref: '#/definitions/IPReputation' + responses: + '200': + description: '' + schema: + $ref: '#/definitions/IPReputation' + tags: + - policies + patch: + operationId: policies_reputation_ips_partial_update + description: IPReputation Viewset + parameters: + - name: data + in: body + required: true + schema: + $ref: '#/definitions/IPReputation' + responses: + '200': + description: '' + schema: + $ref: '#/definitions/IPReputation' + tags: + - policies + delete: + operationId: policies_reputation_ips_delete + description: IPReputation Viewset + parameters: [] + responses: + '204': + description: '' + tags: + - policies + parameters: + - name: id + in: path + description: A unique integer value identifying this ip reputation. + required: true + type: integer + /policies/reputation/users/: + get: + operationId: policies_reputation_users_list + description: UserReputation Viewset + parameters: + - name: ordering + in: query + description: Which field to use when ordering the results. + required: false + type: string + - name: search + in: query + description: A search term. + required: false + type: string + - name: page + in: query + description: A page number within the paginated result set. + required: false + type: integer + - name: page_size + in: query + description: Number of results to return per page. + required: false + type: integer + responses: + '200': + description: '' + schema: + required: + - count + - results + type: object + properties: + count: + type: integer + next: + type: string + format: uri + x-nullable: true + previous: + type: string + format: uri + x-nullable: true + results: + type: array + items: + $ref: '#/definitions/UserReputation' + tags: + - policies + post: + operationId: policies_reputation_users_create + description: UserReputation Viewset + parameters: + - name: data + in: body + required: true + schema: + $ref: '#/definitions/UserReputation' + responses: + '201': + description: '' + schema: + $ref: '#/definitions/UserReputation' + tags: + - policies + parameters: [] + /policies/reputation/users/{id}/: + get: + operationId: policies_reputation_users_read + description: UserReputation Viewset + parameters: [] + responses: + '200': + description: '' + schema: + $ref: '#/definitions/UserReputation' + tags: + - policies + put: + operationId: policies_reputation_users_update + description: UserReputation Viewset + parameters: + - name: data + in: body + required: true + schema: + $ref: '#/definitions/UserReputation' + responses: + '200': + description: '' + schema: + $ref: '#/definitions/UserReputation' + tags: + - policies + patch: + operationId: policies_reputation_users_partial_update + description: UserReputation Viewset + parameters: + - name: data + in: body + required: true + schema: + $ref: '#/definitions/UserReputation' + responses: + '200': + description: '' + schema: + $ref: '#/definitions/UserReputation' + tags: + - policies + delete: + operationId: policies_reputation_users_delete + description: UserReputation Viewset + parameters: [] + responses: + '204': + description: '' + tags: + - policies + parameters: + - name: id + in: path + description: A unique integer value identifying this user reputation. + required: true + type: integer /policies/reputation/{policy_uuid}/: get: operationId: policies_reputation_read - description: Source Viewset + description: Reputation Policy Viewset parameters: [] responses: '200': @@ -3899,7 +4151,7 @@ paths: - policies put: operationId: policies_reputation_update - description: Source Viewset + description: Reputation Policy Viewset parameters: - name: data in: body @@ -3915,7 +4167,7 @@ paths: - policies patch: operationId: policies_reputation_partial_update - description: Source Viewset + description: Reputation Policy Viewset parameters: - name: data in: body @@ -3931,7 +4183,7 @@ paths: - policies delete: operationId: policies_reputation_delete - description: Source Viewset + description: Reputation Policy Viewset parameters: [] responses: '204': @@ -10105,6 +10357,53 @@ definitions: type: integer maximum: 2147483647 minimum: -2147483648 + IPReputation: + description: IPReputation Serializer + required: + - ip + type: object + properties: + pk: + title: ID + type: integer + readOnly: true + ip: + title: Ip + type: string + minLength: 1 + score: + title: Score + type: integer + maximum: 2147483647 + minimum: -2147483648 + updated: + title: Updated + type: string + format: date-time + readOnly: true + UserReputation: + description: UserReputation Serializer + required: + - user + type: object + properties: + pk: + title: ID + type: integer + readOnly: true + user: + title: User + type: integer + score: + title: Score + type: integer + maximum: 2147483647 + minimum: -2147483648 + updated: + title: Updated + type: string + format: date-time + readOnly: true PropertyMapping: description: PropertyMapping Serializer required: