stages/password: auto-enable app password backend
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
c4832206fa
commit
4cf76fdcda
26
authentik/core/migrations/0028_alter_token_intent.py
Normal file
26
authentik/core/migrations/0028_alter_token_intent.py
Normal file
|
@ -0,0 +1,26 @@
|
|||
# Generated by Django 3.2.6 on 2021-08-23 14:35
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("authentik_core", "0027_bootstrap_token"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="token",
|
||||
name="intent",
|
||||
field=models.TextField(
|
||||
choices=[
|
||||
("verification", "Intent Verification"),
|
||||
("api", "Intent Api"),
|
||||
("recovery", "Intent Recovery"),
|
||||
("app_password", "Intent App Password"),
|
||||
],
|
||||
default="verification",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -6,7 +6,7 @@ from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
|||
|
||||
from authentik.flows.models import FlowDesignation
|
||||
from authentik.stages.identification.models import UserFields
|
||||
from authentik.stages.password import BACKEND_DJANGO, BACKEND_LDAP
|
||||
from authentik.stages.password import BACKEND_APP_PASSWORD, BACKEND_DJANGO, BACKEND_LDAP
|
||||
|
||||
|
||||
def create_default_authentication_flow(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||
|
@ -26,7 +26,7 @@ def create_default_authentication_flow(apps: Apps, schema_editor: BaseDatabaseSc
|
|||
|
||||
password_stage, _ = PasswordStage.objects.using(db_alias).update_or_create(
|
||||
name="default-authentication-password",
|
||||
defaults={"backends": [BACKEND_DJANGO, BACKEND_LDAP]},
|
||||
defaults={"backends": [BACKEND_DJANGO, BACKEND_LDAP, BACKEND_APP_PASSWORD]},
|
||||
)
|
||||
|
||||
login_stage, _ = UserLoginStage.objects.using(db_alias).update_or_create(
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
"""Backend paths"""
|
||||
BACKEND_DJANGO = "django.contrib.auth.backends.ModelBackend"
|
||||
BACKEND_LDAP = "authentik.sources.ldap.auth.LDAPBackend"
|
||||
BACKEND_TOKEN = "authentik.core.token_auth.TokenBackend" # nosec
|
||||
BACKEND_APP_PASSWORD = "authentik.core.token_auth.TokenBackend" # nosec
|
||||
|
|
52
authentik/stages/password/migrations/0007_app_password.py
Normal file
52
authentik/stages/password/migrations/0007_app_password.py
Normal file
|
@ -0,0 +1,52 @@
|
|||
# Generated by Django 3.2.6 on 2021-08-23 14:34
|
||||
import django.contrib.postgres.fields
|
||||
from django.apps.registry import Apps
|
||||
from django.db import migrations, models
|
||||
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
||||
|
||||
from authentik.stages.password import BACKEND_APP_PASSWORD
|
||||
|
||||
|
||||
def update_default_backends(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||
PasswordStage = apps.get_model("authentik_stages_password", "passwordstage")
|
||||
db_alias = schema_editor.connection.alias
|
||||
|
||||
stages = PasswordStage.objects.using(db_alias).filter(name="default-authentication-password")
|
||||
if not stages.exists():
|
||||
return
|
||||
stage = stages.first()
|
||||
stage.backends.append(BACKEND_APP_PASSWORD)
|
||||
stage.save()
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("authentik_flows", "0008_default_flows"),
|
||||
("authentik_stages_password", "0006_passwordchange_rename"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="passwordstage",
|
||||
name="backends",
|
||||
field=django.contrib.postgres.fields.ArrayField(
|
||||
base_field=models.TextField(
|
||||
choices=[
|
||||
(
|
||||
"django.contrib.auth.backends.ModelBackend",
|
||||
"User database + standard password",
|
||||
),
|
||||
("authentik.core.token_auth.TokenBackend", "User database + app passwords"),
|
||||
(
|
||||
"authentik.sources.ldap.auth.LDAPBackend",
|
||||
"User database + LDAP password",
|
||||
),
|
||||
]
|
||||
),
|
||||
help_text="Selection of backends to test the password against.",
|
||||
size=None,
|
||||
),
|
||||
),
|
||||
migrations.RunPython(update_default_backends),
|
||||
]
|
|
@ -9,7 +9,7 @@ from rest_framework.serializers import BaseSerializer
|
|||
|
||||
from authentik.core.types import UserSettingSerializer
|
||||
from authentik.flows.models import ConfigurableStage, Stage
|
||||
from authentik.stages.password import BACKEND_DJANGO, BACKEND_LDAP, BACKEND_TOKEN
|
||||
from authentik.stages.password import BACKEND_APP_PASSWORD, BACKEND_DJANGO, BACKEND_LDAP
|
||||
|
||||
|
||||
def get_authentication_backends():
|
||||
|
@ -20,7 +20,7 @@ def get_authentication_backends():
|
|||
_("User database + standard password"),
|
||||
),
|
||||
(
|
||||
BACKEND_TOKEN,
|
||||
BACKEND_APP_PASSWORD,
|
||||
_("User database + app passwords"),
|
||||
),
|
||||
(
|
||||
|
|
Reference in a new issue