trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

outposts/ldap: use authorization_flow instead of separate field 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-04-26 14:46:29 +02:00
parent b35d9ae8b0
commit b3c8ffb96c
8 changed files with 16 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
authentik/providers/ldap/api.py
View File

@ -14,7 +14,6 @@ class LDAPProviderSerializer(ProviderSerializer):
model = LDAPProvider model = LDAPProvider
fields = ProviderSerializer.Meta.fields + [ fields = ProviderSerializer.Meta.fields + [
"bind_flow",
"base_dn", "base_dn",
] ]
@ -31,7 +30,7 @@ class LDAPOutpostConfigSerializer(ModelSerializer):
"""LDAPProvider Serializer""" """LDAPProvider Serializer"""
application_slug = CharField(source="application.slug") application_slug = CharField(source="application.slug")
bind_flow_slug = CharField(source="bind_flow.slug") bind_flow_slug = CharField(source="authorization_flow.slug")
class Meta: class Meta:

15
authentik/providers/ldap/migrations/0001_initial.py
View File

@ -1,4 +1,4 @@
# Generated by Django 3.2 on 2021-04-26 09:51 # Generated by Django 3.2 on 2021-04-26 12:45
import django.db.models.deletion import django.db.models.deletion
from django.db import migrations, models from django.db import migrations, models
@ -10,7 +10,6 @@ class Migration(migrations.Migration):
dependencies = [ dependencies = [
("authentik_core", "0019_source_managed"), ("authentik_core", "0019_source_managed"),
("authentik_flows", "0018_oob_flows"),
] ]
operations = [ operations = [
@ -35,21 +34,11 @@ class Migration(migrations.Migration):
help_text="DN under which objects are accessible.", help_text="DN under which objects are accessible.",
), ),
), ),
(
"bind_flow",
models.ForeignKey(
default=None,
help_text="Flow which is used to bind users. When left empty, no users will be able to bind.",
null=True,
on_delete=django.db.models.deletion.SET_DEFAULT,
to="authentik_flows.flow",
),
),
], ],
options={ options={
"verbose_name": "LDAP Provider", "verbose_name": "LDAP Provider",
"verbose_name_plural": "LDAP Providers", "verbose_name_plural": "LDAP Providers",
}, },
bases=("authentik_core.provider",), bases=("authentik_core.provider", models.Model),
), ),
] ]

10
authentik/providers/ldap/models.py
View File

@ -18,16 +18,6 @@ class LDAPProvider(OutpostModel, Provider):
help_text=_("DN under which objects are accessible."), help_text=_("DN under which objects are accessible."),
) )
bind_flow = models.ForeignKey(
Flow,
null=True,
default=None,
on_delete=models.SET_DEFAULT,
help_text=_(
"Flow which is used to bind users. When left empty, no users will be able to bind."
),
)
@property @property
def launch_url(self) -> Optional[str]: def launch_url(self) -> Optional[str]:
"""LDAP never has a launch URL""" """LDAP never has a launch URL"""

2
outpost/pkg/ldap/api.go
View File

@ -37,7 +37,7 @@ func (ls *LDAPServer) Refresh() error {
} }
func (ls *LDAPServer) Start() error { func (ls *LDAPServer) Start() error {
listen := "127.0.0.1:3390" listen := "0.0.0.0:3389"
log.Debugf("Listening on %s", listen) log.Debugf("Listening on %s", listen)
err := ls.s.ListenAndServe(listen) err := ls.s.ListenAndServe(listen)
if err != nil { if err != nil {

1
outpost/proxy.Dockerfile
View File

@ -6,7 +6,6 @@ COPY . .
RUN go build -o /work/proxy ./cmd/proxy RUN go build -o /work/proxy ./cmd/proxy
# Copy binary to alpine
FROM gcr.io/distroless/base-debian10:debug FROM gcr.io/distroless/base-debian10:debug
COPY --from=builder /work/proxy / COPY --from=builder /work/proxy /

7
swagger.yaml
View File

@ -17101,13 +17101,6 @@ definitions:
title: Verbose name plural title: Verbose name plural
type: string type: string
readOnly: true readOnly: true
bind_flow:
title: Bind flow
description: Flow which is used to bind users. When left empty, no users will
be able to bind.
type: string
format: uuid
x-nullable: true
base_dn: base_dn:
title: Base dn title: Base dn
description: DN under which objects are accessible. description: DN under which objects are accessible.

10
web/src/pages/outposts/OutpostForm.ts
View File

@ -89,6 +89,16 @@ export class OutpostForm extends Form<Outpost> {
return html`<option value=${ifDefined(provider.pk)} ?selected=${selected}>${provider.verboseName} ${provider.name}</option>`; return html`<option value=${ifDefined(provider.pk)} ?selected=${selected}>${provider.verboseName} ${provider.name}</option>`;
}); });
}), html`<option>${t`Loading...`}</option>`)} }), html`<option>${t`Loading...`}</option>`)}
${until(new ProvidersApi(DEFAULT_CONFIG).providersLdapList({
ordering: "pk"
}).then(providers => {
return providers.results.map(provider => {
const selected = Array.from(this.outpost?.providers || []).some(sp => {
return sp == provider.pk;
});
return html`<option value=${ifDefined(provider.pk)} ?selected=${selected}>${provider.verboseName} ${provider.name}</option>`;
});
}), html`<option>${t`Loading...`}</option>`)}
</select> </select>
<p class="pf-c-form__helper-text">${t`Hold control/command to select multiple items.`}</p> <p class="pf-c-form__helper-text">${t`Hold control/command to select multiple items.`}</p>
</ak-form-element-horizontal> </ak-form-element-horizontal>

4
web/src/pages/providers/ldap/LDAPProviderForm.ts
View File

@ -56,14 +56,14 @@ export class LDAPProviderFormPage extends Form<LDAPProvider> {
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Bind flow`} label=${t`Bind flow`}
?required=${true} ?required=${true}
name="bindFlow"> name="authorizationFlow">
<select class="pf-c-form-control"> <select class="pf-c-form-control">
${until(new FlowsApi(DEFAULT_CONFIG).flowsInstancesList({ ${until(new FlowsApi(DEFAULT_CONFIG).flowsInstancesList({
ordering: "pk", ordering: "pk",
designation: FlowDesignationEnum.Authentication, designation: FlowDesignationEnum.Authentication,
}).then(flows => { }).then(flows => {
return flows.results.map(flow => { return flows.results.map(flow => {
return html`<option value=${ifDefined(flow.pk)} ?selected=${this.provider?.bindFlow === flow.pk}>${flow.name} (${flow.slug})</option>`; return html`<option value=${ifDefined(flow.pk)} ?selected=${this.provider?.authorizationFlow === flow.pk}>${flow.name} (${flow.slug})</option>`;
}); });
}), html`<option>${t`Loading...`}</option>`)} }), html`<option>${t`Loading...`}</option>`)}
</select> </select>