web/admin: allow users to create app password tokens

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 16:20:49 +02:00 · 2021-08-23 16:20:49 +02:00 · f217d34a98
parent 9a6a3e66b8
commit f217d34a98
4 changed files with 28 additions and 7 deletions
--- a/authentik/core/api/tokens.py
+++ b/authentik/core/api/tokens.py
@ -2,6 +2,7 @@
 from django.http.response import Http404
 from drf_spectacular.utils import OpenApiResponse, extend_schema
 from rest_framework.decorators import action
+from rest_framework.exceptions import ValidationError
 from rest_framework.fields import CharField
 from rest_framework.request import Request
 from rest_framework.response import Response
@ -22,6 +23,12 @@ class TokenSerializer(ManagedSerializer, ModelSerializer):

    user = UserSerializer(required=False)

+    def validate_intent(self, value: str) -> str:
+        """Ensure only API or App password tokens are created."""
+        if value not in [TokenIntents.INTENT_API, TokenIntents.INTENT_APP_PASSWORD]:
+            raise ValidationError(f"Invalid intent {value}")
+        return value
+
    class Meta:

        model = Token
@ -69,7 +76,6 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
    def perform_create(self, serializer: TokenSerializer):
        serializer.save(
            user=self.request.user,
-            intent=TokenIntents.INTENT_API,
            expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True),
        )

--- a/web/src/pages/user-settings/UserSettingsPage.ts
+++ b/web/src/pages/user-settings/UserSettingsPage.ts
@ -148,7 +148,7 @@ export class UserSettingsPage extends LitElement {
                    </section>
                    <section
                        slot="page-tokens"
-                        data-tab-title="${t`Tokens`}"
+                        data-tab-title="${t`Tokens and App passwords`}"
                        class="pf-c-page__main-section pf-m-no-padding-mobile"
                    >
                        <ak-user-token-list></ak-user-token-list>
--- a/web/src/pages/user-settings/tokens/UserTokenForm.ts
+++ b/web/src/pages/user-settings/tokens/UserTokenForm.ts
@ -1,6 +1,6 @@
-import { CoreApi, Token } from "@goauthentik/api";
+import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
 import { t } from "@lingui/macro";
-import { customElement } from "lit-element";
+import { customElement, property } from "lit-element";
 import { html, TemplateResult } from "lit-html";
 import { DEFAULT_CONFIG } from "../../../api/Config";
 import { ifDefined } from "lit-html/directives/if-defined";
@ -9,6 +9,9 @@ import { ModelForm } from "../../../elements/forms/ModelForm";

@customElement("ak-user-token-form")
 export class UserTokenForm extends ModelForm<Token, string> {
+    @property()
+    intent: IntentEnum = IntentEnum.Api;
+
    loadInstance(pk: string): Promise<Token> {
        return new CoreApi(DEFAULT_CONFIG).coreTokensRetrieve({
            identifier: pk,
@ -30,6 +33,7 @@ export class UserTokenForm extends ModelForm<Token, string> {
                tokenRequest: data,
            });
        } else {
+            data.intent = this.intent;
            return new CoreApi(DEFAULT_CONFIG).coreTokensCreate({
                tokenRequest: data,
            });
--- a/web/src/pages/user-settings/tokens/UserTokenList.ts
+++ b/web/src/pages/user-settings/tokens/UserTokenList.ts
@ -10,7 +10,7 @@ import "../../../elements/buttons/Dropdown";
 import "../../../elements/buttons/TokenCopyButton";
 import { Table, TableColumn } from "../../../elements/table/Table";
 import { PAGE_SIZE } from "../../../constants";
-import { CoreApi, Token } from "@goauthentik/api";
+import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
 import { DEFAULT_CONFIG } from "../../../api/Config";
 import "./UserTokenForm";

@ -48,8 +48,19 @@ export class UserTokenList extends Table<Token> {
            <ak-forms-modal>
                <span slot="submit"> ${t`Create`} </span>
                <span slot="header"> ${t`Create Token`} </span>
-                <ak-user-token-form slot="form"> </ak-user-token-form>
-                <button slot="trigger" class="pf-c-button pf-m-primary">${t`Create`}</button>
+                <ak-user-token-form intent=${IntentEnum.Api} slot="form"> </ak-user-token-form>
+                <button slot="trigger" class="pf-c-button pf-m-secondary">
+                    ${t`Create Token`}
+                </button>
+            </ak-forms-modal>
+            <ak-forms-modal>
+                <span slot="submit"> ${t`Create`} </span>
+                <span slot="header"> ${t`Create App password`} </span>
+                <ak-user-token-form intent=${IntentEnum.AppPassword} slot="form">
+                </ak-user-token-form>
+                <button slot="trigger" class="pf-c-button pf-m-secondary">
+                    ${t`Create App password`}
+                </button>
            </ak-forms-modal>
            ${super.renderToolbar()}
        `;