make challenge submit

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-09-04 16:27:05 +02:00
parent 742b946caf
commit 154b91cc92
No known key found for this signature in database
2 changed files with 41 additions and 5 deletions

View File

@ -12,7 +12,8 @@ from authentik.flows.challenge import (
from authentik.flows.stage import ChallengeStageView from authentik.flows.stage import ChallengeStageView
from authentik.stages.authenticator_mobile.models import MobileDevice, MobileDeviceToken from authentik.stages.authenticator_mobile.models import MobileDevice, MobileDeviceToken
FLOW_PLAN_MOBILE_ENROLL = "authentik/stages/authenticator_mobile/enroll" FLOW_PLAN_MOBILE_ENROLL_TOKEN = "authentik/stages/authenticator_mobile/enroll/token"
FLOW_PLAN_MOBILE_ENROLL_DEVICE = "authentik/stages/authenticator_mobile/enroll/device"
class AuthenticatorMobilePayloadChallenge(PassiveSerializer): class AuthenticatorMobilePayloadChallenge(PassiveSerializer):
@ -43,7 +44,7 @@ class AuthenticatorMobileStageView(ChallengeStageView):
def prepare(self): def prepare(self):
"""Prepare the token""" """Prepare the token"""
if FLOW_PLAN_MOBILE_ENROLL in self.executor.plan.context: if FLOW_PLAN_MOBILE_ENROLL_TOKEN in self.executor.plan.context:
return return
device = MobileDevice.objects.create( device = MobileDevice.objects.create(
user=self.get_pending_user(), user=self.get_pending_user(),
@ -54,7 +55,8 @@ class AuthenticatorMobileStageView(ChallengeStageView):
user=device.user, user=device.user,
device=device, device=device,
) )
self.executor.plan.context[FLOW_PLAN_MOBILE_ENROLL] = token self.executor.plan.context[FLOW_PLAN_MOBILE_ENROLL_TOKEN] = token
self.executor.plan.context[FLOW_PLAN_MOBILE_ENROLL_DEVICE] = device
def get_challenge(self, *args, **kwargs) -> Challenge: def get_challenge(self, *args, **kwargs) -> Challenge:
self.prepare() self.prepare()
@ -62,8 +64,8 @@ class AuthenticatorMobileStageView(ChallengeStageView):
data={ data={
# TODO: use cloud gateway? # TODO: use cloud gateway?
"u": self.request.build_absolute_uri("/"), "u": self.request.build_absolute_uri("/"),
"s": str(self.executor.plan.context[FLOW_PLAN_MOBILE_ENROLL].device.pk), "s": str(self.executor.plan.context[FLOW_PLAN_MOBILE_ENROLL_DEVICE].pk),
"t": self.executor.plan.context[FLOW_PLAN_MOBILE_ENROLL].token, "t": self.executor.plan.context[FLOW_PLAN_MOBILE_ENROLL_TOKEN].token,
} }
) )
payload.is_valid() payload.is_valid()
@ -75,4 +77,8 @@ class AuthenticatorMobileStageView(ChallengeStageView):
) )
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse: def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
device: MobileDevice = self.executor.plan.context[FLOW_PLAN_MOBILE_ENROLL_DEVICE]
device.refresh_from_db()
if not device.confirmed:
return self.challenge_invalid(response)
return self.executor.stage_ok() return self.executor.stage_ok()

View File

@ -1,3 +1,4 @@
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
import "@goauthentik/elements/EmptyState"; import "@goauthentik/elements/EmptyState";
import "@goauthentik/elements/forms/FormElement"; import "@goauthentik/elements/forms/FormElement";
import "@goauthentik/flow/FormStatic"; import "@goauthentik/flow/FormStatic";
@ -18,6 +19,8 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css";
import { import {
AuthenticatorMobileChallenge, AuthenticatorMobileChallenge,
AuthenticatorMobileChallengeResponseRequest, AuthenticatorMobileChallengeResponseRequest,
AuthenticatorsApi,
MobileDeviceEnrollmentStatusStatusEnum,
} from "@goauthentik/api"; } from "@goauthentik/api";
@customElement("ak-stage-authenticator-mobile") @customElement("ak-stage-authenticator-mobile")
@ -43,6 +46,33 @@ export class AuthenticatorMobileStage extends BaseStage<
]; ];
} }
firstUpdated(): void {
const i = setInterval(() => {
this.checkEnrollStatus().then((shouldStop) => {
if (shouldStop) {
clearInterval(i);
}
});
}, 3000);
}
async checkEnrollStatus(): Promise<boolean> {
const status = await new AuthenticatorsApi(
DEFAULT_CONFIG,
).authenticatorsMobileEnrollmentStatusCreate({
uuid: this.challenge?.payload.s || "",
});
console.debug(`authentik/stages/authenticator_mobile: Enrollment status: ${status.status}`);
switch (status.status) {
case MobileDeviceEnrollmentStatusStatusEnum.Success:
this.host?.submit({});
return true;
case MobileDeviceEnrollmentStatusStatusEnum.Waiting:
break;
}
return false;
}
render(): TemplateResult { render(): TemplateResult {
if (!this.challenge) { if (!this.challenge) {
return html`<ak-empty-state ?loading="${true}" header=${msg("Loading")}> return html`<ak-empty-state ?loading="${true}" header=${msg("Loading")}>