web/admin: allow users to create app password tokens

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-08-23 16:20:49 +02:00
parent 9a6a3e66b8
commit f217d34a98
4 changed files with 28 additions and 7 deletions

View file

@ -2,6 +2,7 @@
from django.http.response import Http404
from drf_spectacular.utils import OpenApiResponse, extend_schema
from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField
from rest_framework.request import Request
from rest_framework.response import Response
@ -22,6 +23,12 @@ class TokenSerializer(ManagedSerializer, ModelSerializer):
user = UserSerializer(required=False)
def validate_intent(self, value: str) -> str:
"""Ensure only API or App password tokens are created."""
if value not in [TokenIntents.INTENT_API, TokenIntents.INTENT_APP_PASSWORD]:
raise ValidationError(f"Invalid intent {value}")
return value
class Meta:
model = Token
@ -69,7 +76,6 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
def perform_create(self, serializer: TokenSerializer):
serializer.save(
user=self.request.user,
intent=TokenIntents.INTENT_API,
expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True),
)

View file

@ -148,7 +148,7 @@ export class UserSettingsPage extends LitElement {
</section>
<section
slot="page-tokens"
data-tab-title="${t`Tokens`}"
data-tab-title="${t`Tokens and App passwords`}"
class="pf-c-page__main-section pf-m-no-padding-mobile"
>
<ak-user-token-list></ak-user-token-list>

View file

@ -1,6 +1,6 @@
import { CoreApi, Token } from "@goauthentik/api";
import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
import { t } from "@lingui/macro";
import { customElement } from "lit-element";
import { customElement, property } from "lit-element";
import { html, TemplateResult } from "lit-html";
import { DEFAULT_CONFIG } from "../../../api/Config";
import { ifDefined } from "lit-html/directives/if-defined";
@ -9,6 +9,9 @@ import { ModelForm } from "../../../elements/forms/ModelForm";
@customElement("ak-user-token-form")
export class UserTokenForm extends ModelForm<Token, string> {
@property()
intent: IntentEnum = IntentEnum.Api;
loadInstance(pk: string): Promise<Token> {
return new CoreApi(DEFAULT_CONFIG).coreTokensRetrieve({
identifier: pk,
@ -30,6 +33,7 @@ export class UserTokenForm extends ModelForm<Token, string> {
tokenRequest: data,
});
} else {
data.intent = this.intent;
return new CoreApi(DEFAULT_CONFIG).coreTokensCreate({
tokenRequest: data,
});

View file

@ -10,7 +10,7 @@ import "../../../elements/buttons/Dropdown";
import "../../../elements/buttons/TokenCopyButton";
import { Table, TableColumn } from "../../../elements/table/Table";
import { PAGE_SIZE } from "../../../constants";
import { CoreApi, Token } from "@goauthentik/api";
import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
import { DEFAULT_CONFIG } from "../../../api/Config";
import "./UserTokenForm";
@ -48,8 +48,19 @@ export class UserTokenList extends Table<Token> {
<ak-forms-modal>
<span slot="submit"> ${t`Create`} </span>
<span slot="header"> ${t`Create Token`} </span>
<ak-user-token-form slot="form"> </ak-user-token-form>
<button slot="trigger" class="pf-c-button pf-m-primary">${t`Create`}</button>
<ak-user-token-form intent=${IntentEnum.Api} slot="form"> </ak-user-token-form>
<button slot="trigger" class="pf-c-button pf-m-secondary">
${t`Create Token`}
</button>
</ak-forms-modal>
<ak-forms-modal>
<span slot="submit"> ${t`Create`} </span>
<span slot="header"> ${t`Create App password`} </span>
<ak-user-token-form intent=${IntentEnum.AppPassword} slot="form">
</ak-user-token-form>
<button slot="trigger" class="pf-c-button pf-m-secondary">
${t`Create App password`}
</button>
</ak-forms-modal>
${super.renderToolbar()}
`;