stages/identification: only allow limited challenges for login sources
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
f958aa6930
commit
90151a13ae
|
@ -16,10 +16,16 @@ from structlog.stdlib import get_logger
|
||||||
|
|
||||||
from authentik.core.api.utils import PassiveSerializer
|
from authentik.core.api.utils import PassiveSerializer
|
||||||
from authentik.core.models import Application, Source, User
|
from authentik.core.models import Application, Source, User
|
||||||
from authentik.flows.challenge import Challenge, ChallengeResponse, ChallengeTypes
|
from authentik.flows.challenge import (
|
||||||
|
Challenge,
|
||||||
|
ChallengeResponse,
|
||||||
|
ChallengeTypes,
|
||||||
|
RedirectChallenge,
|
||||||
|
)
|
||||||
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
|
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
|
||||||
from authentik.flows.stage import PLAN_CONTEXT_PENDING_USER_IDENTIFIER, ChallengeStageView
|
from authentik.flows.stage import PLAN_CONTEXT_PENDING_USER_IDENTIFIER, ChallengeStageView
|
||||||
from authentik.flows.views.executor import SESSION_KEY_APPLICATION_PRE, challenge_types
|
from authentik.flows.views.executor import SESSION_KEY_APPLICATION_PRE
|
||||||
|
from authentik.sources.plex.models import PlexAuthenticationChallenge
|
||||||
from authentik.stages.identification.models import IdentificationStage
|
from authentik.stages.identification.models import IdentificationStage
|
||||||
from authentik.stages.identification.signals import identification_failed
|
from authentik.stages.identification.signals import identification_failed
|
||||||
from authentik.stages.password.stage import authenticate
|
from authentik.stages.password.stage import authenticate
|
||||||
|
@ -29,8 +35,11 @@ LOGGER = get_logger()
|
||||||
|
|
||||||
@extend_schema_field(
|
@extend_schema_field(
|
||||||
PolymorphicProxySerializer(
|
PolymorphicProxySerializer(
|
||||||
component_name="ChallengeTypes",
|
component_name="LoginChallengeTypes",
|
||||||
serializers=challenge_types(),
|
serializers={
|
||||||
|
RedirectChallenge().fields["component"].default: RedirectChallenge,
|
||||||
|
PlexAuthenticationChallenge().fields["component"].default: PlexAuthenticationChallenge,
|
||||||
|
},
|
||||||
resource_type_field_name="component",
|
resource_type_field_name="component",
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
11
schema.yml
11
schema.yml
|
@ -22444,6 +22444,15 @@ components:
|
||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- link
|
- link
|
||||||
|
LoginChallengeTypes:
|
||||||
|
oneOf:
|
||||||
|
- $ref: '#/components/schemas/RedirectChallenge'
|
||||||
|
- $ref: '#/components/schemas/PlexAuthenticationChallenge'
|
||||||
|
discriminator:
|
||||||
|
propertyName: component
|
||||||
|
mapping:
|
||||||
|
xak-flow-redirect: '#/components/schemas/RedirectChallenge'
|
||||||
|
ak-flow-sources-plex: '#/components/schemas/PlexAuthenticationChallenge'
|
||||||
LoginMetrics:
|
LoginMetrics:
|
||||||
type: object
|
type: object
|
||||||
description: Login Metrics per 1h
|
description: Login Metrics per 1h
|
||||||
|
@ -22471,7 +22480,7 @@ components:
|
||||||
type: string
|
type: string
|
||||||
nullable: true
|
nullable: true
|
||||||
challenge:
|
challenge:
|
||||||
$ref: '#/components/schemas/ChallengeTypes'
|
$ref: '#/components/schemas/LoginChallengeTypes'
|
||||||
required:
|
required:
|
||||||
- challenge
|
- challenge
|
||||||
- name
|
- name
|
||||||
|
|
Reference in New Issue