From d92d8e6dbbd21da5f408251fee36e38ebd2ed49b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 3 Sep 2021 10:33:22 +0200 Subject: [PATCH] api: add additional filters for ldap and proxy providers Signed-off-by: Jens Langhammer --- Makefile | 2 +- authentik/providers/ldap/api.py | 14 ++- authentik/providers/proxy/api.py | 19 +++- schema.yml | 190 ++++++++++--------------------- 4 files changed, 95 insertions(+), 130 deletions(-) diff --git a/Makefile b/Makefile index 1759554a3..5b5f37c6c 100644 --- a/Makefile +++ b/Makefile @@ -61,7 +61,7 @@ gen-outpost: -i /local/schema.yml \ -g go \ -o /local/api \ - --additional-properties=packageName=api,enumClassPrefix=true,useOneOfDiscriminatorLookup=true + --additional-properties=packageName=api,enumClassPrefix=true,useOneOfDiscriminatorLookup=true,disallowAdditionalPropertiesIfNotPresent=false rm -f api/go.mod api/go.sum gen: gen-build gen-clean gen-web gen-outpost diff --git a/authentik/providers/ldap/api.py b/authentik/providers/ldap/api.py index 91b692223..ecd086be0 100644 --- a/authentik/providers/ldap/api.py +++ b/authentik/providers/ldap/api.py @@ -29,7 +29,19 @@ class LDAPProviderViewSet(UsedByMixin, ModelViewSet): queryset = LDAPProvider.objects.all() serializer_class = LDAPProviderSerializer - filterset_fields = "__all__" + filterset_fields = { + "application": ["isnull"], + "name": ["iexact"], + "authorization_flow__slug": ["iexact"], + "base_dn": ["iexact"], + "search_group__group_uuid": ["iexact"], + "search_group__name": ["iexact"], + "certificate__kp_uuid": ["iexact"], + "certificate__name": ["iexact"], + "tls_server_name": ["iexact"], + "uid_start_number": ["iexact"], + "gid_start_number": ["iexact"], + } ordering = ["name"] diff --git a/authentik/providers/proxy/api.py b/authentik/providers/proxy/api.py index 082a483ad..f77df23ca 100644 --- a/authentik/providers/proxy/api.py +++ b/authentik/providers/proxy/api.py @@ -80,7 +80,24 @@ class ProxyProviderViewSet(UsedByMixin, ModelViewSet): queryset = ProxyProvider.objects.all() serializer_class = ProxyProviderSerializer - filterset_fields = "__all__" + filterset_fields = { + "application": ["isnull"], + "name": ["iexact"], + "authorization_flow__slug": ["iexact"], + "property_mappings": ["iexact"], + "internal_host": ["iexact"], + "external_host": ["iexact"], + "internal_host_ssl_validation": ["iexact"], + "certificate__kp_uuid": ["iexact"], + "certificate__name": ["iexact"], + "skip_path_regex": ["iexact"], + "basic_auth_enabled": ["iexact"], + "basic_auth_password_attribute": ["iexact"], + "basic_auth_user_attribute": ["iexact"], + "mode": ["iexact"], + "redirect_uris": ["iexact"], + "cookie_domain": ["iexact"], + } ordering = ["name"] diff --git a/schema.yml b/schema.yml index 7570d3e9f..a626a1bcd 100644 --- a/schema.yml +++ b/schema.yml @@ -10004,25 +10004,32 @@ paths: description: LDAPProvider Viewset parameters: - in: query - name: authorization_flow + name: application__isnull + schema: + type: boolean + - in: query + name: authorization_flow__slug__iexact + schema: + type: string + - in: query + name: base_dn__iexact + schema: + type: string + - in: query + name: certificate__kp_uuid__iexact schema: type: string format: uuid - in: query - name: base_dn + name: certificate__name__iexact schema: type: string - in: query - name: certificate - schema: - type: string - format: uuid - - in: query - name: gid_start_number + name: gid_start_number__iexact schema: type: integer - in: query - name: name + name: name__iexact schema: type: string - name: ordering @@ -10043,15 +10050,6 @@ paths: description: Number of results to return per page. schema: type: integer - - in: query - name: property_mappings - schema: - type: array - items: - type: string - format: uuid - explode: true - style: form - name: search required: false in: query @@ -10059,16 +10057,20 @@ paths: schema: type: string - in: query - name: search_group + name: search_group__group_uuid__iexact schema: type: string format: uuid - in: query - name: tls_server_name + name: search_group__name__iexact schema: type: string - in: query - name: uid_start_number + name: tls_server_name__iexact + schema: + type: string + - in: query + name: uid_start_number__iexact schema: type: integer tags: @@ -10570,102 +10572,56 @@ paths: description: ProxyProvider Viewset parameters: - in: query - name: access_code_validity + name: application__isnull + schema: + type: boolean + - in: query + name: authorization_flow__slug__iexact schema: type: string - in: query - name: authorization_flow + name: basic_auth_enabled__iexact + schema: + type: boolean + - in: query + name: basic_auth_password_attribute__iexact + schema: + type: string + - in: query + name: basic_auth_user_attribute__iexact + schema: + type: string + - in: query + name: certificate__kp_uuid__iexact schema: type: string format: uuid - in: query - name: basic_auth_enabled + name: certificate__name__iexact + schema: + type: string + - in: query + name: cookie_domain__iexact + schema: + type: string + - in: query + name: external_host__iexact + schema: + type: string + - in: query + name: internal_host__iexact + schema: + type: string + - in: query + name: internal_host_ssl_validation__iexact schema: type: boolean - in: query - name: basic_auth_password_attribute + name: mode__iexact schema: type: string - in: query - name: basic_auth_user_attribute - schema: - type: string - - in: query - name: certificate - schema: - type: string - format: uuid - - in: query - name: client_id - schema: - type: string - - in: query - name: client_secret - schema: - type: string - - in: query - name: client_type - schema: - type: string - enum: - - confidential - - public - description: |- - Confidential clients are capable of maintaining the confidentiality - of their credentials. Public clients are incapable. - - in: query - name: cookie_domain - schema: - type: string - - in: query - name: cookie_secret - schema: - type: string - - in: query - name: external_host - schema: - type: string - - in: query - name: include_claims_in_id_token - schema: - type: boolean - - in: query - name: internal_host - schema: - type: string - - in: query - name: internal_host_ssl_validation - schema: - type: boolean - - in: query - name: issuer_mode - schema: - type: string - enum: - - global - - per_provider - description: Configure how the issuer field of the ID Token should be filled. - - in: query - name: jwt_alg - schema: - type: string - title: JWT Algorithm - enum: - - HS256 - - RS256 - description: Algorithm used to sign the JWT Token - - in: query - name: mode - schema: - type: string - enum: - - forward_domain - - forward_single - - proxy - description: Enable support for forwardAuth in traefik and nginx auth_request. - Exclusive with internal_host. - - in: query - name: name + name: name__iexact schema: type: string - name: ordering @@ -10687,7 +10643,7 @@ paths: schema: type: integer - in: query - name: property_mappings + name: property_mappings__iexact schema: type: array items: @@ -10696,14 +10652,9 @@ paths: explode: true style: form - in: query - name: redirect_uris + name: redirect_uris__iexact schema: type: string - - in: query - name: rsa_key - schema: - type: string - format: uuid - name: search required: false in: query @@ -10711,22 +10662,7 @@ paths: schema: type: string - in: query - name: skip_path_regex - schema: - type: string - - in: query - name: sub_mode - schema: - type: string - enum: - - hashed_user_id - - user_email - - user_upn - - user_username - description: Configure what data should be used as unique User Identifier. - For most cases, the default should be fine. - - in: query - name: token_validity + name: skip_path_regex__iexact schema: type: string tags: