diff --git a/authentik/stages/authenticator_mobile/models.py b/authentik/stages/authenticator_mobile/models.py index af1cef60e..4bfc9d7bc 100644 --- a/authentik/stages/authenticator_mobile/models.py +++ b/authentik/stages/authenticator_mobile/models.py @@ -1,6 +1,7 @@ """Mobile authenticator stage""" from typing import Optional from uuid import uuid4 +from firebase_admin.messaging import Message, send from django.contrib.auth import get_user_model from django.db import models @@ -77,6 +78,22 @@ class MobileDevice(SerializerModel, Device): return MobileDeviceSerializer + def send_message(self): + # See documentation on defining a message payload. + message = Message( + data={ + 'score': '850', + 'time': '2:45', + }, + token=self.firebase_token, + ) + + # Send a message to the device corresponding to the provided + # registration token. + response = send(message) + # Response is a message ID string. + print('Successfully sent message:', response) + def __str__(self): return str(self.name) or str(self.user) diff --git a/authentik/stages/authenticator_mobile/stage.py b/authentik/stages/authenticator_mobile/stage.py index e85cd0c9c..e120f0ac6 100644 --- a/authentik/stages/authenticator_mobile/stage.py +++ b/authentik/stages/authenticator_mobile/stage.py @@ -51,7 +51,7 @@ class AuthenticatorMobileStageView(ChallengeStageView): confirmed=False, ) token = MobileDeviceToken.objects.create( - user=self.get_pending_user(), + user=device.user, device=device, ) self.executor.plan.context[FLOW_PLAN_MOBILE_ENROLL] = token diff --git a/pyproject.toml b/pyproject.toml index d26428045..dbe261a89 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -177,6 +177,7 @@ wsproto = "*" xmlsec = "*" zxcvbn = "*" jsonpatch = "*" +firebase-admin = "*" [tool.poetry.dev-dependencies] bandit = "*" diff --git a/schema.yml b/schema.yml index 79b072cad..3b1e55e03 100644 --- a/schema.yml +++ b/schema.yml @@ -2206,6 +2206,41 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' + /authenticators/mobile/{uuid}/enrollment_status/: + post: + operationId: authenticators_mobile_enrollment_status_create + description: Check device enrollment status + parameters: + - in: path + name: uuid + schema: + type: string + format: uuid + description: A UUID string identifying this Mobile Device. + required: true + tags: + - authenticators + security: + - mobile_device_token: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MobileDeviceEnrollmentStatus' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' /authenticators/mobile/{uuid}/receive_response/: post: operationId: authenticators_mobile_receive_response_create @@ -35235,6 +35270,21 @@ components: minLength: 1 required: - device_uid + MobileDeviceEnrollmentStatus: + type: object + properties: + status: + $ref: '#/components/schemas/MobileDeviceEnrollmentStatusStatusEnum' + required: + - status + MobileDeviceEnrollmentStatusStatusEnum: + enum: + - success + - waiting + type: string + description: |- + * `success` - Success + * `waiting` - Waiting MobileDeviceRequest: type: object description: Serializer for Mobile authenticator devices