wip: rename to authentik (#361)

* root: initial rename

* web: rename custom element prefix

* root: rename external functions with pb_ prefix

* root: fix formatting

* root: replace domain with goauthentik.io

* proxy: update path

* root: rename remaining prefixes

* flows: rename file extension

* root: pbadmin -> akadmin

* docs: fix image filenames

* lifecycle: ignore migration files

* ci: copy default config from current source before loading last tagged

* *: new sentry dsn

* tests: fix missing python3.9-dev package

* root: add additional migrations for service accounts created by outposts

* core: mark system-created service accounts with attribute

* policies/expression: fix pb_ replacement not working

* web: fix last linting errors, add lit-analyse

* policies/expressions: fix lint errors

* web: fix sidebar display on screens where not all items fit

* proxy: attempt to fix proxy pipeline

* proxy: use go env GOPATH to get gopath

* lib: fix user_default naming inconsistency

* docs: add upgrade docs

* docs: update screenshots to use authentik

* admin: fix create button on empty-state of outpost

* web: fix modal submit not refreshing SiteShell and Table

* web: fix height of app-card and height of generic icon

* web: fix rendering of subtext

* admin: fix version check error not being caught

* web: fix worker count not being shown

* docs: update screenshots

* root: new icon

* web: fix lint error

* admin: fix linting error

* root: migrate coverage config to pyproject

authentik/policies/reputation/models.py

@@ -0,0 +1,74 @@
+"""authentik reputation request policy"""
+from typing import Type
+
+from django.core.cache import cache
+from django.db import models
+from django.forms import ModelForm
+from django.utils.translation import gettext as _
+from rest_framework.serializers import BaseSerializer
+
+from authentik.core.models import User
+from authentik.lib.utils.http import get_client_ip
+from authentik.policies.models import Policy
+from authentik.policies.types import PolicyRequest, PolicyResult
+
+CACHE_KEY_IP_PREFIX = "authentik_reputation_ip_"
+CACHE_KEY_USER_PREFIX = "authentik_reputation_user_"
+
+
+class ReputationPolicy(Policy):
+    """Return true if request IP/target username's score is below a certain threshold"""
+
+    check_ip = models.BooleanField(default=True)
+    check_username = models.BooleanField(default=True)
+    threshold = models.IntegerField(default=-5)
+
+    @property
+    def serializer(self) -> BaseSerializer:
+        from authentik.policies.reputation.api import ReputationPolicySerializer
+
+        return ReputationPolicySerializer
+
+    @property
+    def form(self) -> Type[ModelForm]:
+        from authentik.policies.reputation.forms import ReputationPolicyForm
+
+        return ReputationPolicyForm
+
+    def passes(self, request: PolicyRequest) -> PolicyResult:
+        remote_ip = get_client_ip(request.http_request) or "255.255.255.255"
+        passing = True
+        if self.check_ip:
+            score = cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0)
+            passing = passing and score <= self.threshold
+        if self.check_username:
+            score = cache.get_or_set(CACHE_KEY_USER_PREFIX + request.user.username, 0)
+            passing = passing and score <= self.threshold
+        return PolicyResult(passing)
+
+    class Meta:
+
+        verbose_name = _("Reputation Policy")
+        verbose_name_plural = _("Reputation Policies")
+
+
+class IPReputation(models.Model):
+    """Store score coming from the same IP"""
+
+    ip = models.GenericIPAddressField(unique=True)
+    score = models.IntegerField(default=0)
+    updated = models.DateTimeField(auto_now=True)
+
+    def __str__(self):
+        return f"IPReputation for {self.ip} @ {self.score}"
+
+
+class UserReputation(models.Model):
+    """Store score attempting to log in as the same username"""
+
+    user = models.OneToOneField(User, on_delete=models.CASCADE)
+    score = models.IntegerField(default=0)
+    updated = models.DateTimeField(auto_now=True)
+
+    def __str__(self):
+        return f"UserReputation for {self.user} @ {self.score}"