wip: rename to authentik (#361)

* root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 22:08:42 +01:00
parent 810a7ab50b
commit 1cfe1aff13
989 changed files with 6425 additions and 4412 deletions
--- a/authentik/api/init.py
+++ b/authentik/api/init.py
--- a/authentik/api/apps.py
+++ b/authentik/api/apps.py
@ -0,0 +1,12 @@
+"""authentik API AppConfig"""
+
+from django.apps import AppConfig
+
+
+class AuthentikAPIConfig(AppConfig):
+    """authentik API Config"""
+
+    name = "authentik.api"
+    label = "authentik_api"
+    mountpoint = "api/"
+    verbose_name = "authentik API"
--- a/authentik/api/auth.py
+++ b/authentik/api/auth.py
@ -0,0 +1,57 @@
+"""API Authentication"""
+from base64 import b64decode
+from typing import Any, Optional, Tuple, Union
+
+from rest_framework.authentication import BaseAuthentication, get_authorization_header
+from rest_framework.request import Request
+from structlog import get_logger
+
+from authentik.core.models import Token, TokenIntents, User
+
+LOGGER = get_logger()
+
+
+def token_from_header(raw_header: bytes) -> Optional[Token]:
+    """raw_header in the Format of `Basic dGVzdDp0ZXN0`"""
+    auth_credentials = raw_header.decode()
+    # Accept headers with Type format and without
+    if " " in auth_credentials:
+        auth_type, auth_credentials = auth_credentials.split()
+        if auth_type.lower() != "basic":
+            LOGGER.debug(
+                "Unsupported authentication type, denying", type=auth_type.lower()
+            )
+            return None
+    try:
+        auth_credentials = b64decode(auth_credentials.encode()).decode()
+    except UnicodeDecodeError:
+        return None
+    # Accept credentials with username and without
+    if ":" in auth_credentials:
+        _, password = auth_credentials.split(":")
+    else:
+        password = auth_credentials
+    if password == "":
+        return None
+    tokens = Token.filter_not_expired(key=password, intent=TokenIntents.INTENT_API)
+    if not tokens.exists():
+        LOGGER.debug("Token not found")
+        return None
+    return tokens.first()
+
+
+class AuthentikTokenAuthentication(BaseAuthentication):
+    """Token-based authentication using HTTP Basic authentication"""
+
+    def authenticate(self, request: Request) -> Union[Tuple[User, Any], None]:
+        """Token-based authentication using HTTP Basic authentication"""
+        auth = get_authorization_header(request)
+
+        token = token_from_header(auth)
+        if not token:
+            return None
+
+        return (token.user, None)
+
+    def authenticate_header(self, request: Request) -> str:
+        return 'Basic realm="authentik"'
--- a/authentik/api/pagination.py
+++ b/authentik/api/pagination.py
@ -0,0 +1,31 @@
+"""Pagination which includes total pages and current page"""
+from rest_framework import pagination
+from rest_framework.response import Response
+
+
+class Pagination(pagination.PageNumberPagination):
+    """Pagination which includes total pages and current page"""
+
+    page_size_query_param = "page_size"
+
+    def get_paginated_response(self, data):
+        previous_page_number = 0
+        if self.page.has_previous():
+            previous_page_number = self.page.previous_page_number()
+        next_page_number = 0
+        if self.page.has_next():
+            next_page_number = self.page.next_page_number()
+        return Response(
+            {
+                "pagination": {
+                    "next": next_page_number,
+                    "previous": previous_page_number,
+                    "count": self.page.paginator.count,
+                    "current": self.page.number,
+                    "total_pages": self.page.paginator.num_pages,
+                    "start_index": self.page.start_index(),
+                    "end_index": self.page.end_index(),
+                },
+                "results": data,
+            }
+        )
--- a/authentik/api/templates/rest_framework/api.html
+++ b/authentik/api/templates/rest_framework/api.html
@ -0,0 +1,7 @@
+{% extends "rest_framework/base.html" %}
+
+{% block branding %}
+<span class='navbar-brand'>
+    authentik
+</span>
+{% endblock %}
--- a/authentik/api/urls.py
+++ b/authentik/api/urls.py
@ -0,0 +1,8 @@
+"""authentik api urls"""
+from django.urls import include, path
+
+from authentik.api.v2.urls import urlpatterns as v2_urls
+
+urlpatterns = [
+    path("v2beta/", include(v2_urls)),
+]
--- a/authentik/api/v2/init.py
+++ b/authentik/api/v2/init.py
--- a/authentik/api/v2/config.py
+++ b/authentik/api/v2/config.py
@ -0,0 +1,46 @@
+"""core Configs API"""
+from drf_yasg2.utils import swagger_auto_schema
+from rest_framework.permissions import AllowAny
+from rest_framework.request import Request
+from rest_framework.response import Response
+from rest_framework.serializers import ReadOnlyField, Serializer
+from rest_framework.viewsets import ViewSet
+
+from authentik.lib.config import CONFIG
+
+
+class ConfigSerializer(Serializer):
+    """Serialize authentik Config into DRF Object"""
+
+    branding_logo = ReadOnlyField()
+    branding_title = ReadOnlyField()
+
+    error_reporting_enabled = ReadOnlyField()
+    error_reporting_environment = ReadOnlyField()
+    error_reporting_send_pii = ReadOnlyField()
+
+    def create(self, request: Request) -> Response:
+        raise NotImplementedError
+
+    def update(self, request: Request) -> Response:
+        raise NotImplementedError
+
+
+class ConfigsViewSet(ViewSet):
+    """Read-only view set that returns the current session's Configs"""
+
+    permission_classes = [AllowAny]
+
+    @swagger_auto_schema(responses={200: ConfigSerializer(many=True)})
+    def list(self, request: Request) -> Response:
+        """Retrive public configuration options"""
+        config = ConfigSerializer(
+            {
+                "branding_logo": CONFIG.y("authentik.branding.logo"),
+                "branding_title": CONFIG.y("authentik.branding.title"),
+                "error_reporting_enabled": CONFIG.y("error_reporting.enabled"),
+                "error_reporting_environment": CONFIG.y("error_reporting.environment"),
+                "error_reporting_send_pii": CONFIG.y("error_reporting.send_pii"),
+            }
+        )
+        return Response(config.data)
--- a/authentik/api/v2/messages.py
+++ b/authentik/api/v2/messages.py
@ -0,0 +1,36 @@
+"""core messages API"""
+from django.contrib.messages import get_messages
+from drf_yasg2.utils import swagger_auto_schema
+from rest_framework.permissions import AllowAny
+from rest_framework.request import Request
+from rest_framework.response import Response
+from rest_framework.serializers import ReadOnlyField, Serializer
+from rest_framework.viewsets import ViewSet
+
+
+class MessageSerializer(Serializer):
+    """Serialize Django Message into DRF Object"""
+
+    message = ReadOnlyField()
+    level = ReadOnlyField()
+    tags = ReadOnlyField()
+    extra_tags = ReadOnlyField()
+    level_tag = ReadOnlyField()
+
+    def create(self, request: Request) -> Response:
+        raise NotImplementedError
+
+    def update(self, request: Request) -> Response:
+        raise NotImplementedError
+
+
+class MessagesViewSet(ViewSet):
+    """Read-only view set that returns the current session's messages"""
+
+    permission_classes = [AllowAny]
+
+    @swagger_auto_schema(responses={200: MessageSerializer(many=True)})
+    def list(self, request: Request) -> Response:
+        """List current messages and pass into Serializer"""
+        all_messages = list(get_messages(request))
+        return Response(MessageSerializer(all_messages, many=True).data)
--- a/authentik/api/v2/urls.py
+++ b/authentik/api/v2/urls.py
@ -0,0 +1,160 @@
+"""api v2 urls"""
+from django.urls import path, re_path
+from drf_yasg2 import openapi
+from drf_yasg2.views import get_schema_view
+from rest_framework import routers
+from rest_framework.permissions import AllowAny
+
+from authentik.admin.api.overview import AdministrationOverviewViewSet
+from authentik.admin.api.overview_metrics import AdministrationMetricsViewSet
+from authentik.admin.api.tasks import TaskViewSet
+from authentik.api.v2.config import ConfigsViewSet
+from authentik.api.v2.messages import MessagesViewSet
+from authentik.audit.api import EventViewSet
+from authentik.core.api.applications import ApplicationViewSet
+from authentik.core.api.groups import GroupViewSet
+from authentik.core.api.propertymappings import PropertyMappingViewSet
+from authentik.core.api.providers import ProviderViewSet
+from authentik.core.api.sources import SourceViewSet
+from authentik.core.api.tokens import TokenViewSet
+from authentik.core.api.users import UserViewSet
+from authentik.crypto.api import CertificateKeyPairViewSet
+from authentik.flows.api import FlowStageBindingViewSet, FlowViewSet, StageViewSet
+from authentik.outposts.api import (
+    DockerServiceConnectionViewSet,
+    KubernetesServiceConnectionViewSet,
+    OutpostViewSet,
+)
+from authentik.policies.api import PolicyBindingViewSet, PolicyViewSet
+from authentik.policies.dummy.api import DummyPolicyViewSet
+from authentik.policies.expiry.api import PasswordExpiryPolicyViewSet
+from authentik.policies.expression.api import ExpressionPolicyViewSet
+from authentik.policies.group_membership.api import GroupMembershipPolicyViewSet
+from authentik.policies.hibp.api import HaveIBeenPwendPolicyViewSet
+from authentik.policies.password.api import PasswordPolicyViewSet
+from authentik.policies.reputation.api import ReputationPolicyViewSet
+from authentik.providers.oauth2.api import OAuth2ProviderViewSet, ScopeMappingViewSet
+from authentik.providers.proxy.api import (
+    ProxyOutpostConfigViewSet,
+    ProxyProviderViewSet,
+)
+from authentik.providers.saml.api import SAMLPropertyMappingViewSet, SAMLProviderViewSet
+from authentik.sources.ldap.api import LDAPPropertyMappingViewSet, LDAPSourceViewSet
+from authentik.sources.oauth.api import OAuthSourceViewSet
+from authentik.sources.saml.api import SAMLSourceViewSet
+from authentik.stages.captcha.api import CaptchaStageViewSet
+from authentik.stages.consent.api import ConsentStageViewSet
+from authentik.stages.dummy.api import DummyStageViewSet
+from authentik.stages.email.api import EmailStageViewSet
+from authentik.stages.identification.api import IdentificationStageViewSet
+from authentik.stages.invitation.api import InvitationStageViewSet, InvitationViewSet
+from authentik.stages.otp_static.api import OTPStaticStageViewSet
+from authentik.stages.otp_time.api import OTPTimeStageViewSet
+from authentik.stages.otp_validate.api import OTPValidateStageViewSet
+from authentik.stages.password.api import PasswordStageViewSet
+from authentik.stages.prompt.api import PromptStageViewSet, PromptViewSet
+from authentik.stages.user_delete.api import UserDeleteStageViewSet
+from authentik.stages.user_login.api import UserLoginStageViewSet
+from authentik.stages.user_logout.api import UserLogoutStageViewSet
+from authentik.stages.user_write.api import UserWriteStageViewSet
+
+router = routers.DefaultRouter()
+
+router.register("root/messages", MessagesViewSet, basename="messages")
+router.register("root/config", ConfigsViewSet, basename="configs")
+
+router.register(
+    "admin/overview", AdministrationOverviewViewSet, basename="admin_overview"
+)
+router.register("admin/metrics", AdministrationMetricsViewSet, basename="admin_metrics")
+router.register("admin/system_tasks", TaskViewSet, basename="admin_system_tasks")
+
+router.register("core/applications", ApplicationViewSet)
+router.register("core/groups", GroupViewSet)
+router.register("core/users", UserViewSet)
+router.register("core/tokens", TokenViewSet)
+
+router.register("outposts/outposts", OutpostViewSet)
+router.register("outposts/service_connections/docker", DockerServiceConnectionViewSet)
+router.register(
+    "outposts/service_connections/kubernetes", KubernetesServiceConnectionViewSet
+)
+router.register("outposts/proxy", ProxyOutpostConfigViewSet)
+
+router.register("flows/instances", FlowViewSet)
+router.register("flows/bindings", FlowStageBindingViewSet)
+
+router.register("crypto/certificatekeypairs", CertificateKeyPairViewSet)
+
+router.register("audit/events", EventViewSet)
+
+router.register("sources/all", SourceViewSet)
+router.register("sources/ldap", LDAPSourceViewSet)
+router.register("sources/saml", SAMLSourceViewSet)
+router.register("sources/oauth", OAuthSourceViewSet)
+
+router.register("policies/all", PolicyViewSet)
+router.register("policies/bindings", PolicyBindingViewSet)
+router.register("policies/expression", ExpressionPolicyViewSet)
+router.register("policies/group_membership", GroupMembershipPolicyViewSet)
+router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet)
+router.register("policies/password_expiry", PasswordExpiryPolicyViewSet)
+router.register("policies/password", PasswordPolicyViewSet)
+router.register("policies/reputation", ReputationPolicyViewSet)
+
+router.register("providers/all", ProviderViewSet)
+router.register("providers/proxy", ProxyProviderViewSet)
+router.register("providers/oauth2", OAuth2ProviderViewSet)
+router.register("providers/saml", SAMLProviderViewSet)
+
+router.register("propertymappings/all", PropertyMappingViewSet)
+router.register("propertymappings/ldap", LDAPPropertyMappingViewSet)
+router.register("propertymappings/saml", SAMLPropertyMappingViewSet)
+router.register("propertymappings/scope", ScopeMappingViewSet)
+
+router.register("stages/all", StageViewSet)
+router.register("stages/captcha", CaptchaStageViewSet)
+router.register("stages/consent", ConsentStageViewSet)
+router.register("stages/email", EmailStageViewSet)
+router.register("stages/identification", IdentificationStageViewSet)
+router.register("stages/invitation", InvitationStageViewSet)
+router.register("stages/invitation/invitations", InvitationViewSet)
+router.register("stages/otp_static", OTPStaticStageViewSet)
+router.register("stages/otp_time", OTPTimeStageViewSet)
+router.register("stages/otp_validate", OTPValidateStageViewSet)
+router.register("stages/password", PasswordStageViewSet)
+router.register("stages/prompt/prompts", PromptViewSet)
+router.register("stages/prompt/stages", PromptStageViewSet)
+router.register("stages/user_delete", UserDeleteStageViewSet)
+router.register("stages/user_login", UserLoginStageViewSet)
+router.register("stages/user_logout", UserLogoutStageViewSet)
+router.register("stages/user_write", UserWriteStageViewSet)
+
+router.register("stages/dummy", DummyStageViewSet)
+router.register("policies/dummy", DummyPolicyViewSet)
+
+info = openapi.Info(
+    title="authentik API",
+    default_version="v2",
+    contact=openapi.Contact(email="hello@beryju.org"),
+    license=openapi.License(name="MIT License"),
+)
+SchemaView = get_schema_view(
+    info,
+    public=True,
+    permission_classes=(AllowAny,),
+)
+
+urlpatterns = [
+    re_path(
+        r"^swagger(?P<format>\.json|\.yaml)$",
+        SchemaView.without_ui(cache_timeout=0),
+        name="schema-json",
+    ),
+    path(
+        "swagger/",
+        SchemaView.with_ui("swagger", cache_timeout=0),
+        name="schema-swagger-ui",
+    ),
+    path("redoc/", SchemaView.with_ui("redoc", cache_timeout=0), name="schema-redoc"),
+] + router.urls