allow current tenant with mobile auth (api endpoint doesn't require auth but api client sends it anyways...?)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2024-01-08 13:13:02 +01:00
parent 228ebade27
commit 23a198ddd8
No known key found for this signature in database
4 changed files with 25 additions and 30 deletions

View file

@ -3,6 +3,7 @@ from typing import Any
from django.db import models from django.db import models
from drf_spectacular.utils import extend_schema from drf_spectacular.utils import extend_schema
from rest_framework.authentication import SessionAuthentication
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField, ChoiceField, ListField from rest_framework.fields import CharField, ChoiceField, ListField
@ -13,10 +14,12 @@ from rest_framework.response import Response
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
from authentik.api.authentication import TokenAuthentication
from authentik.api.authorization import SecretKeyFilter from authentik.api.authorization import SecretKeyFilter
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import PassiveSerializer from authentik.core.api.utils import PassiveSerializer
from authentik.lib.config import CONFIG from authentik.lib.config import CONFIG
from authentik.stages.authenticator_mobile.api.auth import MobileDeviceTokenAuthentication
from authentik.tenants.models import Tenant from authentik.tenants.models import Tenant
@ -130,7 +133,16 @@ class TenantViewSet(UsedByMixin, ModelViewSet):
@extend_schema( @extend_schema(
responses=CurrentTenantSerializer(many=False), responses=CurrentTenantSerializer(many=False),
) )
@action(methods=["GET"], detail=False, permission_classes=[AllowAny]) @action(
methods=["GET"],
detail=False,
permission_classes=[AllowAny],
authentication_classes=[
MobileDeviceTokenAuthentication,
TokenAuthentication,
SessionAuthentication,
],
)
def current(self, request: Request) -> Response: def current(self, request: Request) -> Response:
"""Get current tenant""" """Get current tenant"""
tenant: Tenant = request._request.tenant tenant: Tenant = request._request.tenant

View file

@ -5999,7 +5999,6 @@
"string", "string",
"null" "null"
], ],
"minLength": 1,
"title": "Friendly name" "title": "Friendly name"
}, },
"client_id": { "client_id": {
@ -6144,7 +6143,6 @@
"string", "string",
"null" "null"
], ],
"minLength": 1,
"title": "Friendly name" "title": "Friendly name"
}, },
"item_matching_mode": { "item_matching_mode": {
@ -6280,7 +6278,6 @@
"string", "string",
"null" "null"
], ],
"minLength": 1,
"title": "Friendly name" "title": "Friendly name"
}, },
"provider": { "provider": {
@ -6447,7 +6444,6 @@
"string", "string",
"null" "null"
], ],
"minLength": 1,
"title": "Friendly name" "title": "Friendly name"
}, },
"token_count": { "token_count": {
@ -6581,7 +6577,6 @@
"string", "string",
"null" "null"
], ],
"minLength": 1,
"title": "Friendly name" "title": "Friendly name"
}, },
"digits": { "digits": {
@ -6855,7 +6850,6 @@
"string", "string",
"null" "null"
], ],
"minLength": 1,
"title": "Friendly name" "title": "Friendly name"
}, },
"user_verification": { "user_verification": {

View file

@ -18807,7 +18807,7 @@ paths:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -19105,7 +19105,7 @@ paths:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -24076,7 +24076,7 @@ paths:
schema: schema:
type: string type: string
format: uuid format: uuid
description: A UUID string identifying this Static Authenticator Stage. description: A UUID string identifying this Static Authenticator Setup Stage.
required: true required: true
tags: tags:
- stages - stages
@ -24110,7 +24110,7 @@ paths:
schema: schema:
type: string type: string
format: uuid format: uuid
description: A UUID string identifying this Static Authenticator Stage. description: A UUID string identifying this Static Authenticator Setup Stage.
required: true required: true
tags: tags:
- stages - stages
@ -24150,7 +24150,7 @@ paths:
schema: schema:
type: string type: string
format: uuid format: uuid
description: A UUID string identifying this Static Authenticator Stage. description: A UUID string identifying this Static Authenticator Setup Stage.
required: true required: true
tags: tags:
- stages - stages
@ -24189,7 +24189,7 @@ paths:
schema: schema:
type: string type: string
format: uuid format: uuid
description: A UUID string identifying this Static Authenticator Stage. description: A UUID string identifying this Static Authenticator Setup Stage.
required: true required: true
tags: tags:
- stages - stages
@ -24220,7 +24220,7 @@ paths:
schema: schema:
type: string type: string
format: uuid format: uuid
description: A UUID string identifying this Static Authenticator Stage. description: A UUID string identifying this Static Authenticator Setup Stage.
required: true required: true
tags: tags:
- stages - stages
@ -29965,7 +29965,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
user_verification: user_verification:
$ref: '#/components/schemas/UserVerificationEnum' $ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment: authenticator_attachment:
@ -30276,7 +30275,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
client_id: client_id:
type: string type: string
minLength: 1 minLength: 1
@ -30419,7 +30417,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
item_matching_mode: item_matching_mode:
$ref: '#/components/schemas/ItemMatchingModeEnum' $ref: '#/components/schemas/ItemMatchingModeEnum'
cgw_endpoint: cgw_endpoint:
@ -30562,7 +30559,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
provider: provider:
$ref: '#/components/schemas/ProviderEnum' $ref: '#/components/schemas/ProviderEnum'
from_number: from_number:
@ -30707,7 +30703,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
token_count: token_count:
type: integer type: integer
maximum: 2147483647 maximum: 2147483647
@ -30828,7 +30823,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
digits: digits:
$ref: '#/components/schemas/DigitsEnum' $ref: '#/components/schemas/DigitsEnum'
required: required:
@ -32804,7 +32798,7 @@ components:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -33007,7 +33001,7 @@ components:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -35587,7 +35581,7 @@ components:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device
@ -38166,7 +38160,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
user_verification: user_verification:
$ref: '#/components/schemas/UserVerificationEnum' $ref: '#/components/schemas/UserVerificationEnum'
authenticator_attachment: authenticator_attachment:
@ -38195,7 +38188,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
client_id: client_id:
type: string type: string
minLength: 1 minLength: 1
@ -38231,7 +38223,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
item_matching_mode: item_matching_mode:
$ref: '#/components/schemas/ItemMatchingModeEnum' $ref: '#/components/schemas/ItemMatchingModeEnum'
cgw_endpoint: cgw_endpoint:
@ -38257,7 +38248,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
provider: provider:
$ref: '#/components/schemas/ProviderEnum' $ref: '#/components/schemas/ProviderEnum'
from_number: from_number:
@ -38303,7 +38293,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
token_count: token_count:
type: integer type: integer
maximum: 2147483647 maximum: 2147483647
@ -38332,7 +38321,6 @@ components:
friendly_name: friendly_name:
type: string type: string
nullable: true nullable: true
minLength: 1
digits: digits:
$ref: '#/components/schemas/DigitsEnum' $ref: '#/components/schemas/DigitsEnum'
PatchedAuthenticatorValidateStageRequest: PatchedAuthenticatorValidateStageRequest:
@ -38779,7 +38767,7 @@ components:
* `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device * `authentik_stages_authenticator_mobile.mobiledevice` - Mobile Device
* `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage * `authentik_stages_authenticator_sms.authenticatorsmsstage` - SMS Authenticator Setup Stage
* `authentik_stages_authenticator_sms.smsdevice` - SMS Device * `authentik_stages_authenticator_sms.smsdevice` - SMS Device
* `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Stage * `authentik_stages_authenticator_static.authenticatorstaticstage` - Static Authenticator Setup Stage
* `authentik_stages_authenticator_static.staticdevice` - Static Device * `authentik_stages_authenticator_static.staticdevice` - Static Device
* `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage * `authentik_stages_authenticator_totp.authenticatortotpstage` - TOTP Authenticator Setup Stage
* `authentik_stages_authenticator_totp.totpdevice` - TOTP Device * `authentik_stages_authenticator_totp.totpdevice` - TOTP Device

View file

@ -102,6 +102,7 @@ export class AuthenticatorMobileStage extends BaseStage<
<div class="qr-container"> <div class="qr-container">
<qr-code data="${JSON.stringify(this.challenge.payload)}"></qr-code> <qr-code data="${JSON.stringify(this.challenge.payload)}"></qr-code>
</div> </div>
<input value="${JSON.stringify(this.challenge.payload)}" readonly>
</form> </form>
</div> </div>
<footer class="pf-c-login__main-footer"> <footer class="pf-c-login__main-footer">