trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

web/admin: allow users to create app password tokens 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-08-23 16:20:49 +02:00
parent 9a6a3e66b8
commit f217d34a98
4 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
authentik/core/api/tokens.py
View File

@ -2,6 +2,7 @@
from django.http.response import Http404 from django.http.response import Http404
from drf_spectacular.utils import OpenApiResponse, extend_schema from drf_spectacular.utils import OpenApiResponse, extend_schema
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField from rest_framework.fields import CharField
from rest_framework.request import Request from rest_framework.request import Request
from rest_framework.response import Response from rest_framework.response import Response
@ -22,6 +23,12 @@ class TokenSerializer(ManagedSerializer, ModelSerializer):
user = UserSerializer(required=False) user = UserSerializer(required=False)
def validate_intent(self, value: str) -> str:
"""Ensure only API or App password tokens are created."""
if value not in [TokenIntents.INTENT_API, TokenIntents.INTENT_APP_PASSWORD]:
raise ValidationError(f"Invalid intent {value}")
return value
class Meta: class Meta:
model = Token model = Token
@ -69,7 +76,6 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
def perform_create(self, serializer: TokenSerializer): def perform_create(self, serializer: TokenSerializer):
serializer.save( serializer.save(
user=self.request.user, user=self.request.user,
intent=TokenIntents.INTENT_API,
expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True), expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True),
) )

2
web/src/pages/user-settings/UserSettingsPage.ts
View File

@ -148,7 +148,7 @@ export class UserSettingsPage extends LitElement {
</section> </section>
<section <section
slot="page-tokens" slot="page-tokens"
data-tab-title="${t`Tokens`}" data-tab-title="${t`Tokens and App passwords`}"
class="pf-c-page__main-section pf-m-no-padding-mobile" class="pf-c-page__main-section pf-m-no-padding-mobile"
> >
<ak-user-token-list></ak-user-token-list> <ak-user-token-list></ak-user-token-list>

8
web/src/pages/user-settings/tokens/UserTokenForm.ts
View File

@ -1,6 +1,6 @@
import { CoreApi, Token } from "@goauthentik/api"; import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
import { t } from "@lingui/macro"; import { t } from "@lingui/macro";
import { customElement } from "lit-element"; import { customElement, property } from "lit-element";
import { html, TemplateResult } from "lit-html"; import { html, TemplateResult } from "lit-html";
import { DEFAULT_CONFIG } from "../../../api/Config"; import { DEFAULT_CONFIG } from "../../../api/Config";
import { ifDefined } from "lit-html/directives/if-defined"; import { ifDefined } from "lit-html/directives/if-defined";
@ -9,6 +9,9 @@ import { ModelForm } from "../../../elements/forms/ModelForm";
@customElement("ak-user-token-form") @customElement("ak-user-token-form")
export class UserTokenForm extends ModelForm<Token, string> { export class UserTokenForm extends ModelForm<Token, string> {
@property()
intent: IntentEnum = IntentEnum.Api;
loadInstance(pk: string): Promise<Token> { loadInstance(pk: string): Promise<Token> {
return new CoreApi(DEFAULT_CONFIG).coreTokensRetrieve({ return new CoreApi(DEFAULT_CONFIG).coreTokensRetrieve({
identifier: pk, identifier: pk,
@ -30,6 +33,7 @@ export class UserTokenForm extends ModelForm<Token, string> {
tokenRequest: data, tokenRequest: data,
}); });
} else { } else {
data.intent = this.intent;
return new CoreApi(DEFAULT_CONFIG).coreTokensCreate({ return new CoreApi(DEFAULT_CONFIG).coreTokensCreate({
tokenRequest: data, tokenRequest: data,
}); });

17
web/src/pages/user-settings/tokens/UserTokenList.ts
View File

@ -10,7 +10,7 @@ import "../../../elements/buttons/Dropdown";
import "../../../elements/buttons/TokenCopyButton"; import "../../../elements/buttons/TokenCopyButton";
import { Table, TableColumn } from "../../../elements/table/Table"; import { Table, TableColumn } from "../../../elements/table/Table";
import { PAGE_SIZE } from "../../../constants"; import { PAGE_SIZE } from "../../../constants";
import { CoreApi, Token } from "@goauthentik/api"; import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
import { DEFAULT_CONFIG } from "../../../api/Config"; import { DEFAULT_CONFIG } from "../../../api/Config";
import "./UserTokenForm"; import "./UserTokenForm";
@ -48,8 +48,19 @@ export class UserTokenList extends Table<Token> {
<ak-forms-modal> <ak-forms-modal>
<span slot="submit"> ${t`Create`} </span> <span slot="submit"> ${t`Create`} </span>
<span slot="header"> ${t`Create Token`} </span> <span slot="header"> ${t`Create Token`} </span>
<ak-user-token-form slot="form"> </ak-user-token-form> <ak-user-token-form intent=${IntentEnum.Api} slot="form"> </ak-user-token-form>
<button slot="trigger" class="pf-c-button pf-m-primary">${t`Create`}</button> <button slot="trigger" class="pf-c-button pf-m-secondary">
${t`Create Token`}
</button>
</ak-forms-modal>
<ak-forms-modal>
<span slot="submit"> ${t`Create`} </span>
<span slot="header"> ${t`Create App password`} </span>
<ak-user-token-form intent=${IntentEnum.AppPassword} slot="form">
</ak-user-token-form>
<button slot="trigger" class="pf-c-button pf-m-secondary">
${t`Create App password`}
</button>
</ak-forms-modal> </ak-forms-modal>
${super.renderToolbar()} ${super.renderToolbar()}
`; `;