core: fix token update/delete not working

core: fix User's token creation not working
release: 0.13.5-stable
2024-05-31 · 2020-12-26 01:28:45 +01:00 · 2020-12-26 01:28:45 +01:00 · 2020-12-26 00:52:26 +01:00 · 2020-12-26 00:43:29 +01:00 · 2020-12-26 00:26:24 +01:00
28 changed files with 126 additions and 50 deletions
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.13.3-stable
+current_version = 0.13.5-stable
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -18,11 +18,11 @@ jobs:
      - name: Building Docker Image
        run: docker build
          --no-cache
-          -t beryju/authentik:0.13.3-stable
+          -t beryju/authentik:0.13.5-stable
          -t beryju/authentik:latest
          -f Dockerfile .
      - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik:0.13.3-stable
+        run: docker push beryju/authentik:0.13.5-stable
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/authentik:latest
  build-proxy:
@ -48,11 +48,11 @@ jobs:
          cd proxy/
          docker build \
          --no-cache \
-          -t beryju/authentik-proxy:0.13.3-stable \
+          -t beryju/authentik-proxy:0.13.5-stable \
          -t beryju/authentik-proxy:latest \
          -f Dockerfile .
      - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik-proxy:0.13.3-stable
+        run: docker push beryju/authentik-proxy:0.13.5-stable
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/authentik-proxy:latest
  build-static:
@ -69,11 +69,11 @@ jobs:
          cd web/
          docker build \
          --no-cache \
-          -t beryju/authentik-static:0.13.3-stable \
+          -t beryju/authentik-static:0.13.5-stable \
          -t beryju/authentik-static:latest \
          -f Dockerfile .
      - name: Push Docker Container to Registry (versioned)
-        run: docker push beryju/authentik-static:0.13.3-stable
+        run: docker push beryju/authentik-static:0.13.5-stable
      - name: Push Docker Container to Registry (latest)
        run: docker push beryju/authentik-static:latest
  test-release:
@ -107,5 +107,5 @@ jobs:
          SENTRY_PROJECT: authentik
          SENTRY_URL: https://sentry.beryju.org
        with:
-          tagName: 0.13.3-stable
+          tagName: 0.13.5-stable
          environment: beryjuorg-prod
--- a/authentik/init.py
+++ b/authentik/init.py
@ -1,2 +1,2 @@
 """authentik"""
-__version__ = "0.13.3-stable"
+__version__ = "0.13.5-stable"
--- a/authentik/admin/templates/administration/policy/list.html
+++ b/authentik/admin/templates/administration/policy/list.html
@ -81,7 +81,7 @@
                            <div slot="modal"></div>
                        </ak-modal-button>
                        <ak-modal-button href="{% url 'authentik_admin:policy-test' pk=policy.pk %}">
-                            <ak-spinner-button slot="trigger" class="pf-m-tertiary">
+                            <ak-spinner-button slot="trigger" class="pf-m-secondary">
                                {% trans 'Test' %}
                            </ak-spinner-button>
                            <div slot="modal"></div>
--- a/authentik/admin/templates/administration/stage_invitation/list.html
+++ b/authentik/admin/templates/administration/stage_invitation/list.html
@ -37,8 +37,9 @@
        <table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
            <thead>
                <tr role="row">
+                    <th role="columnheader" scope="col">{% trans 'ID' %}</th>
+                    <th role="columnheader" scope="col">{% trans 'Created by' %}</th>
                    <th role="columnheader" scope="col">{% trans 'Expiry' %}</th>
-                    <th role="columnheader" scope="col">{% trans 'Link' %}</th>
                    <th role="cell"></th>
                </tr>
            </thead>
@ -47,12 +48,17 @@
                <tr role="row">
                    <td role="cell">
                        <span>
-                            {{ invitation.expiry }}
+                            {{ invitation.invite_uuid }}
                        </span>
                    </td>
                    <td role="cell">
                        <span>
-                            {{ invitation.Link }}
+                            {{ invitation.created_by }}
+                        </span>
+                    </td>
+                    <td role="cell">
+                        <span>
+                            {{ invitation.expiry|default:"-" }}
                        </span>
                    </td>
                    <td>
--- a/authentik/core/api/applications.py
+++ b/authentik/core/api/applications.py
@ -13,6 +13,7 @@ from rest_framework_guardian.filters import ObjectPermissionsFilter

 from authentik.admin.api.metrics import get_events_per_1h
 from authentik.audit.models import EventAction
+from authentik.core.api.providers import ProviderSerializer
 from authentik.core.models import Application
 from authentik.policies.engine import PolicyEngine

@ -21,6 +22,7 @@ class ApplicationSerializer(ModelSerializer):
    """Application Serializer"""

    launch_url = SerializerMethodField()
+    provider = ProviderSerializer(source="get_provider", required=False)

    def get_launch_url(self, instance: Application) -> str:
        """Get generated launch URL"""
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -1,5 +1,6 @@
 """User API Views"""
 from drf_yasg2.utils import swagger_auto_schema
+from guardian.utils import get_anonymous_user
 from rest_framework.decorators import action
 from rest_framework.request import Request
 from rest_framework.response import Response
@ -33,9 +34,12 @@ class UserSerializer(ModelSerializer):
 class UserViewSet(ModelViewSet):
    """User Viewset"""

-    queryset = User.objects.all()
+    queryset = User.objects.all().exclude(pk=get_anonymous_user().pk)
    serializer_class = UserSerializer

+    def get_queryset(self):
+        return User.objects.all().exclude(pk=get_anonymous_user().pk)
+
    @swagger_auto_schema(responses={200: UserSerializer(many=False)})
    @action(detail=False)
    # pylint: disable=invalid-name
--- a/authentik/core/templates/partials/form_horizontal.html
+++ b/authentik/core/templates/partials/form_horizontal.html
@ -31,7 +31,7 @@
            <p class="pf-c-form__helper-text">{{ field.help_text }}</p>
            {% endif %}
        </div>
-    {% elif field.field.widget|fieldtype == 'Select' %}
+    {% elif field.field.widget|fieldtype == 'Select' or field.field.widget|fieldtype == "SelectMultiple" %}
        <div class="pf-c-form__group-label">
            <label class="pf-c-form__label" for="{{ field.name }}-{{ forloop.counter0 }}">
                <span class="pf-c-form__label-text">{{ field.label }}</span>
@ -46,6 +46,9 @@
                {% if field.help_text %}
                <p class="pf-c-form__helper-text">{{ field.help_text|safe }}</p>
                {% endif %}
+                {% if field.field.widget|fieldtype == 'SelectMultiple' %}
+                <p class="pf-c-form__helper-text">{% trans 'Hold control/command to select multiple items.' %}</p>
+                {% endif %}
            </div>
        </div>
    {% elif field.field.widget|fieldtype == 'CheckboxInput' %}
--- a/authentik/core/views/user.py
+++ b/authentik/core/views/user.py
@ -94,11 +94,6 @@ class TokenCreateView(
    success_url = reverse_lazy("authentik_core:user-tokens")
    success_message = _("Successfully created Token")

-    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["container_template"] = "user/base.html"
-        return kwargs
-
    def form_valid(self, form: UserTokenForm) -> HttpResponse:
        form.instance.user = self.request.user
        form.instance.intent = TokenIntents.INTENT_API
@ -112,21 +107,16 @@ class TokenUpdateView(

    model = Token
    form_class = UserTokenForm
-    permission_required = "authentik_core.update_token"
+    permission_required = "authentik_core.change_token"
    template_name = "generic/update.html"
    success_url = reverse_lazy("authentik_core:user-tokens")
    success_message = _("Successfully updated Token")

-    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["container_template"] = "user/base.html"
-        return kwargs
-
    def get_object(self) -> Token:
        identifier = self.kwargs.get("identifier")
        return get_objects_for_user(
-            self.request.user, "authentik_core.update_token", self.model
-        ).filter(intent=TokenIntents.INTENT_API, identifier=identifier)
+            self.request.user, self.permission_required, self.model
+        ).filter(intent=TokenIntents.INTENT_API, identifier=identifier).first()


 class TokenDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessageView):
@ -138,7 +128,8 @@ class TokenDeleteView(LoginRequiredMixin, PermissionRequiredMixin, DeleteMessage
    success_url = reverse_lazy("authentik_core:user-tokens")
    success_message = _("Successfully deleted Token")

-    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
-        kwargs = super().get_context_data(**kwargs)
-        kwargs["container_template"] = "user/base.html"
-        return kwargs
+    def get_object(self) -> Token:
+        identifier = self.kwargs.get("identifier")
+        return get_objects_for_user(
+            self.request.user, self.permission_required, self.model
+        ).filter(intent=TokenIntents.INTENT_API, identifier=identifier).first()
--- a/authentik/outposts/forms.py
+++ b/authentik/outposts/forms.py
@ -1,7 +1,11 @@
 """Outpost forms"""

 from django import forms
+from django.core.exceptions import ValidationError
 from django.utils.translation import gettext_lazy as _
+from kubernetes.client.configuration import Configuration
+from kubernetes.config.config_exception import ConfigException
+from kubernetes.config.kube_config import load_kube_config_from_dict

 from authentik.admin.fields import CodeMirrorWidget, YAMLField
 from authentik.crypto.models import CertificateKeyPair
@ -71,6 +75,23 @@ class DockerServiceConnectionForm(forms.ModelForm):
 class KubernetesServiceConnectionForm(forms.ModelForm):
    """Kubernetes service-connection form"""

+    def clean_kubeconfig(self):
+        """Validate kubeconfig by attempting to load it"""
+        kubeconfig = self.cleaned_data["kubeconfig"]
+        if kubeconfig == {}:
+            if not self.cleaned_data["local"]:
+                raise ValidationError(
+                    _("You can only use an empty kubeconfig when local is enabled.")
+                )
+            # Empty kubeconfig is valid
+            return kubeconfig
+        config = Configuration()
+        try:
+            load_kube_config_from_dict(kubeconfig, client_configuration=config)
+        except ConfigException:
+            raise ValidationError(_("Invalid kubeconfig"))
+        return kubeconfig
+
    class Meta:

        model = KubernetesServiceConnection
--- a/authentik/outposts/migrations/0015_auto_20201224_1206.py
+++ b/authentik/outposts/migrations/0015_auto_20201224_1206.py
@ -0,0 +1,21 @@
+# Generated by Django 3.1.4 on 2020-12-24 12:06
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_outposts", "0014_auto_20201213_1407"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="kubernetesserviceconnection",
+            name="kubeconfig",
+            field=models.JSONField(
+                blank=True,
+                help_text="Paste your kubeconfig here. authentik will automatically use the currently selected context.",
+            ),
+        ),
+    ]
--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@ -234,7 +234,8 @@ class KubernetesServiceConnection(OutpostServiceConnection):
                "Paste your kubeconfig here. authentik will automatically use "
                "the currently selected context."
            )
-        )
+        ),
+        blank=True,
    )

    @property
--- a/authentik/policies/expression/evaluator.py
+++ b/authentik/policies/expression/evaluator.py
@ -21,6 +21,7 @@ class PolicyEvaluator(BaseEvaluator):
    def __init__(self, policy_name: str):
        super().__init__()
        self._messages = []
+        self._context["ak_logger"] = get_logger(policy_name)
        self._context["ak_message"] = self.expr_func_message
        self._context["ip_address"] = ip_address
        self._context["ip_network"] = ip_network
--- a/authentik/stages/invitation/forms.py
+++ b/authentik/stages/invitation/forms.py
@ -1,6 +1,5 @@
 """authentik flows invitation forms"""
 from django import forms
-from django.utils.translation import gettext as _

 from authentik.admin.fields import CodeMirrorWidget, YAMLField
 from authentik.stages.invitation.models import Invitation, InvitationStage
@ -25,8 +24,5 @@ class InvitationForm(forms.ModelForm):

        model = Invitation
        fields = ["expires", "fixed_data"]
-        labels = {
-            "fixed_data": _("Optional fixed data to enforce on user enrollment."),
-        }
        widgets = {"fixed_data": CodeMirrorWidget()}
        field_classes = {"fixed_data": YAMLField}
--- a/authentik/stages/invitation/migrations/0002_auto_20201225_2143.py
+++ b/authentik/stages/invitation/migrations/0002_auto_20201225_2143.py
@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2020-12-25 21:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_stages_invitation", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="invitation",
+            name="fixed_data",
+            field=models.JSONField(blank=True, default=dict),
+        ),
+    ]
--- a/authentik/stages/invitation/models.py
+++ b/authentik/stages/invitation/models.py
@ -61,7 +61,11 @@ class Invitation(models.Model):

    created_by = models.ForeignKey(User, on_delete=models.CASCADE)
    expires = models.DateTimeField(default=None, blank=True, null=True)
-    fixed_data = models.JSONField(default=dict)
+    fixed_data = models.JSONField(
+        default=dict,
+        blank=True,
+        help_text=_("Optional fixed data to enforce on user enrollment."),
+    )

    def __str__(self):
        return f"Invitation {self.invite_uuid.hex} created by {self.created_by}"
--- a/authentik/stages/password/forms.py
+++ b/authentik/stages/password/forms.py
@ -53,5 +53,5 @@ class PasswordStageForm(forms.ModelForm):
        fields = ["name", "backends", "configure_flow", "failed_attempts_before_cancel"]
        widgets = {
            "name": forms.TextInput(),
-            "backends": forms.SelectMultiple(get_authentication_backends()),
+            "backends": forms.SelectMultiple(choices=get_authentication_backends()),
        }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -19,7 +19,7 @@ services:
    networks:
      - internal
  server:
-    image: beryju/authentik:${AUTHENTIK_TAG:-0.13.3-stable}
+    image: beryju/authentik:${AUTHENTIK_TAG:-0.13.5-stable}
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: redis
@ -44,7 +44,7 @@ services:
    env_file:
      - .env
  worker:
-    image: beryju/authentik:${AUTHENTIK_TAG:-0.13.3-stable}
+    image: beryju/authentik:${AUTHENTIK_TAG:-0.13.5-stable}
    command: worker
    networks:
      - internal
@ -60,7 +60,7 @@ services:
    env_file:
      - .env
  static:
-    image: beryju/authentik-static:${AUTHENTIK_TAG:-0.13.3-stable}
+    image: beryju/authentik-static:${AUTHENTIK_TAG:-0.13.5-stable}
    networks:
      - internal
    labels:
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@ -4,7 +4,7 @@ name: authentik
 home: https://goauthentik.io
 sources:
  - https://github.com/BeryJu/authentik
-version: "0.13.3-stable"
+version: "0.13.5-stable"
 icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg
 dependencies:
  - name: postgresql
--- a/helm/README.md
+++ b/helm/README.md
@ -4,7 +4,7 @@
 |-----------------------------------|-------------------------|-------------|
 | image.name                        | beryju/authentik         | Image used to run the authentik server and worker |
 | image.name_static                 | beryju/authentik-static  | Image used to run the authentik static server (CSS and JS Files) |
-| image.tag                         | 0.13.3-stable              | Image tag |
+| image.tag                         | 0.13.5-stable              | Image tag |
 | image.pullPolicy                  | IfNotPresent            | Image Pull Policy used for all deployments |
 | serverReplicas                    | 1                       | Replicas for the Server deployment |
 | workerReplicas                    | 1                       | Replicas for the Worker deployment |
--- a/helm/values.yaml
+++ b/helm/values.yaml
@ -5,7 +5,7 @@ image:
  name: beryju/authentik
  name_static: beryju/authentik-static
  name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
-  tag: 0.13.3-stable
+  tag: 0.13.5-stable
  pullPolicy: IfNotPresent

 serverReplicas: 1
--- a/proxy/pkg/version.go
+++ b/proxy/pkg/version.go
@ -1,3 +1,3 @@
 package pkg

-const VERSION = "0.13.3-stable"
+const VERSION = "0.13.5-stable"
--- a/swagger.yaml
+++ b/swagger.yaml
@ -7345,7 +7345,6 @@ definitions:
    description: KubernetesServiceConnection Serializer
    required:
      - name
-      - kubeconfig
    type: object
    properties:
      pk:
@ -8596,6 +8595,7 @@ definitions:
        x-nullable: true
      fixed_data:
        title: Fixed data
+        description: Optional fixed data to enforce on user enrollment.
        type: object
  OTPStaticStage:
    description: OTPStaticStage Serializer
--- a/web/src/authentik.css
+++ b/web/src/authentik.css
@ -81,6 +81,10 @@ select[multiple] {
    font-size: var(--pf-global--FontSize--sm);
 }

+.pf-c-page__main {
+    z-index: auto !important;
+}
+
@media (prefers-color-scheme: dark) {
    :root {
        --ak-dark-foreground: #fafafa;
--- a/web/src/constants.ts
+++ b/web/src/constants.ts
@ -28,4 +28,4 @@ export const ColorStyles = css`
        background-color: var(--pf-global--danger-color--100);
    }
 `;
-export const VERSION = "0.13.3-stable";
+export const VERSION = "0.13.5-stable";
--- a/web/src/interfaces/Interface.ts
+++ b/web/src/interfaces/Interface.ts
@ -18,6 +18,10 @@ export abstract class Interface extends LitElement {

    constructor() {
        super();
+        this.sidebarOpen = window.outerWidth >= 1280;
+        window.addEventListener("resize", () => {
+            this.sidebarOpen = window.outerWidth >= 1280;
+        });
        window.addEventListener("ak-sidebar-toggle", () => {
            this.sidebarOpen = !this.sidebarOpen;
        });
--- a/website/docs/installation/docker-compose.md
+++ b/website/docs/installation/docker-compose.md
@ -15,7 +15,7 @@ Download the latest `docker-compose.yml` from [here](https://raw.githubuserconte

 To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env`

-To optionally deploy a different version run `echo AUTHENTIK_TAG=0.13.3-stable >> .env`
+To optionally deploy a different version run `echo AUTHENTIK_TAG=0.13.5-stable >> .env`

 If this is a fresh authentik install run the following commands to generate a password:

--- a/website/docs/installation/kubernetes.md
+++ b/website/docs/installation/kubernetes.md
@ -22,7 +22,7 @@ image:
    name: beryju/authentik
    name_static: beryju/authentik-static
    name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
-    tag: 0.13.3-stable
+    tag: 0.13.5-stable

 serverReplicas: 1
 workerReplicas: 1
Author	SHA1	Message	Date
Jens Langhammer	897e0f90fe	core: fix token update/delete not working	2020-12-26 01:28:45 +01:00
Jens Langhammer	ecbcd86f05	core: fix User's token creation not working	2020-12-26 01:28:45 +01:00
Jens Langhammer	65d9f690cd	release: 0.13.5-stable	2020-12-26 00:52:26 +01:00
Jens Langhammer	f96c2db5df	core: show multi-select notice for SelectMultiple Widgets	2020-12-26 00:43:29 +01:00
Jens Langhammer	5647f53140	core: fix anonymous user being included in User API # Conflicts: # authentik/admin/views/applications.py	2020-12-26 00:26:24 +01:00
Jens Langhammer	4e20cd0fee	core: fix error during migrations	2020-12-25 23:51:51 +01:00
Jens Langhammer	49636f8fa0	stages/invitation: fix optional field being required	2020-12-25 23:42:21 +01:00
Jens Langhammer	cd8157ea08	stages/password: fix PasswordStageForm not showing backends	2020-12-25 23:42:21 +01:00
Jens Langhammer	2a94ad7782	release: 0.13.4-stable	2020-12-24 15:36:39 +01:00
Jens Langhammer	07eb5ffb4b	core: fix missing import for application api	2020-12-24 15:35:57 +01:00
Jens Langhammer	8cc68928b8	outposts: validate kubeconfig before saving	2020-12-24 13:25:08 +01:00
Jens Langhammer	221db12f85	outposts: allow blank kubeconfig	2020-12-24 13:25:04 +01:00
Jens Langhammer	34166d3c20	core: make application's provider not required # Conflicts: # authentik/core/api/applications.py	2020-12-24 13:24:52 +01:00
Jens Langhammer	94972d64e6	web: fix sidebar being overlayed over modal backdrop	2020-12-22 20:38:30 +01:00
Jens Langhammer	253eaa382c	admin: fix policy test button in dark theme	2020-12-20 22:32:53 +01:00
Jens Langhammer	fc4f9733d1	policies/expression: fix missing ak_logger	2020-12-20 22:32:45 +01:00
Jens Langhammer	8d784afcd1	web: expand sidebar by default on desktop, auto collapse	2020-12-20 22:32:37 +01:00