core: add method to set key of token

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2574
This commit is contained in:
Jens Langhammer 2022-04-11 20:43:39 +02:00
parent 8be04cc013
commit 2303a97bb9
2 changed files with 69 additions and 2 deletions

View file

@ -2,7 +2,7 @@
from typing import Any from typing import Any
from django_filters.rest_framework import DjangoFilterBackend from django_filters.rest_framework import DjangoFilterBackend
from drf_spectacular.utils import OpenApiResponse, extend_schema from drf_spectacular.utils import OpenApiResponse, extend_schema, inline_serializer
from guardian.shortcuts import assign_perm, get_anonymous_user from guardian.shortcuts import assign_perm, get_anonymous_user
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError from rest_framework.exceptions import ValidationError
@ -20,6 +20,7 @@ from authentik.core.api.users import UserSerializer
from authentik.core.api.utils import PassiveSerializer from authentik.core.api.utils import PassiveSerializer
from authentik.core.models import USER_ATTRIBUTE_TOKEN_EXPIRING, Token, TokenIntents from authentik.core.models import USER_ATTRIBUTE_TOKEN_EXPIRING, Token, TokenIntents
from authentik.events.models import Event, EventAction from authentik.events.models import Event, EventAction
from authentik.events.utils import model_to_dict
from authentik.managed.api import ManagedSerializer from authentik.managed.api import ManagedSerializer
@ -110,10 +111,39 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
404: OpenApiResponse(description="Token not found or expired"), 404: OpenApiResponse(description="Token not found or expired"),
} }
) )
@action(detail=True, pagination_class=None, filter_backends=[]) @action(detail=True, pagination_class=None, filter_backends=[], methods=["GET"])
# pylint: disable=unused-argument # pylint: disable=unused-argument
def view_key(self, request: Request, identifier: str) -> Response: def view_key(self, request: Request, identifier: str) -> Response:
"""Return token key and log access""" """Return token key and log access"""
token: Token = self.get_object() token: Token = self.get_object()
Event.new(EventAction.SECRET_VIEW, secret=token).from_http(request) # noqa # nosec Event.new(EventAction.SECRET_VIEW, secret=token).from_http(request) # noqa # nosec
return Response(TokenViewSerializer({"key": token.key}).data) return Response(TokenViewSerializer({"key": token.key}).data)
@permission_required("authentik_core.set_token_key")
@extend_schema(
request=inline_serializer(
"TokenSetKey",
{
"key": CharField(),
},
),
responses={
204: OpenApiResponse(description="Successfully changed key"),
400: OpenApiResponse(description="Missing key"),
404: OpenApiResponse(description="Token not found or expired"),
},
)
@action(detail=True, pagination_class=None, filter_backends=[], methods=["POST"])
# pylint: disable=unused-argument
def set_key(self, request: Request, identifier: str) -> Response:
"""Return token key and log access"""
token: Token = self.get_object()
key = request.POST.get("key")
if not key:
return Response(status=400)
token.key = key
token.save()
Event.new(EventAction.MODEL_UPDATED, model=model_to_dict(token)).from_http(
request
) # noqa # nosec
return Response(status=204)

View file

@ -2787,6 +2787,35 @@ paths:
$ref: '#/components/schemas/ValidationError' $ref: '#/components/schemas/ValidationError'
'403': '403':
$ref: '#/components/schemas/GenericError' $ref: '#/components/schemas/GenericError'
/core/tokens/{identifier}/set_key/:
post:
operationId: core_tokens_set_key_create
description: Return token key and log access
parameters:
- in: path
name: identifier
schema:
type: string
required: true
tags:
- core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/TokenSetKeyRequest'
required: true
security:
- authentik: []
responses:
'204':
description: Successfully changed key
'400':
description: Missing key
'404':
description: Token not found or expired
'403':
$ref: '#/components/schemas/GenericError'
/core/tokens/{identifier}/used_by/: /core/tokens/{identifier}/used_by/:
get: get:
operationId: core_tokens_used_by_list operationId: core_tokens_used_by_list
@ -30807,6 +30836,14 @@ components:
type: boolean type: boolean
required: required:
- identifier - identifier
TokenSetKeyRequest:
type: object
properties:
key:
type: string
minLength: 1
required:
- key
TokenView: TokenView:
type: object type: object
description: Show token's current key description: Show token's current key