diff --git a/authentik/events/api/event.py b/authentik/events/api/event.py index 10069999e..570559a42 100644 --- a/authentik/events/api/event.py +++ b/authentik/events/api/event.py @@ -6,11 +6,11 @@ from drf_spectacular.types import OpenApiTypes from drf_spectacular.utils import OpenApiParameter, extend_schema from guardian.shortcuts import get_objects_for_user from rest_framework.decorators import action -from rest_framework.fields import CharField, DictField, IntegerField +from rest_framework.fields import DictField, IntegerField from rest_framework.request import Request from rest_framework.response import Response from rest_framework.serializers import ModelSerializer -from rest_framework.viewsets import ReadOnlyModelViewSet +from rest_framework.viewsets import ModelViewSet from authentik.core.api.utils import PassiveSerializer, TypeCreateSerializer from authentik.events.models import Event, EventAction @@ -19,11 +19,6 @@ from authentik.events.models import Event, EventAction class EventSerializer(ModelSerializer): """Event Serializer""" - # Since we only use this serializer for read-only operations, - # no checking of the action is done here. - # This allows clients to check wildcards, prefixes and custom types - action = CharField() - class Meta: model = Event @@ -96,7 +91,7 @@ class EventsFilter(django_filters.FilterSet): fields = ["action", "client_ip", "username"] -class EventViewSet(ReadOnlyModelViewSet): +class EventViewSet(ModelViewSet): """Event Read-Only Viewset""" queryset = Event.objects.all() diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py index 9276becdf..b12292309 100644 --- a/authentik/outposts/models.py +++ b/authentik/outposts/models.py @@ -405,7 +405,10 @@ class Outpost(models.Model): def get_required_objects(self) -> Iterable[Union[models.Model, str]]: """Get an iterator of all objects the user needs read access to""" - objects: list[Union[models.Model, str]] = [self] + objects: list[Union[models.Model, str]] = [ + self, + "authentik_events.add_event", + ] for provider in ( Provider.objects.filter(outpost=self).select_related().select_subclasses() ): diff --git a/authentik/root/settings.py b/authentik/root/settings.py index f832299e8..d9977031c 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -153,6 +153,7 @@ SPECTACULAR_SETTINGS = { "url": "https://github.com/goauthentik/authentik/blob/master/LICENSE", }, "ENUM_NAME_OVERRIDES": { + "EventActions": "authentik.events.models.EventAction", "ChallengeChoices": "authentik.flows.challenge.ChallengeTypes", "FlowDesignationEnum": "authentik.flows.models.FlowDesignation", "PolicyEngineMode": "authentik.policies.models.PolicyEngineMode", diff --git a/schema.yml b/schema.yml index 8e85f84f7..f7e65eafb 100644 --- a/schema.yml +++ b/schema.yml @@ -3572,6 +3572,37 @@ paths: $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' + post: + operationId: events_events_create + description: Event Read-Only Viewset + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EventRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/EventRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/EventRequest' + required: true + security: + - authentik: [] + - cookieAuth: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' /api/v2beta/events/events/{event_uuid}/: get: operationId: events_events_retrieve @@ -3600,6 +3631,106 @@ paths: $ref: '#/components/schemas/ValidationError' '403': $ref: '#/components/schemas/GenericError' + put: + operationId: events_events_update + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EventRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/EventRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/EventRequest' + required: true + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + patch: + operationId: events_events_partial_update + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedEventRequest' + application/x-www-form-urlencoded: + schema: + $ref: '#/components/schemas/PatchedEventRequest' + multipart/form-data: + schema: + $ref: '#/components/schemas/PatchedEventRequest' + security: + - authentik: [] + - cookieAuth: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Event' + description: '' + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' + delete: + operationId: events_events_destroy + description: Event Read-Only Viewset + parameters: + - in: path + name: event_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Event. + required: true + tags: + - events + security: + - authentik: [] + - cookieAuth: [] + responses: + '204': + description: No response body + '400': + $ref: '#/components/schemas/ValidationError' + '403': + $ref: '#/components/schemas/GenericError' /api/v2beta/events/events/actions/: get: operationId: events_events_actions_list @@ -19242,7 +19373,7 @@ components: type: object additionalProperties: {} action: - type: string + $ref: '#/components/schemas/EventActions' app: type: string context: @@ -19266,6 +19397,34 @@ components: - app - created - pk + EventActions: + enum: + - login + - login_failed + - logout + - user_write + - suspicious_request + - password_set + - secret_view + - invitation_used + - authorize_application + - source_linked + - impersonation_started + - impersonation_ended + - policy_execution + - policy_exception + - property_mapping_exception + - system_task_execution + - system_task_exception + - system_exception + - configuration_error + - model_created + - model_updated + - model_deleted + - email_sent + - update_available + - custom_ + type: string EventMatcherPolicy: type: object description: Event Matcher Policy Serializer @@ -19296,7 +19455,7 @@ components: readOnly: true action: allOf: - - $ref: '#/components/schemas/EventMatcherPolicyActionEnum' + - $ref: '#/components/schemas/EventActions' description: Match created events with this action type. When left empty, all action types will be matched. client_ip: @@ -19314,34 +19473,6 @@ components: - pk - verbose_name - verbose_name_plural - EventMatcherPolicyActionEnum: - enum: - - login - - login_failed - - logout - - user_write - - suspicious_request - - password_set - - secret_view - - invitation_used - - authorize_application - - source_linked - - impersonation_started - - impersonation_ended - - policy_execution - - policy_exception - - property_mapping_exception - - system_task_execution - - system_task_exception - - system_exception - - configuration_error - - model_created - - model_updated - - model_deleted - - email_sent - - update_available - - custom_ - type: string EventMatcherPolicyRequest: type: object description: Event Matcher Policy Serializer @@ -19355,7 +19486,7 @@ components: will be logged. By default, only execution errors are logged. action: allOf: - - $ref: '#/components/schemas/EventMatcherPolicyActionEnum' + - $ref: '#/components/schemas/EventActions' description: Match created events with this action type. When left empty, all action types will be matched. client_ip: @@ -19375,7 +19506,7 @@ components: type: object additionalProperties: {} action: - type: string + $ref: '#/components/schemas/EventActions' app: type: string context: @@ -24429,7 +24560,7 @@ components: will be logged. By default, only execution errors are logged. action: allOf: - - $ref: '#/components/schemas/EventMatcherPolicyActionEnum' + - $ref: '#/components/schemas/EventActions' description: Match created events with this action type. When left empty, all action types will be matched. client_ip: @@ -24441,6 +24572,29 @@ components: - $ref: '#/components/schemas/AppEnum' description: Match events created by selected application. When left empty, all applications are matched. + PatchedEventRequest: + type: object + description: Event Serializer + properties: + user: + type: object + additionalProperties: {} + action: + $ref: '#/components/schemas/EventActions' + app: + type: string + context: + type: object + additionalProperties: {} + client_ip: + type: string + nullable: true + expires: + type: string + format: date-time + tenant: + type: object + additionalProperties: {} PatchedExpressionPolicyRequest: type: object description: Group Membership Policy Serializer