authentik/passbook/core/views/access.py

"""passbook access helper classes"""
from django.contrib import messages
from django.http import HttpRequest
from django.utils.translation import gettext as _
from structlog import get_logger

from passbook.core.models import Application, Provider, User
from passbook.policies.engine import PolicyEngine
from passbook.policies.types import PolicyResult

LOGGER = get_logger()


class AccessMixin:
    """Mixin class for usage in Authorization views.
    Provider functions to check application access, etc"""

    # request is set by view but since this Mixin has no base class
    request: HttpRequest = None

    def provider_to_application(self, provider: Provider) -> Application:
        """Lookup application assigned to provider, throw error if no application assigned"""
        try:
            return provider.application
        except Application.DoesNotExist as exc:
            messages.error(
                self.request,
                _(
                    'Provider "%(name)s" has no application assigned'
                    % {"name": provider}
                ),
            )
            raise exc

    def user_has_access(self, application: Application, user: User) -> PolicyResult:
        """Check if user has access to application."""
        LOGGER.debug("Checking permissions", user=user, application=application)
        policy_engine = PolicyEngine(application, user, self.request)
        policy_engine.build()
        return policy_engine.result
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""passbook access helper classes"""`
add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`from django.contrib import messages`
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`from django.http import HttpRequest`
add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`from django.utils.translation import gettext as _`
*(minor): stdlib logging to structlog 2019-10-01 08:24:10 +00:00			`from structlog import get_logger`
core: cleanup 2018-12-09 20:07:38 +00:00
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`from passbook.core.models import Application, Provider, User`
*(minor): small refactor 2019-10-07 14:33:48 +00:00			`from passbook.policies.engine import PolicyEngine`
policies/*: remove Policy.negate, order, timeout (#39) policies: rewrite engine to use PolicyBinding for order/negate/timeout policies: rewrite engine to use PolicyResult instead of tuple 2020-05-28 19:45:54 +00:00			`from passbook.policies.types import PolicyResult`
core: cleanup 2018-12-09 20:07:38 +00:00
*(minor): remove __name__ param from get_logger 2019-10-04 08:08:53 +00:00			`LOGGER = get_logger()`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00
all: implement black as code formatter 2019-12-31 11:51:16 +00:00
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`class AccessMixin:`
			`"""Mixin class for usage in Authorization views.`
			`Provider functions to check application access, etc"""`

add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`# request is set by view but since this Mixin has no base class`
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`request: HttpRequest = None`
add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`def provider_to_application(self, provider: Provider) -> Application:`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""Lookup application assigned to provider, throw error if no application assigned"""`
core: cleanup 2018-12-09 20:07:38 +00:00			`try:`
			`return provider.application`
			`except Application.DoesNotExist as exc:`
all: implement black as code formatter 2019-12-31 11:51:16 +00:00			`messages.error(`
			`self.request,`
			`_(`
			`'Provider "%(name)s" has no application assigned'`
			`% {"name": provider}`
			`),`
			`)`
add passbook.pretend to use passbook in applications which don't support generic OAuth 2019-02-26 08:10:37 +00:00			`raise exc`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00
policies/*: remove Policy.negate, order, timeout (#39) policies: rewrite engine to use PolicyBinding for order/negate/timeout policies: rewrite engine to use PolicyResult instead of tuple 2020-05-28 19:45:54 +00:00			`def user_has_access(self, application: Application, user: User) -> PolicyResult:`
oauth_provider: rewrite view to check for access 2018-11-25 19:39:09 +00:00			`"""Check if user has access to application."""`
root(minor): get rid of duplicate settings 2019-10-04 14:09:35 +00:00			`LOGGER.debug("Checking permissions", user=user, application=application)`
WIP Use Flows for Sources and Providers (#32) * core: start migrating to flows for authorisation * sources/oauth: start type-hinting * core: create default user * core: only show user delete button if an unenrollment flow exists * flows: Correctly check initial policies on flow with context * policies: add more verbosity to engine * sources/oauth: migrate to flows * sources/oauth: fix typing errors * flows: add more tests * sources/oauth: start implementing unittests * sources/ldap: add option to disable user sync, move connection init to model * sources/ldap: re-add default PropertyMappings * providers/saml: re-add default PropertyMappings * admin: fix missing stage count * stages/identification: fix sources not being shown * crypto: fix being unable to save with private key * crypto: re-add default self-signed keypair * policies: rewrite cache_key to prevent wrong cache * sources/saml: migrate to flows for auth and enrollment * stages/consent: add new stage * admin: fix PropertyMapping widget not rendering properly * core: provider.authorization_flow is mandatory * flows: add support for "autosubmit" attribute on form * flows: add InMemoryStage for dynamic stages * flows: optionally allow empty flows from FlowPlanner * providers/saml: update to authorization_flow * sources/: fix flow executor URL flows: fix pylint error * flows: wrap responses in JSON object to easily handle redirects * flow: dont cache plan's context * providers/oauth: rewrite OAuth2 Provider to use flows * providers/: update docstrings of models core: fix forms not passing help_text through safe * flows: fix HttpResponses not being converted to JSON * providers/oidc: rewrite to use flows * flows: fix linting 2020-06-07 14:35:08 +00:00			`policy_engine = PolicyEngine(application, user, self.request)`
policy(major): simplify PolicyEngine API, add flag to ignore cache for debug purposes 2019-10-15 13:44:59 +00:00			`policy_engine.build()`
remove Application.user_is_authorized 2019-03-12 09:56:01 +00:00			`return policy_engine.result`