allow current tenant with mobile auth (api endpoint doesn't require auth but api client sends it anyways...?)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2024-01-08 13:13:02 +01:00
parent 228ebade27
commit 23a198ddd8
No known key found for this signature in database
4 changed files with 25 additions and 30 deletions

View file

@ -3,6 +3,7 @@ from typing import Any
from django.db import models
from drf_spectacular.utils import extend_schema
from rest_framework.authentication import SessionAuthentication
from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField, ChoiceField, ListField
@ -13,10 +14,12 @@ from rest_framework.response import Response
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet
from authentik.api.authentication import TokenAuthentication
from authentik.api.authorization import SecretKeyFilter
from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import PassiveSerializer
from authentik.lib.config import CONFIG
from authentik.stages.authenticator_mobile.api.auth import MobileDeviceTokenAuthentication
from authentik.tenants.models import Tenant
@ -130,7 +133,16 @@ class TenantViewSet(UsedByMixin, ModelViewSet):
@extend_schema(
responses=CurrentTenantSerializer(many=False),
)
@action(methods=["GET"], detail=False, permission_classes=[AllowAny])
@action(
methods=["GET"],
detail=False,
permission_classes=[AllowAny],
authentication_classes=[
MobileDeviceTokenAuthentication,
TokenAuthentication,
SessionAuthentication,
],
)
def current(self, request: Request) -> Response:
"""Get current tenant"""
tenant: Tenant = request._request.tenant

View file

@ -5999,7 +5999,6 @@
"string",
"null"
],
"minLength": 1,
"title": "Friendly name"
},
"client_id": {
@ -6144,7 +6143,6 @@
"string",
"null"
],
"minLength": 1,
"title": "Friendly name"
},
"item_matching_mode": {
@ -6280,7 +6278,6 @@
"string",
"null"
],
"minLength": 1,
"title": "Friendly name"
},
"provider": {
@ -6447,7 +6444,6 @@
"string",
"null"
],
"minLength": 1,
"title": "Friendly name"
},
"token_count": {
@ -6581,7 +6577,6 @@
"string",
"null"
],
"minLength": 1,
"title": "Friendly name"
},
"digits": {
@ -6855,7 +6850,6 @@
"string",
"null"
],
"minLength": 1,
"title": "Friendly name"
},
"user_verification": {

View file

@ -18807,7 +18807,7 @@ paths:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -19105,7 +19105,7 @@ paths:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -24076,7 +24076,7 @@ paths:
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
description: A UUID string identifying this Static Authenticator Setup Stage.
required: true
tags:
- stages
@ -24110,7 +24110,7 @@ paths:
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
description: A UUID string identifying this Static Authenticator Setup Stage.
required: true
tags:
- stages
@ -24150,7 +24150,7 @@ paths:
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
description: A UUID string identifying this Static Authenticator Setup Stage.
required: true
tags:
- stages
@ -24189,7 +24189,7 @@ paths:
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
description: A UUID string identifying this Static Authenticator Setup Stage.
required: true
tags:
- stages
@ -24220,7 +24220,7 @@ paths:
schema:
type: string
format: uuid
description: A UUID string identifying this Static Authenticator Stage.
description: A UUID string identifying this Static Authenticator Setup Stage.
required: true
tags:
- stages
@ -29965,7 +29965,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
user_verification:
$ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment:
@ -30276,7 +30275,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
client_id:
type: string
minLength: 1
@ -30419,7 +30417,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
item_matching_mode:
$ref: '#/components/schemas/ItemMatchingModeEnum'
cgw_endpoint:
@ -30562,7 +30559,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
provider:
$ref: '#/components/schemas/ProviderEnum'
from_number:
@ -30707,7 +30703,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
token_count:
type: integer
maximum: 2147483647
@ -30828,7 +30823,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
digits:
$ref: '#/components/schemas/DigitsEnum'
required:
@ -32804,7 +32798,7 @@ components:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -33007,7 +33001,7 @@ components:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -35587,7 +35581,7 @@ components:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -38166,7 +38160,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
user_verification:
$ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment:
@ -38195,7 +38188,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
client_id:
type: string
minLength: 1
@ -38231,7 +38223,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
item_matching_mode:
$ref: '#/components/schemas/ItemMatchingModeEnum'
cgw_endpoint:
@ -38257,7 +38248,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
provider:
$ref: '#/components/schemas/ProviderEnum'
from_number:
@ -38303,7 +38293,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
token_count:
type: integer
maximum: 2147483647
@ -38332,7 +38321,6 @@ components:
friendly_name:
type: string
nullable: true
minLength: 1
digits:
$ref: '#/components/schemas/DigitsEnum'
PatchedAuthenticatorValidateStageRequest:
@ -38779,7 +38767,7 @@ components:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device

View file

@ -102,6 +102,7 @@ export class AuthenticatorMobileStage extends BaseStage<
<div class="qr-container">
<qr-code data="${JSON.stringify(this.challenge.payload)}"></qr-code>
</div>
<input value="${JSON.stringify(this.challenge.payload)}" readonly>
</form>
</div>
<footer class="pf-c-login__main-footer">