From 68a1bcf2334fea1bf2b5f0d43497d24a77a733cf Mon Sep 17 00:00:00 2001 From: Jens L Date: Wed, 17 May 2023 16:19:18 +0200 Subject: [PATCH] providers/SCIM: improve backchannel signalling (#5657) * providers/scim: add warning when provider is not used as backchannel provider Signed-off-by: Jens Langhammer * providers/scim: don't sync SCIM provider that isn't used as backchannel at all Signed-off-by: Jens Langhammer * fix tests Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- authentik/providers/scim/api/providers.py | 4 ++-- authentik/providers/scim/tasks.py | 4 +++- authentik/providers/scim/tests/test_membership.py | 1 + schema.yml | 8 ++++---- web/src/admin/providers/scim/SCIMProviderViewPage.ts | 7 ++++++- 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/authentik/providers/scim/api/providers.py b/authentik/providers/scim/api/providers.py index 2daad9297..546e62e65 100644 --- a/authentik/providers/scim/api/providers.py +++ b/authentik/providers/scim/api/providers.py @@ -24,8 +24,8 @@ class SCIMProviderSerializer(ProviderSerializer): "property_mappings", "property_mappings_group", "component", - "assigned_application_slug", - "assigned_application_name", + "assigned_backchannel_application_slug", + "assigned_backchannel_application_name", "verbose_name", "verbose_name_plural", "meta_model_name", diff --git a/authentik/providers/scim/tasks.py b/authentik/providers/scim/tasks.py index fe6d664b5..f7639c89f 100644 --- a/authentik/providers/scim/tasks.py +++ b/authentik/providers/scim/tasks.py @@ -42,7 +42,9 @@ def scim_sync_all(): @CELERY_APP.task(bind=True, base=MonitoredTask) def scim_sync(self: MonitoredTask, provider_pk: int) -> None: """Run SCIM full sync for provider""" - provider: SCIMProvider = SCIMProvider.objects.filter(pk=provider_pk).first() + provider: SCIMProvider = SCIMProvider.objects.filter( + pk=provider_pk, backchannel_application__isnull=False + ).first() if not provider: return self.set_uid(slugify(provider.name)) diff --git a/authentik/providers/scim/tests/test_membership.py b/authentik/providers/scim/tests/test_membership.py index 18b3faa67..48207de72 100644 --- a/authentik/providers/scim/tests/test_membership.py +++ b/authentik/providers/scim/tests/test_membership.py @@ -36,6 +36,7 @@ class SCIMMembershipTests(TestCase): slug=generate_id(), ) self.app.backchannel_providers.add(self.provider) + self.provider.save() self.provider.property_mappings.set( [SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user")] ) diff --git a/schema.yml b/schema.yml index 114c75b36..3a308de9d 100644 --- a/schema.yml +++ b/schema.yml @@ -39824,11 +39824,11 @@ components: type: string description: Get object component so that we know how to edit the object readOnly: true - assigned_application_slug: + assigned_backchannel_application_slug: type: string description: Internal application name, used in URLs. readOnly: true - assigned_application_name: + assigned_backchannel_application_name: type: string description: Application's display Name. readOnly: true @@ -39857,8 +39857,8 @@ components: format: uuid nullable: true required: - - assigned_application_name - - assigned_application_slug + - assigned_backchannel_application_name + - assigned_backchannel_application_slug - component - meta_model_name - name diff --git a/web/src/admin/providers/scim/SCIMProviderViewPage.ts b/web/src/admin/providers/scim/SCIMProviderViewPage.ts index cd2814f13..f84b16c7f 100644 --- a/web/src/admin/providers/scim/SCIMProviderViewPage.ts +++ b/web/src/admin/providers/scim/SCIMProviderViewPage.ts @@ -121,9 +121,14 @@ export class SCIMProviderViewPage extends AKElement { if (!this.provider) { return html``; } - return html`
+ return html`
${t`SCIM provider is in preview.`}
+ ${!this.provider?.assignedBackchannelApplicationName + ? html`
+ ${t`Warning: Provider is not assigned to an application as backchannel provider.`} +
` + : html``}