trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

api: rename auth to authentication, add authorization for rest_framework permission class 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-21 20:14:03 +02:00
parent 7c6185b581
commit d9a788aac8
5 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
authentik/api/auth.py → authentik/api/authentication.py
View File

@ -42,7 +42,7 @@ def token_from_header(raw_header: bytes) -> Optional[Token]:
return tokens.first() return tokens.first()
class AuthentikTokenAuthentication(BaseAuthentication): class TokenAuthentication(BaseAuthentication):
"""Token-based authentication using HTTP Bearer authentication""" """Token-based authentication using HTTP Bearer authentication"""
def authenticate(self, request: Request) -> Union[tuple[User, Any], None]: def authenticate(self, request: Request) -> Union[tuple[User, Any], None]:

24
authentik/api/authorization.py Normal file
View File

@ -0,0 +1,24 @@
"""API Authorization"""
from django.db.models import Model
from rest_framework.permissions import BasePermission
from rest_framework.request import Request
class OwnerPermissions(BasePermission):
"""Authorize requests by an object's owner matching the requesting user"""
owner_key = "user"
def has_permission(self, request: Request, view) -> bool:
"""If the user is authenticated, we allow all requests here. For listing, the
object-level permissions are done by the filter backend"""
return request.user.is_authenticated
def has_object_permission(self, request: Request, view, obj: Model) -> bool:
"""Check if the object's owner matches the currently logged in user"""
if not hasattr(obj, self.owner_key):
return False
owner = getattr(obj, self.owner_key)
if owner != request.user:
return False
return True

2
authentik/api/tests/test_auth.py
View File

@ -5,7 +5,7 @@ from django.test import TestCase
from guardian.shortcuts import get_anonymous_user from guardian.shortcuts import get_anonymous_user
from rest_framework.exceptions import AuthenticationFailed from rest_framework.exceptions import AuthenticationFailed
from authentik.api.auth import token_from_header from authentik.api.authentication import token_from_header
from authentik.core.models import Token, TokenIntents from authentik.core.models import Token, TokenIntents

2
authentik/core/channels.py
View File

@ -4,7 +4,7 @@ from channels.generic.websocket import JsonWebsocketConsumer
from rest_framework.exceptions import AuthenticationFailed from rest_framework.exceptions import AuthenticationFailed
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.api.auth import token_from_header from authentik.api.authentication import token_from_header
from authentik.core.models import User from authentik.core.models import User
LOGGER = get_logger() LOGGER = get_logger()

2
authentik/root/settings.py
View File

@ -161,7 +161,7 @@ REST_FRAMEWORK = {
"rest_framework.permissions.DjangoObjectPermissions", "rest_framework.permissions.DjangoObjectPermissions",
), ),
"DEFAULT_AUTHENTICATION_CLASSES": ( "DEFAULT_AUTHENTICATION_CLASSES": (
"authentik.api.auth.AuthentikTokenAuthentication", "authentik.api.authentication.TokenAuthentication",
"rest_framework.authentication.SessionAuthentication", "rest_framework.authentication.SessionAuthentication",
), ),
"DEFAULT_RENDERER_CLASSES": [ "DEFAULT_RENDERER_CLASSES": [