stages/authenticator_validate: migrate to web
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
0b057ccb34
commit
d7698343ae
|
@ -1,43 +0,0 @@
|
||||||
"""OTP Validate stage forms"""
|
|
||||||
from django import forms
|
|
||||||
|
|
||||||
from authentik.flows.models import NotConfiguredAction
|
|
||||||
from authentik.stages.authenticator_validate.models import (
|
|
||||||
AuthenticatorValidateStage,
|
|
||||||
DeviceClasses,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class AuthenticatorValidateStageForm(forms.ModelForm):
|
|
||||||
"""OTP Validate stage forms"""
|
|
||||||
|
|
||||||
def clean_not_configured_action(self):
|
|
||||||
"""Ensure that a configuration stage is set when not_configured_action is configure"""
|
|
||||||
not_configured_action = self.cleaned_data.get("not_configured_action")
|
|
||||||
configuration_stage = self.cleaned_data.get("configuration_stage")
|
|
||||||
if (
|
|
||||||
not_configured_action == NotConfiguredAction.CONFIGURE
|
|
||||||
and configuration_stage is None
|
|
||||||
):
|
|
||||||
raise forms.ValidationError(
|
|
||||||
(
|
|
||||||
'When "Not configured action" is set to "Configure", '
|
|
||||||
"you must set a configuration stage."
|
|
||||||
)
|
|
||||||
)
|
|
||||||
return not_configured_action
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
|
|
||||||
model = AuthenticatorValidateStage
|
|
||||||
fields = [
|
|
||||||
"name",
|
|
||||||
"not_configured_action",
|
|
||||||
"device_classes",
|
|
||||||
"configuration_stage",
|
|
||||||
]
|
|
||||||
|
|
||||||
widgets = {
|
|
||||||
"name": forms.TextInput(),
|
|
||||||
"device_classes": forms.SelectMultiple(choices=DeviceClasses.choices),
|
|
||||||
}
|
|
|
@ -3,7 +3,6 @@ from typing import Type
|
||||||
|
|
||||||
from django.contrib.postgres.fields.array import ArrayField
|
from django.contrib.postgres.fields.array import ArrayField
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.forms import ModelForm
|
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from rest_framework.serializers import BaseSerializer
|
from rest_framework.serializers import BaseSerializer
|
||||||
|
@ -74,12 +73,8 @@ class AuthenticatorValidateStage(Stage):
|
||||||
return AuthenticatorValidateStageView
|
return AuthenticatorValidateStageView
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def form(self) -> Type[ModelForm]:
|
def component(self) -> str:
|
||||||
from authentik.stages.authenticator_validate.forms import (
|
return "ak-stage-authenticator-validate-form"
|
||||||
AuthenticatorValidateStageForm,
|
|
||||||
)
|
|
||||||
|
|
||||||
return AuthenticatorValidateStageForm
|
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
|
|
|
@ -61,7 +61,7 @@ export class AuthenticatorTOTPStageForm extends Form<AuthenticatorTOTPStage> {
|
||||||
label=${gettext("Digits")}
|
label=${gettext("Digits")}
|
||||||
?required=${true}
|
?required=${true}
|
||||||
name="digits">
|
name="digits">
|
||||||
<select name="users" class="pf-c-form-control" multiple>
|
<select name="users" class="pf-c-form-control">
|
||||||
<option value="6" ?selected=${this.stage?.digits === 6}>
|
<option value="6" ?selected=${this.stage?.digits === 6}>
|
||||||
${gettext("6 digits, widely compatible")}
|
${gettext("6 digits, widely compatible")}
|
||||||
</option>
|
</option>
|
||||||
|
|
|
@ -0,0 +1,136 @@
|
||||||
|
import { AuthenticatorValidateStage, AuthenticatorValidateStageNotConfiguredActionEnum, StagesApi } from "authentik-api";
|
||||||
|
import { gettext } from "django";
|
||||||
|
import { customElement, property } from "lit-element";
|
||||||
|
import { html, TemplateResult } from "lit-html";
|
||||||
|
import { DEFAULT_CONFIG } from "../../../api/Config";
|
||||||
|
import { Form } from "../../../elements/forms/Form";
|
||||||
|
import { ifDefined } from "lit-html/directives/if-defined";
|
||||||
|
import "../../../elements/forms/HorizontalFormElement";
|
||||||
|
import "../../../elements/forms/FormGroup";
|
||||||
|
import { DeviceClasses } from "authentik-api/dist/src/flows/stages/authenticator_validate/AuthenticatorValidateStage";
|
||||||
|
import { until } from "lit-html/directives/until";
|
||||||
|
|
||||||
|
@customElement("ak-stage-authenticator-validate-form")
|
||||||
|
export class AuthenticatorValidateStageForm extends Form<AuthenticatorValidateStage> {
|
||||||
|
|
||||||
|
set stageUUID(value: string) {
|
||||||
|
new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorValidateRead({
|
||||||
|
stageUuid: value,
|
||||||
|
}).then(stage => {
|
||||||
|
this.stage = stage;
|
||||||
|
this.showConfigureFlow = stage.notConfiguredAction === AuthenticatorValidateStageNotConfiguredActionEnum.Configure;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
@property({attribute: false})
|
||||||
|
stage?: AuthenticatorValidateStage;
|
||||||
|
|
||||||
|
@property({ type: Boolean })
|
||||||
|
showConfigureFlow = false;
|
||||||
|
|
||||||
|
getSuccessMessage(): string {
|
||||||
|
if (this.stage) {
|
||||||
|
return gettext("Successfully updated stage.");
|
||||||
|
} else {
|
||||||
|
return gettext("Successfully created stage.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
send = (data: AuthenticatorValidateStage): Promise<AuthenticatorValidateStage> => {
|
||||||
|
if (this.stage) {
|
||||||
|
return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorValidateUpdate({
|
||||||
|
stageUuid: this.stage.pk || "",
|
||||||
|
data: data
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
return new StagesApi(DEFAULT_CONFIG).stagesAuthenticatorValidateCreate({
|
||||||
|
data: data
|
||||||
|
});
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
isDeviceClassSelected(field: DeviceClasses): boolean {
|
||||||
|
return (this.stage?.deviceClasses || []).filter(isField => {
|
||||||
|
return field === isField;
|
||||||
|
}).length > 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
renderForm(): TemplateResult {
|
||||||
|
return html`<form class="pf-c-form pf-m-horizontal">
|
||||||
|
<ak-form-element-horizontal
|
||||||
|
label=${gettext("Name")}
|
||||||
|
?required=${true}
|
||||||
|
name="name">
|
||||||
|
<input type="text" value="${ifDefined(this.stage?.name || "")}" class="pf-c-form-control" required>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
|
<ak-form-group .expanded=${true}>
|
||||||
|
<span slot="header">
|
||||||
|
${gettext("Stage-specific settings")}
|
||||||
|
</span>
|
||||||
|
<div slot="body" class="pf-c-form">
|
||||||
|
<ak-form-element-horizontal
|
||||||
|
label=${gettext("Not configured action")}
|
||||||
|
?required=${true}
|
||||||
|
name="mode">
|
||||||
|
<select class="pf-c-form-control" @change=${(ev: Event) => {
|
||||||
|
const target = ev.target as HTMLSelectElement;
|
||||||
|
if (target.selectedOptions[0].value === AuthenticatorValidateStageNotConfiguredActionEnum.Configure) {
|
||||||
|
this.showConfigureFlow = true;
|
||||||
|
} else {
|
||||||
|
this.showConfigureFlow = false;
|
||||||
|
}
|
||||||
|
}}>
|
||||||
|
<option value=${AuthenticatorValidateStageNotConfiguredActionEnum.Configure} ?selected=${this.stage?.notConfiguredAction === AuthenticatorValidateStageNotConfiguredActionEnum.Configure}>
|
||||||
|
${gettext("Force the user to configure an authenticator")}
|
||||||
|
</option>
|
||||||
|
<option value=${AuthenticatorValidateStageNotConfiguredActionEnum.Deny} ?selected=${this.stage?.notConfiguredAction === AuthenticatorValidateStageNotConfiguredActionEnum.Deny}>
|
||||||
|
${gettext("Deny the user access")}
|
||||||
|
</option>
|
||||||
|
<option value=${AuthenticatorValidateStageNotConfiguredActionEnum.Skip} ?selected=${this.stage?.notConfiguredAction === AuthenticatorValidateStageNotConfiguredActionEnum.Skip}>
|
||||||
|
${gettext("Continue")}
|
||||||
|
</option>
|
||||||
|
</select>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
|
<ak-form-element-horizontal
|
||||||
|
label=${gettext("User fields")}
|
||||||
|
?required=${true}
|
||||||
|
name="transports">
|
||||||
|
<select name="users" class="pf-c-form-control" multiple>
|
||||||
|
<option value=${DeviceClasses.STATIC} ?selected=${this.isDeviceClassSelected(DeviceClasses.STATIC)}>
|
||||||
|
${gettext("Static Tokens")}
|
||||||
|
</option>
|
||||||
|
<option value=${DeviceClasses.TOTP} ?selected=${this.isDeviceClassSelected(DeviceClasses.TOTP)}>
|
||||||
|
${gettext("TOTP Authenticators")}
|
||||||
|
</option>
|
||||||
|
<option value=${DeviceClasses.WEBAUTHN} ?selected=${this.isDeviceClassSelected(DeviceClasses.WEBAUTHN)}>
|
||||||
|
${gettext("WebAuthn Authenticators")}
|
||||||
|
</option>
|
||||||
|
</select>
|
||||||
|
<p class="pf-c-form__helper-text">${gettext("Device classes which can be used to authenticate.")}</p>
|
||||||
|
<p class="pf-c-form__helper-text">${gettext("Hold control/command to select multiple items.")}</p>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
|
${this.showConfigureFlow ? html`
|
||||||
|
<ak-form-element-horizontal
|
||||||
|
label=${gettext("Configuration flow")}
|
||||||
|
?required=${true}
|
||||||
|
name="configureFlow">
|
||||||
|
<select class="pf-c-form-control">
|
||||||
|
<option value="" ?selected=${this.stage?.configurationStage === undefined}>---------</option>
|
||||||
|
${until(new StagesApi(DEFAULT_CONFIG).stagesAllList({
|
||||||
|
ordering: "pk",
|
||||||
|
}).then(stages => {
|
||||||
|
return stages.results.map(stage => {
|
||||||
|
let selected = this.stage?.configurationStage === stage.pk;
|
||||||
|
return html`<option value=${ifDefined(stage.pk)} ?selected=${selected}>${stage.name} (${stage.objectType})</option>`;
|
||||||
|
});
|
||||||
|
}))}
|
||||||
|
</select>
|
||||||
|
<p class="pf-c-form__helper-text">${gettext("Stage used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again.")}</p>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
|
`: html``}
|
||||||
|
</div>
|
||||||
|
</ak-form-group>
|
||||||
|
</form>`;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -64,9 +64,9 @@ export class PasswordStageForm extends Form<PasswordStage> {
|
||||||
</span>
|
</span>
|
||||||
<div slot="body" class="pf-c-form">
|
<div slot="body" class="pf-c-form">
|
||||||
<ak-form-element-horizontal
|
<ak-form-element-horizontal
|
||||||
label=${gettext("User fields")}
|
label=${gettext("Backends")}
|
||||||
?required=${true}
|
?required=${true}
|
||||||
name="transports">
|
name="backends">
|
||||||
<select name="users" class="pf-c-form-control" multiple>
|
<select name="users" class="pf-c-form-control" multiple>
|
||||||
<option value=${PasswordStageBackendsEnum.DjangoContribAuthBackendsModelBackend} ?selected=${this.isBackendSelected(PasswordStageBackendsEnum.DjangoContribAuthBackendsModelBackend)}>
|
<option value=${PasswordStageBackendsEnum.DjangoContribAuthBackendsModelBackend} ?selected=${this.isBackendSelected(PasswordStageBackendsEnum.DjangoContribAuthBackendsModelBackend)}>
|
||||||
${gettext("authentik Builtin Database")}
|
${gettext("authentik Builtin Database")}
|
||||||
|
|
Reference in a new issue