From 9d8a1548020b9185e511013db4dd1cb09d955f3c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 4 Sep 2023 14:00:23 +0200 Subject: [PATCH] change mobile device pk to uuid Signed-off-by: Jens Langhammer --- authentik/api/v3/urls.py | 2 +- .../stages/authenticator_mobile/api/device.py | 17 ++- .../migrations/0001_initial.py | 12 +- .../stages/authenticator_mobile/models.py | 3 + .../stages/authenticator_mobile/stage.py | 5 +- blueprints/schema.json | 5 + schema.yml | 111 ++++++++++-------- 7 files changed, 90 insertions(+), 65 deletions(-) diff --git a/authentik/api/v3/urls.py b/authentik/api/v3/urls.py index 4d00cf630..22a5b3b8d 100644 --- a/authentik/api/v3/urls.py +++ b/authentik/api/v3/urls.py @@ -1,6 +1,7 @@ """api v3 urls""" from importlib import import_module +from django.conf import settings from django.urls import path from django.urls.resolvers import URLPattern from django.views.decorators.cache import cache_page @@ -11,7 +12,6 @@ from structlog.stdlib import get_logger from authentik.api.v3.config import ConfigView from authentik.api.views import APIBrowserView from authentik.lib.utils.reflection import get_apps -from django.conf import settings LOGGER = get_logger() diff --git a/authentik/stages/authenticator_mobile/api/device.py b/authentik/stages/authenticator_mobile/api/device.py index eece494c2..74cb528c9 100644 --- a/authentik/stages/authenticator_mobile/api/device.py +++ b/authentik/stages/authenticator_mobile/api/device.py @@ -1,16 +1,16 @@ """AuthenticatorMobileStage API Views""" from django_filters.rest_framework.backends import DjangoFilterBackend -from rest_framework import mixins -from rest_framework.filters import OrderingFilter, SearchFilter -from rest_framework.permissions import IsAdminUser -from rest_framework.serializers import ModelSerializer -from rest_framework.viewsets import GenericViewSet, ModelViewSet from drf_spectacular.utils import extend_schema, inline_serializer +from rest_framework import mixins from rest_framework.decorators import action from rest_framework.fields import CharField, UUIDField - +from rest_framework.filters import OrderingFilter, SearchFilter +from rest_framework.permissions import IsAdminUser from rest_framework.request import Request from rest_framework.response import Response +from rest_framework.serializers import ModelSerializer +from rest_framework.viewsets import GenericViewSet, ModelViewSet + from authentik.api.authorization import OwnerFilter, OwnerPermissions from authentik.core.api.used_by import UsedByMixin from authentik.stages.authenticator_mobile.api.auth import MobileDeviceTokenAuthentication @@ -80,10 +80,7 @@ class MobileDeviceViewSet( responses={ 200: inline_serializer( "MobileDeviceEnrollmentCallbackSerializer", - { - "device_token": CharField(required=True), - "device_uuid": UUIDField(required=True) - }, + {"device_token": CharField(required=True), "device_uuid": UUIDField(required=True)}, ), }, request=inline_serializer( diff --git a/authentik/stages/authenticator_mobile/migrations/0001_initial.py b/authentik/stages/authenticator_mobile/migrations/0001_initial.py index ae41f6357..f550f738d 100644 --- a/authentik/stages/authenticator_mobile/migrations/0001_initial.py +++ b/authentik/stages/authenticator_mobile/migrations/0001_initial.py @@ -1,4 +1,6 @@ -# Generated by Django 4.1.10 on 2023-07-24 21:33 +# Generated by Django 4.2.4 on 2023-09-04 11:59 + +import uuid import django.db.models.deletion from django.conf import settings @@ -52,12 +54,6 @@ class Migration(migrations.Migration): migrations.CreateModel( name="MobileDevice", fields=[ - ( - "id", - models.AutoField( - auto_created=True, primary_key=True, serialize=False, verbose_name="ID" - ), - ), ( "name", models.CharField( @@ -68,6 +64,7 @@ class Migration(migrations.Migration): "confirmed", models.BooleanField(default=True, help_text="Is this device ready for use?"), ), + ("uuid", models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)), ("device_id", models.TextField(unique=True)), ( "stage", @@ -108,6 +105,7 @@ class Migration(migrations.Migration): default=authentik.stages.authenticator_mobile.models.default_token_key ), ), + ("firebase_token", models.TextField(blank=True)), ( "device", models.ForeignKey( diff --git a/authentik/stages/authenticator_mobile/models.py b/authentik/stages/authenticator_mobile/models.py index 99e28d450..67542bae1 100644 --- a/authentik/stages/authenticator_mobile/models.py +++ b/authentik/stages/authenticator_mobile/models.py @@ -1,5 +1,6 @@ """Mobile authenticator stage""" from typing import Optional +from uuid import uuid4 from django.contrib.auth import get_user_model from django.db import models @@ -60,6 +61,8 @@ class AuthenticatorMobileStage(ConfigurableStage, FriendlyNamedStage, Stage): class MobileDevice(SerializerModel, Device): """Mobile authenticator for a single user""" + uuid = models.UUIDField(primary_key=True, default=uuid4) + user = models.ForeignKey(get_user_model(), on_delete=models.CASCADE) # Connect to the stage to when validating access we know the API Credentials diff --git a/authentik/stages/authenticator_mobile/stage.py b/authentik/stages/authenticator_mobile/stage.py index 5ef187e37..4d19d1fc1 100644 --- a/authentik/stages/authenticator_mobile/stage.py +++ b/authentik/stages/authenticator_mobile/stage.py @@ -10,7 +10,10 @@ from authentik.flows.challenge import ( WithUserInfoChallenge, ) from authentik.flows.stage import ChallengeStageView -from authentik.stages.authenticator_mobile.models import AuthenticatorMobileStage, MobileDevice, MobileDeviceToken +from authentik.stages.authenticator_mobile.models import ( + MobileDevice, + MobileDeviceToken, +) FLOW_PLAN_MOBILE_ENROLL = "authentik/stages/authenticator_mobile/enroll" diff --git a/blueprints/schema.json b/blueprints/schema.json index 5ea7c9f59..0141b6003 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -6027,6 +6027,11 @@ "model_authentik_stages_authenticator_mobile.mobiledevice": { "type": "object", "properties": { + "pk": { + "type": "string", + "format": "uuid", + "title": "Uuid" + }, "name": { "type": "string", "maxLength": 64, diff --git a/schema.yml b/schema.yml index a5bcff26d..ddad3286f 100644 --- a/schema.yml +++ b/schema.yml @@ -648,16 +648,17 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' - /authenticators/admin/mobile/{id}/: + /authenticators/admin/mobile/{uuid}/: get: operationId: authenticators_admin_mobile_retrieve description: Viewset for Mobile authenticator devices (for admins) parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -687,10 +688,11 @@ paths: description: Viewset for Mobile authenticator devices (for admins) parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -726,10 +728,11 @@ paths: description: Viewset for Mobile authenticator devices (for admins) parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -764,10 +767,11 @@ paths: description: Viewset for Mobile authenticator devices (for admins) parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -2017,16 +2021,17 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' - /authenticators/mobile/{id}/: + /authenticators/mobile/{uuid}/: get: operationId: authenticators_mobile_retrieve description: Viewset for Mobile authenticator devices parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -2056,10 +2061,11 @@ paths: description: Viewset for Mobile authenticator devices parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -2095,10 +2101,11 @@ paths: description: Viewset for Mobile authenticator devices parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -2133,10 +2140,11 @@ paths: description: Viewset for Mobile authenticator devices parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -2157,16 +2165,17 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' - /authenticators/mobile/{id}/enrollment_callback/: + /authenticators/mobile/{uuid}/enrollment_callback/: post: operationId: authenticators_mobile_enrollment_callback_create description: Enrollment callback parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -2197,16 +2206,17 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' - /authenticators/mobile/{id}/receive_response/: + /authenticators/mobile/{uuid}/receive_response/: post: operationId: authenticators_mobile_receive_response_create description: Get response from notification on phone parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -2237,17 +2247,18 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' - /authenticators/mobile/{id}/set_notification_key/: + /authenticators/mobile/{uuid}/set_notification_key/: post: operationId: authenticators_mobile_set_notification_key_create description: Called by the phone whenever the firebase key changes and we need to update it parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -2274,16 +2285,17 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' - /authenticators/mobile/{id}/used_by/: + /authenticators/mobile/{uuid}/used_by/: get: operationId: authenticators_mobile_used_by_list description: Get a list of all objects that use this object parameters: - in: path - name: id + name: uuid schema: - type: integer - description: A unique integer value identifying this Mobile Device. + type: string + format: uuid + description: A UUID string identifying this Mobile Device. required: true tags: - authenticators @@ -34206,16 +34218,15 @@ components: description: Serializer for Mobile authenticator devices properties: pk: - type: integer - readOnly: true - title: ID + type: string + format: uuid + title: Uuid name: type: string description: The human-readable name of this device. maxLength: 64 required: - name - - pk MobileDeviceEnrollmentCallback: type: object properties: @@ -34239,6 +34250,10 @@ components: type: object description: Serializer for Mobile authenticator devices properties: + pk: + type: string + format: uuid + title: Uuid name: type: string minLength: 1 @@ -37998,6 +38013,10 @@ components: type: object description: Serializer for Mobile authenticator devices properties: + pk: + type: string + format: uuid + title: Uuid name: type: string minLength: 1