stages/identification: only allow limited challenges for login sources

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-11-06 14:53:38 +01:00
parent f958aa6930
commit 90151a13ae
2 changed files with 23 additions and 5 deletions

View File

@ -16,10 +16,16 @@ from structlog.stdlib import get_logger
from authentik.core.api.utils import PassiveSerializer from authentik.core.api.utils import PassiveSerializer
from authentik.core.models import Application, Source, User from authentik.core.models import Application, Source, User
from authentik.flows.challenge import Challenge, ChallengeResponse, ChallengeTypes from authentik.flows.challenge import (
Challenge,
ChallengeResponse,
ChallengeTypes,
RedirectChallenge,
)
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
from authentik.flows.stage import PLAN_CONTEXT_PENDING_USER_IDENTIFIER, ChallengeStageView from authentik.flows.stage import PLAN_CONTEXT_PENDING_USER_IDENTIFIER, ChallengeStageView
from authentik.flows.views.executor import SESSION_KEY_APPLICATION_PRE, challenge_types from authentik.flows.views.executor import SESSION_KEY_APPLICATION_PRE
from authentik.sources.plex.models import PlexAuthenticationChallenge
from authentik.stages.identification.models import IdentificationStage from authentik.stages.identification.models import IdentificationStage
from authentik.stages.identification.signals import identification_failed from authentik.stages.identification.signals import identification_failed
from authentik.stages.password.stage import authenticate from authentik.stages.password.stage import authenticate
@ -29,8 +35,11 @@ LOGGER = get_logger()
@extend_schema_field( @extend_schema_field(
PolymorphicProxySerializer( PolymorphicProxySerializer(
component_name="ChallengeTypes", component_name="LoginChallengeTypes",
serializers=challenge_types(), serializers={
RedirectChallenge().fields["component"].default: RedirectChallenge,
PlexAuthenticationChallenge().fields["component"].default: PlexAuthenticationChallenge,
},
resource_type_field_name="component", resource_type_field_name="component",
) )
) )

View File

@ -22444,6 +22444,15 @@ components:
type: string type: string
required: required:
- link - link
LoginChallengeTypes:
oneOf:
- $ref: '#/components/schemas/RedirectChallenge'
- $ref: '#/components/schemas/PlexAuthenticationChallenge'
discriminator:
propertyName: component
mapping:
xak-flow-redirect: '#/components/schemas/RedirectChallenge'
ak-flow-sources-plex: '#/components/schemas/PlexAuthenticationChallenge'
LoginMetrics: LoginMetrics:
type: object type: object
description: Login Metrics per 1h description: Login Metrics per 1h
@ -22471,7 +22480,7 @@ components:
type: string type: string
nullable: true nullable: true
challenge: challenge:
$ref: '#/components/schemas/ChallengeTypes' $ref: '#/components/schemas/LoginChallengeTypes'
required: required:
- challenge - challenge
- name - name