core: fix squash migrations error when AK_ADMIN_TOKEN is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
d39dbc7287
commit
2b09d97522
|
@ -0,0 +1,118 @@
|
||||||
|
# Generated by Django 3.2.8 on 2021-10-12 15:36
|
||||||
|
|
||||||
|
from django.apps.registry import Apps
|
||||||
|
from django.db import migrations, models
|
||||||
|
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
||||||
|
|
||||||
|
import authentik.core.models
|
||||||
|
|
||||||
|
|
||||||
|
def set_default_token_key(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
|
db_alias = schema_editor.connection.alias
|
||||||
|
Token = apps.get_model("authentik_core", "Token")
|
||||||
|
|
||||||
|
for token in Token.objects.using(db_alias).all():
|
||||||
|
token.key = token.pk.hex
|
||||||
|
token.save()
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
replaces = [
|
||||||
|
("authentik_core", "0012_auto_20201003_1737"),
|
||||||
|
("authentik_core", "0013_auto_20201003_2132"),
|
||||||
|
("authentik_core", "0014_auto_20201018_1158"),
|
||||||
|
("authentik_core", "0015_application_icon"),
|
||||||
|
("authentik_core", "0016_auto_20201202_2234"),
|
||||||
|
]
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("authentik_providers_saml", "0006_remove_samlprovider_name"),
|
||||||
|
("authentik_providers_oauth2", "0006_remove_oauth2provider_name"),
|
||||||
|
("authentik_core", "0011_provider_name_temp"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RenameField(
|
||||||
|
model_name="provider",
|
||||||
|
old_name="name_temp",
|
||||||
|
new_name="name",
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="token",
|
||||||
|
name="identifier",
|
||||||
|
field=models.TextField(default=""),
|
||||||
|
preserve_default=False,
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="token",
|
||||||
|
name="intent",
|
||||||
|
field=models.TextField(
|
||||||
|
choices=[
|
||||||
|
("verification", "Intent Verification"),
|
||||||
|
("api", "Intent Api"),
|
||||||
|
("recovery", "Intent Recovery"),
|
||||||
|
],
|
||||||
|
default="verification",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
migrations.AlterUniqueTogether(
|
||||||
|
name="token",
|
||||||
|
unique_together={("identifier", "user")},
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="token",
|
||||||
|
name="key",
|
||||||
|
field=models.TextField(default=authentik.core.models.default_token_key),
|
||||||
|
),
|
||||||
|
migrations.AlterUniqueTogether(
|
||||||
|
name="token",
|
||||||
|
unique_together=set(),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="token",
|
||||||
|
name="identifier",
|
||||||
|
field=models.SlugField(max_length=255),
|
||||||
|
),
|
||||||
|
migrations.AddIndex(
|
||||||
|
model_name="token",
|
||||||
|
index=models.Index(fields=["key"], name="authentik_co_key_e45007_idx"),
|
||||||
|
),
|
||||||
|
migrations.AddIndex(
|
||||||
|
model_name="token",
|
||||||
|
index=models.Index(fields=["identifier"], name="authentik_co_identif_1a34a8_idx"),
|
||||||
|
),
|
||||||
|
migrations.RunPython(
|
||||||
|
code=set_default_token_key,
|
||||||
|
),
|
||||||
|
migrations.RemoveField(
|
||||||
|
model_name="application",
|
||||||
|
name="meta_icon_url",
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="application",
|
||||||
|
name="meta_icon",
|
||||||
|
field=models.FileField(blank=True, default="", upload_to="application-icons/"),
|
||||||
|
),
|
||||||
|
migrations.RemoveIndex(
|
||||||
|
model_name="token",
|
||||||
|
name="authentik_co_key_e45007_idx",
|
||||||
|
),
|
||||||
|
migrations.RemoveIndex(
|
||||||
|
model_name="token",
|
||||||
|
name="authentik_co_identif_1a34a8_idx",
|
||||||
|
),
|
||||||
|
migrations.RenameField(
|
||||||
|
model_name="user",
|
||||||
|
old_name="pb_groups",
|
||||||
|
new_name="ak_groups",
|
||||||
|
),
|
||||||
|
migrations.AddIndex(
|
||||||
|
model_name="token",
|
||||||
|
index=models.Index(fields=["identifier"], name="authentik_c_identif_d9d032_idx"),
|
||||||
|
),
|
||||||
|
migrations.AddIndex(
|
||||||
|
model_name="token",
|
||||||
|
index=models.Index(fields=["key"], name="authentik_c_key_f71355_idx"),
|
||||||
|
),
|
||||||
|
]
|
|
@ -14,15 +14,6 @@ from django.db.models import Count
|
||||||
import authentik.core.models
|
import authentik.core.models
|
||||||
|
|
||||||
|
|
||||||
def set_default_token_key(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
|
||||||
db_alias = schema_editor.connection.alias
|
|
||||||
Token = apps.get_model("authentik_core", "Token")
|
|
||||||
|
|
||||||
for token in Token.objects.using(db_alias).all():
|
|
||||||
token.key = token.pk.hex
|
|
||||||
token.save()
|
|
||||||
|
|
||||||
|
|
||||||
def migrate_sessions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
def migrate_sessions(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
db_alias = schema_editor.connection.alias
|
db_alias = schema_editor.connection.alias
|
||||||
from django.contrib.sessions.backends.cache import KEY_PREFIX
|
from django.contrib.sessions.backends.cache import KEY_PREFIX
|
||||||
|
@ -68,12 +59,6 @@ def create_default_user_token(apps: Apps, schema_editor: BaseDatabaseSchemaEdito
|
||||||
class Migration(migrations.Migration):
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
replaces = [
|
replaces = [
|
||||||
("authentik_core", "0012_auto_20201003_1737"),
|
|
||||||
("authentik_core", "0013_auto_20201003_2132"),
|
|
||||||
("authentik_core", "0014_auto_20201018_1158"),
|
|
||||||
("authentik_core", "0015_application_icon"),
|
|
||||||
("authentik_core", "0016_auto_20201202_2234"),
|
|
||||||
("authentik_core", "0017_managed"),
|
|
||||||
("authentik_core", "0018_auto_20210330_1345"),
|
("authentik_core", "0018_auto_20210330_1345"),
|
||||||
("authentik_core", "0019_source_managed"),
|
("authentik_core", "0019_source_managed"),
|
||||||
("authentik_core", "0020_source_user_matching_mode"),
|
("authentik_core", "0020_source_user_matching_mode"),
|
||||||
|
@ -88,116 +73,10 @@ class Migration(migrations.Migration):
|
||||||
]
|
]
|
||||||
|
|
||||||
dependencies = [
|
dependencies = [
|
||||||
("authentik_providers_saml", "0006_remove_samlprovider_name"),
|
("authentik_core", "0017_managed"),
|
||||||
("authentik_core", "0011_provider_name_temp"),
|
|
||||||
("authentik_providers_oauth2", "0006_remove_oauth2provider_name"),
|
|
||||||
]
|
]
|
||||||
|
|
||||||
operations = [
|
operations = [
|
||||||
migrations.RenameField(
|
|
||||||
model_name="provider",
|
|
||||||
old_name="name_temp",
|
|
||||||
new_name="name",
|
|
||||||
),
|
|
||||||
migrations.AddField(
|
|
||||||
model_name="token",
|
|
||||||
name="identifier",
|
|
||||||
field=models.TextField(default=""),
|
|
||||||
preserve_default=False,
|
|
||||||
),
|
|
||||||
migrations.AlterField(
|
|
||||||
model_name="token",
|
|
||||||
name="intent",
|
|
||||||
field=models.TextField(
|
|
||||||
choices=[
|
|
||||||
("verification", "Intent Verification"),
|
|
||||||
("api", "Intent Api"),
|
|
||||||
("recovery", "Intent Recovery"),
|
|
||||||
],
|
|
||||||
default="verification",
|
|
||||||
),
|
|
||||||
),
|
|
||||||
migrations.AlterUniqueTogether(
|
|
||||||
name="token",
|
|
||||||
unique_together={("identifier", "user")},
|
|
||||||
),
|
|
||||||
migrations.AddField(
|
|
||||||
model_name="token",
|
|
||||||
name="key",
|
|
||||||
field=models.TextField(default=authentik.core.models.default_token_key),
|
|
||||||
),
|
|
||||||
migrations.AlterUniqueTogether(
|
|
||||||
name="token",
|
|
||||||
unique_together=set(),
|
|
||||||
),
|
|
||||||
migrations.AlterField(
|
|
||||||
model_name="token",
|
|
||||||
name="identifier",
|
|
||||||
field=models.SlugField(max_length=255),
|
|
||||||
),
|
|
||||||
migrations.AddIndex(
|
|
||||||
model_name="token",
|
|
||||||
index=models.Index(fields=["key"], name="authentik_co_key_e45007_idx"),
|
|
||||||
),
|
|
||||||
migrations.AddIndex(
|
|
||||||
model_name="token",
|
|
||||||
index=models.Index(fields=["identifier"], name="authentik_co_identif_1a34a8_idx"),
|
|
||||||
),
|
|
||||||
migrations.RunPython(
|
|
||||||
code=set_default_token_key,
|
|
||||||
),
|
|
||||||
migrations.RemoveField(
|
|
||||||
model_name="application",
|
|
||||||
name="meta_icon_url",
|
|
||||||
),
|
|
||||||
migrations.AddField(
|
|
||||||
model_name="application",
|
|
||||||
name="meta_icon",
|
|
||||||
field=models.FileField(blank=True, default="", upload_to="application-icons/"),
|
|
||||||
),
|
|
||||||
migrations.RemoveIndex(
|
|
||||||
model_name="token",
|
|
||||||
name="authentik_co_key_e45007_idx",
|
|
||||||
),
|
|
||||||
migrations.RemoveIndex(
|
|
||||||
model_name="token",
|
|
||||||
name="authentik_co_identif_1a34a8_idx",
|
|
||||||
),
|
|
||||||
migrations.RenameField(
|
|
||||||
model_name="user",
|
|
||||||
old_name="pb_groups",
|
|
||||||
new_name="ak_groups",
|
|
||||||
),
|
|
||||||
migrations.AddIndex(
|
|
||||||
model_name="token",
|
|
||||||
index=models.Index(fields=["identifier"], name="authentik_c_identif_d9d032_idx"),
|
|
||||||
),
|
|
||||||
migrations.AddIndex(
|
|
||||||
model_name="token",
|
|
||||||
index=models.Index(fields=["key"], name="authentik_c_key_f71355_idx"),
|
|
||||||
),
|
|
||||||
migrations.AddField(
|
|
||||||
model_name="propertymapping",
|
|
||||||
name="managed",
|
|
||||||
field=models.TextField(
|
|
||||||
default=None,
|
|
||||||
help_text="Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.",
|
|
||||||
null=True,
|
|
||||||
unique=True,
|
|
||||||
verbose_name="Managed by authentik",
|
|
||||||
),
|
|
||||||
),
|
|
||||||
migrations.AddField(
|
|
||||||
model_name="token",
|
|
||||||
name="managed",
|
|
||||||
field=models.TextField(
|
|
||||||
default=None,
|
|
||||||
help_text="Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.",
|
|
||||||
null=True,
|
|
||||||
unique=True,
|
|
||||||
verbose_name="Managed by authentik",
|
|
||||||
),
|
|
||||||
),
|
|
||||||
migrations.AlterModelOptions(
|
migrations.AlterModelOptions(
|
||||||
name="token",
|
name="token",
|
||||||
options={
|
options={
|
|
@ -0,0 +1,180 @@
|
||||||
|
# Generated by Django 3.2.8 on 2021-10-12 15:39
|
||||||
|
|
||||||
|
import django.db.models.deletion
|
||||||
|
from django.apps.registry import Apps
|
||||||
|
from django.db import migrations, models
|
||||||
|
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
||||||
|
|
||||||
|
import authentik.lib.models
|
||||||
|
import authentik.providers.proxy.models
|
||||||
|
|
||||||
|
|
||||||
|
def migrate_defaults(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
|
from authentik.providers.proxy.models import JWTAlgorithms, ProxyProvider
|
||||||
|
|
||||||
|
db_alias = schema_editor.connection.alias
|
||||||
|
for provider in ProxyProvider.objects.using(db_alias).filter(jwt_alg=JWTAlgorithms.RS256):
|
||||||
|
provider.set_oauth_defaults()
|
||||||
|
provider.save()
|
||||||
|
|
||||||
|
|
||||||
|
def migrate_mode(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
|
from authentik.providers.proxy.models import ProxyMode
|
||||||
|
|
||||||
|
db_alias = schema_editor.connection.alias
|
||||||
|
ProxyProvider = apps.get_model("authentik_providers_proxy", "proxyprovider")
|
||||||
|
for provider in ProxyProvider.objects.using(db_alias).all():
|
||||||
|
if provider.forward_auth_mode:
|
||||||
|
provider.mode = ProxyMode.FORWARD_SINGLE
|
||||||
|
provider.save()
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
replaces = [
|
||||||
|
("authentik_providers_proxy", "0001_initial"),
|
||||||
|
("authentik_providers_proxy", "0002_proxyprovider_cookie_secret"),
|
||||||
|
("authentik_providers_proxy", "0003_proxyprovider_certificate"),
|
||||||
|
("authentik_providers_proxy", "0004_auto_20200913_1947"),
|
||||||
|
("authentik_providers_proxy", "0005_auto_20200914_1536"),
|
||||||
|
("authentik_providers_proxy", "0006_proxyprovider_skip_path_regex"),
|
||||||
|
("authentik_providers_proxy", "0007_auto_20200923_1017"),
|
||||||
|
("authentik_providers_proxy", "0008_auto_20200930_0810"),
|
||||||
|
("authentik_providers_proxy", "0009_auto_20201007_1721"),
|
||||||
|
("authentik_providers_proxy", "0010_auto_20201214_0942"),
|
||||||
|
("authentik_providers_proxy", "0011_proxyprovider_forward_auth_mode"),
|
||||||
|
("authentik_providers_proxy", "0012_proxyprovider_cookie_domain"),
|
||||||
|
("authentik_providers_proxy", "0013_mode"),
|
||||||
|
("authentik_providers_proxy", "0014_proxy_v2"),
|
||||||
|
]
|
||||||
|
|
||||||
|
initial = True
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("authentik_crypto", "0002_create_self_signed_kp"),
|
||||||
|
("authentik_providers_oauth2", "0001_initial"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name="ProxyProvider",
|
||||||
|
fields=[
|
||||||
|
(
|
||||||
|
"oauth2provider_ptr",
|
||||||
|
models.OneToOneField(
|
||||||
|
auto_created=True,
|
||||||
|
on_delete=django.db.models.deletion.CASCADE,
|
||||||
|
parent_link=True,
|
||||||
|
primary_key=True,
|
||||||
|
serialize=False,
|
||||||
|
to="authentik_providers_oauth2.oauth2provider",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"internal_host",
|
||||||
|
models.TextField(
|
||||||
|
blank=True,
|
||||||
|
validators=[
|
||||||
|
authentik.lib.models.DomainlessURLValidator(schemes=("http", "https"))
|
||||||
|
],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"external_host",
|
||||||
|
models.TextField(
|
||||||
|
validators=[
|
||||||
|
authentik.lib.models.DomainlessURLValidator(schemes=("http", "https"))
|
||||||
|
]
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"cookie_secret",
|
||||||
|
models.TextField(default=authentik.providers.proxy.models.get_cookie_secret),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"certificate",
|
||||||
|
models.ForeignKey(
|
||||||
|
blank=True,
|
||||||
|
null=True,
|
||||||
|
on_delete=django.db.models.deletion.SET_NULL,
|
||||||
|
to="authentik_crypto.certificatekeypair",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"skip_path_regex",
|
||||||
|
models.TextField(
|
||||||
|
blank=True,
|
||||||
|
default="",
|
||||||
|
help_text="Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression.",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"internal_host_ssl_validation",
|
||||||
|
models.BooleanField(
|
||||||
|
default=True,
|
||||||
|
help_text="Validate SSL Certificates of upstream servers",
|
||||||
|
verbose_name="Internal host SSL Validation",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"basic_auth_enabled",
|
||||||
|
models.BooleanField(
|
||||||
|
default=False,
|
||||||
|
help_text="Set a custom HTTP-Basic Authentication header based on values from authentik.",
|
||||||
|
verbose_name="Set HTTP-Basic Authentication",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"basic_auth_password_attribute",
|
||||||
|
models.TextField(
|
||||||
|
blank=True,
|
||||||
|
help_text="User/Group Attribute used for the password part of the HTTP-Basic Header.",
|
||||||
|
verbose_name="HTTP-Basic Password Key",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"basic_auth_user_attribute",
|
||||||
|
models.TextField(
|
||||||
|
blank=True,
|
||||||
|
help_text="User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used.",
|
||||||
|
verbose_name="HTTP-Basic Username Key",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"forward_auth_mode",
|
||||||
|
models.BooleanField(
|
||||||
|
default=False,
|
||||||
|
help_text="Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
("cookie_domain", models.TextField(blank=True, default="")),
|
||||||
|
(
|
||||||
|
"mode",
|
||||||
|
models.TextField(
|
||||||
|
choices=[
|
||||||
|
("proxy", "Proxy"),
|
||||||
|
("forward_single", "Forward Single"),
|
||||||
|
("forward_domain", "Forward Domain"),
|
||||||
|
],
|
||||||
|
default="proxy",
|
||||||
|
help_text="Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host.",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
"verbose_name": "Proxy Provider",
|
||||||
|
"verbose_name_plural": "Proxy Providers",
|
||||||
|
},
|
||||||
|
bases=("authentik_providers_oauth2.oauth2provider",),
|
||||||
|
),
|
||||||
|
migrations.RunPython(
|
||||||
|
code=migrate_mode,
|
||||||
|
),
|
||||||
|
migrations.RemoveField(
|
||||||
|
model_name="proxyprovider",
|
||||||
|
name="forward_auth_mode",
|
||||||
|
),
|
||||||
|
migrations.RunPython(
|
||||||
|
code=migrate_defaults,
|
||||||
|
),
|
||||||
|
]
|
Reference in New Issue