web/admin: allow users to create app password tokens
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
9a6a3e66b8
commit
f217d34a98
|
@ -2,6 +2,7 @@
|
|||
from django.http.response import Http404
|
||||
from drf_spectacular.utils import OpenApiResponse, extend_schema
|
||||
from rest_framework.decorators import action
|
||||
from rest_framework.exceptions import ValidationError
|
||||
from rest_framework.fields import CharField
|
||||
from rest_framework.request import Request
|
||||
from rest_framework.response import Response
|
||||
|
@ -22,6 +23,12 @@ class TokenSerializer(ManagedSerializer, ModelSerializer):
|
|||
|
||||
user = UserSerializer(required=False)
|
||||
|
||||
def validate_intent(self, value: str) -> str:
|
||||
"""Ensure only API or App password tokens are created."""
|
||||
if value not in [TokenIntents.INTENT_API, TokenIntents.INTENT_APP_PASSWORD]:
|
||||
raise ValidationError(f"Invalid intent {value}")
|
||||
return value
|
||||
|
||||
class Meta:
|
||||
|
||||
model = Token
|
||||
|
@ -69,7 +76,6 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
|
|||
def perform_create(self, serializer: TokenSerializer):
|
||||
serializer.save(
|
||||
user=self.request.user,
|
||||
intent=TokenIntents.INTENT_API,
|
||||
expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True),
|
||||
)
|
||||
|
||||
|
|
|
@ -148,7 +148,7 @@ export class UserSettingsPage extends LitElement {
|
|||
</section>
|
||||
<section
|
||||
slot="page-tokens"
|
||||
data-tab-title="${t`Tokens`}"
|
||||
data-tab-title="${t`Tokens and App passwords`}"
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile"
|
||||
>
|
||||
<ak-user-token-list></ak-user-token-list>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
import { CoreApi, Token } from "@goauthentik/api";
|
||||
import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
|
||||
import { t } from "@lingui/macro";
|
||||
import { customElement } from "lit-element";
|
||||
import { customElement, property } from "lit-element";
|
||||
import { html, TemplateResult } from "lit-html";
|
||||
import { DEFAULT_CONFIG } from "../../../api/Config";
|
||||
import { ifDefined } from "lit-html/directives/if-defined";
|
||||
|
@ -9,6 +9,9 @@ import { ModelForm } from "../../../elements/forms/ModelForm";
|
|||
|
||||
@customElement("ak-user-token-form")
|
||||
export class UserTokenForm extends ModelForm<Token, string> {
|
||||
@property()
|
||||
intent: IntentEnum = IntentEnum.Api;
|
||||
|
||||
loadInstance(pk: string): Promise<Token> {
|
||||
return new CoreApi(DEFAULT_CONFIG).coreTokensRetrieve({
|
||||
identifier: pk,
|
||||
|
@ -30,6 +33,7 @@ export class UserTokenForm extends ModelForm<Token, string> {
|
|||
tokenRequest: data,
|
||||
});
|
||||
} else {
|
||||
data.intent = this.intent;
|
||||
return new CoreApi(DEFAULT_CONFIG).coreTokensCreate({
|
||||
tokenRequest: data,
|
||||
});
|
||||
|
|
|
@ -10,7 +10,7 @@ import "../../../elements/buttons/Dropdown";
|
|||
import "../../../elements/buttons/TokenCopyButton";
|
||||
import { Table, TableColumn } from "../../../elements/table/Table";
|
||||
import { PAGE_SIZE } from "../../../constants";
|
||||
import { CoreApi, Token } from "@goauthentik/api";
|
||||
import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
|
||||
import { DEFAULT_CONFIG } from "../../../api/Config";
|
||||
import "./UserTokenForm";
|
||||
|
||||
|
@ -48,8 +48,19 @@ export class UserTokenList extends Table<Token> {
|
|||
<ak-forms-modal>
|
||||
<span slot="submit"> ${t`Create`} </span>
|
||||
<span slot="header"> ${t`Create Token`} </span>
|
||||
<ak-user-token-form slot="form"> </ak-user-token-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">${t`Create`}</button>
|
||||
<ak-user-token-form intent=${IntentEnum.Api} slot="form"> </ak-user-token-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-secondary">
|
||||
${t`Create Token`}
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${t`Create`} </span>
|
||||
<span slot="header"> ${t`Create App password`} </span>
|
||||
<ak-user-token-form intent=${IntentEnum.AppPassword} slot="form">
|
||||
</ak-user-token-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-secondary">
|
||||
${t`Create App password`}
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
${super.renderToolbar()}
|
||||
`;
|
||||
|
|
Reference in New Issue