api: add v3

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-02 17:40:02 +02:00 · 2021-09-02 17:40:02 +02:00 · f0db408699
parent 5e200655d9
commit f0db408699
13 changed files with 323 additions and 1416 deletions
--- a/authentik/api/urls.py
+++ b/authentik/api/urls.py
@ -1,8 +1,10 @@
 """authentik api urls"""
 from django.urls import include, path

-from authentik.api.v2.urls import urlpatterns as v2_urls
+from authentik.api.v3.urls import urlpatterns as v3_urls

 urlpatterns = [
-    path("v2beta/", include(v2_urls)),
+    # Remove in 2022.1
+    path("v2beta/", include(v3_urls)),
+    path("v3/", include(v3_urls)),
 ]
--- a/authentik/api/v3/init.py
+++ b/authentik/api/v3/init.py
--- a/authentik/api/v3/config.py
+++ b/authentik/api/v3/config.py
--- a/authentik/api/v3/sentry.py
+++ b/authentik/api/v3/sentry.py
--- a/authentik/api/v3/urls.py
+++ b/authentik/api/v3/urls.py
@ -1,4 +1,4 @@
-"""api v2 urls"""
+"""api v3 urls"""
 from django.urls import path
 from django.views.decorators.csrf import csrf_exempt
 from drf_spectacular.views import SpectacularAPIView
@ -10,8 +10,8 @@ from authentik.admin.api.system import SystemView
 from authentik.admin.api.tasks import TaskViewSet
 from authentik.admin.api.version import VersionView
 from authentik.admin.api.workers import WorkerView
-from authentik.api.v2.config import ConfigView
-from authentik.api.v2.sentry import SentryTunnelView
+from authentik.api.v3.config import ConfigView
+from authentik.api.v3.sentry import SentryTunnelView
 from authentik.api.views import APIBrowserView
 from authentik.core.api.applications import ApplicationViewSet
 from authentik.core.api.authenticated_sessions import AuthenticatedSessionViewSet
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@ -150,12 +150,20 @@ SPECTACULAR_SETTINGS = {
    "DESCRIPTION": "Making authentication simple.",
    "VERSION": __version__,
    "COMPONENT_SPLIT_REQUEST": True,
+    "SCHEMA_PATH_PREFIX": "/api/v([0-9]+(beta)?)",
+    "SCHEMA_PATH_PREFIX_TRIM": True,
+    "SERVERS": [
+        {
+            "url": "http://authentik.tld/api/v3/",
+        },
+        {
+            "url": "http://authentik.tld/api/v2beta/",
+        },
+    ],
    "CONTACT": {
        "email": "hello@beryju.org",
    },
-    'AUTHENTICATION_WHITELIST': [
-        "authentik.api.authentication.TokenAuthentication"
-    ],
+    "AUTHENTICATION_WHITELIST": ["authentik.api.authentication.TokenAuthentication"],
    "LICENSE": {
        "name": "GNU GPLv3",
        "url": "https://github.com/goauthentik/authentik/blob/master/LICENSE",
@ -183,6 +191,9 @@ REST_FRAMEWORK = {
        "rest_framework.filters.OrderingFilter",
        "rest_framework.filters.SearchFilter",
    ],
+    'DEFAULT_PARSER_CLASSES': [
+        'rest_framework.parsers.JSONParser',
+    ],
    "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.DjangoObjectPermissions",),
    "DEFAULT_AUTHENTICATION_CLASSES": (
        "authentik.api.authentication.TokenAuthentication",
--- a/schema.yml
+++ b/schema.yml
--- a/web/src/api/Config.ts
+++ b/web/src/api/Config.ts
@ -50,7 +50,7 @@ export function tenant(): Promise<CurrentTenant> {
 }

 export const DEFAULT_CONFIG = new Configuration({
-    basePath: "",
+    basePath: "/api/v3",
    headers: {
        "X-CSRFToken": getCookie("authentik_csrf"),
    },
--- a/web/src/api/Sentry.ts
+++ b/web/src/api/Sentry.ts
@ -15,7 +15,7 @@ export function configureSentry(canDoPpi: boolean = false): Promise<Config> {
            Sentry.init({
                dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
                release: `authentik@${VERSION}`,
-                tunnel: "/api/v2beta/sentry/",
+                tunnel: "/api/v3/sentry/",
                integrations: [
                    new Integrations.BrowserTracing({
                        tracingOrigins: [window.location.host, "localhost"],
--- a/website/developer-docs/api/api.md
+++ b/website/developer-docs/api/api.md
@ -2,9 +2,9 @@
 title: API
 ---

-Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at https://authentik.company/api/v2beta/.
+Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at https://authentik.company/api/v3/.

-To generate an API client, you can use the OpenAPI v3 schema at https://authentik.company/api/v2beta/schema/.
+To generate an API client, you can use the OpenAPI v3 schema at https://authentik.company/api/v3/schema/.

 While testing, the API requests are authenticated by your browser session.

--- a/website/developer-docs/api/flow-executor.md
+++ b/website/developer-docs/api/flow-executor.md
@ -10,13 +10,13 @@ However, any flow can be executed via an API from anywhere, in fact that is what
 Because the flow executor stores its state in the HTTP Session, so you need to ensure cookies between flow executor requests are persisted.
 :::

-The main endpoint for flow execution is `/api/v2beta/flows/executor/:slug`.
+The main endpoint for flow execution is `/api/v3/flows/executor/:slug`.

 This endpoint accepts a query parameter called `query`, in which the flow executor sends the full Query-string.

 To initiate a new flow, execute a GET request.

-## `GET /api/v2beta/flows/executor/test-flow/`
+## `GET /api/v3/flows/executor/test-flow/`

 Below is the response, for example for an Identification stage.

@ -45,7 +45,7 @@ Below is the response, for example for an Identification stage.

 To respond to this challenge, send a response:

-## `POST /api/v2beta/flows/executor/test-flow/`
+## `POST /api/v3/flows/executor/test-flow/`

 With this body

@ -63,7 +63,7 @@ Depending on the flow, you'll either get a 200 Response with another challenge,

 Depending also on the stage, a response might take longer to be returned (especially with the Duo Authenticator validation).

-To see the data layout for every stage possible, see the [API Browser](https://goauthentik.io/api/#get-/api/v2beta/flows/executor/-flow_slug-/)
+To see the data layout for every stage possible, see the [API Browser](https://goauthentik.io/api/#get-/api/v3/flows/executor/-flow_slug-/)

 ## Result

--- a/website/docs/providers/saml.md
+++ b/website/docs/providers/saml.md
@ -10,7 +10,7 @@ Default fields are exposed through auto-generated Property Mappings, which are p
 | SSO (Redirect binding) | `/application/saml/<application slug>/sso/binding/redirect/`   |
 | SSO (POST binding)     | `/application/saml/<application slug>/sso/binding/post/`       |
 | IdP-initiated login    | `/application/saml/<application slug>/sso/binding/init/`       |
-| Metadata Download      | `/api/v2beta/providers/saml/<provider uid>/metadata/?download/`|
+| Metadata Download      | `/api/v3/providers/saml/<provider uid>/metadata/?download/`|

 You can download the metadata through the Webinterface, this link might be handy if your software wants to download the metadata directly.

--- a/website/docs/releases/v2021.8.md
+++ b/website/docs/releases/v2021.8.md
@ -100,6 +100,7 @@ slug: "2021.8"

 ## Fixed in 2021.8.4

+- api: add /api/v3 path
 - api: add basic rate limiting for sentry proxy endpoint
 - core: fix user_obj being empty on token API
 - events: improve logging for task exceptions