Jens Langhammer
@ -27,6 +27,7 @@ class IdentificationStageSerializer(StageSerializer):
|
||||
fields = StageSerializer.Meta.fields + [
|
||||
"user_fields",
|
||||
"password_stage",
|
||||
"captcha_stage",
|
||||
"case_insensitive_matching",
|
||||
"show_matched_user",
|
||||
"enrollment_flow",
|
||||
|
||||
@ -0,0 +1,26 @@
|
||||
# Generated by Django 5.0.8 on 2024-08-24 12:58
|
||||
|
||||
import django.db.models.deletion
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("authentik_stages_captcha", "0003_captchastage_error_on_invalid_score_and_more"),
|
||||
("authentik_stages_identification", "0014_identificationstage_pretend"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name="identificationstage",
|
||||
name="captcha_stage",
|
||||
field=models.ForeignKey(
|
||||
default=None,
|
||||
help_text="When set, the captcha element is shown on the identification stage.",
|
||||
null=True,
|
||||
on_delete=django.db.models.deletion.SET_NULL,
|
||||
to="authentik_stages_captcha.captchastage",
|
||||
),
|
||||
),
|
||||
]
|
||||
@ -8,6 +8,7 @@ from rest_framework.serializers import BaseSerializer
|
||||
|
||||
from authentik.core.models import Source
|
||||
from authentik.flows.models import Flow, Stage
|
||||
from authentik.stages.captcha.models import CaptchaStage
|
||||
from authentik.stages.password.models import PasswordStage
|
||||
|
||||
|
||||
@ -42,6 +43,15 @@ class IdentificationStage(Stage):
|
||||
),
|
||||
),
|
||||
)
|
||||
captcha_stage = models.ForeignKey(
|
||||
CaptchaStage,
|
||||
null=True,
|
||||
default=None,
|
||||
on_delete=models.SET_NULL,
|
||||
help_text=_(
|
||||
("When set, the captcha element is shown on the identification stage."),
|
||||
),
|
||||
)
|
||||
|
||||
case_insensitive_matching = models.BooleanField(
|
||||
default=True,
|
||||
|
||||
@ -30,6 +30,11 @@ from authentik.lib.utils.urls import reverse_with_qs
|
||||
from authentik.root.middleware import ClientIPMiddleware
|
||||
from authentik.sources.oauth.types.apple import AppleLoginChallenge
|
||||
from authentik.sources.plex.models import PlexAuthenticationChallenge
|
||||
from authentik.stages.captcha.stage import (
|
||||
CaptchaChallenge,
|
||||
CaptchaChallengeResponse,
|
||||
CaptchaStageView,
|
||||
)
|
||||
from authentik.stages.identification.models import IdentificationStage
|
||||
from authentik.stages.identification.signals import identification_failed
|
||||
from authentik.stages.password.stage import authenticate
|
||||
@ -64,6 +69,7 @@ class IdentificationChallenge(Challenge):
|
||||
|
||||
user_fields = ListField(child=CharField(), allow_empty=True, allow_null=True)
|
||||
password_fields = BooleanField()
|
||||
captcha_stage = CaptchaChallenge(required=False)
|
||||
allow_show_password = BooleanField(default=False)
|
||||
application_pre = CharField(required=False)
|
||||
flow_designation = ChoiceField(FlowDesignation.choices)
|
||||
@ -84,6 +90,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
|
||||
uid_field = CharField()
|
||||
password = CharField(required=False, allow_blank=True, allow_null=True)
|
||||
component = CharField(default="ak-stage-identification")
|
||||
captcha = CaptchaChallengeResponse(required=False)
|
||||
|
||||
pre_user: User | None = None
|
||||
|
||||
@ -128,30 +135,32 @@ class IdentificationChallengeResponse(ChallengeResponse):
|
||||
return attrs
|
||||
raise ValidationError("Failed to authenticate.")
|
||||
self.pre_user = pre_user
|
||||
if not current_stage.password_stage:
|
||||
# No password stage select, don't validate the password
|
||||
return attrs
|
||||
|
||||
password = attrs.get("password", None)
|
||||
if not password:
|
||||
self.stage.logger.warning("Password not set for ident+auth attempt")
|
||||
try:
|
||||
with start_span(
|
||||
op="authentik.stages.identification.authenticate",
|
||||
description="User authenticate call (combo stage)",
|
||||
):
|
||||
user = authenticate(
|
||||
self.stage.request,
|
||||
current_stage.password_stage.backends,
|
||||
current_stage,
|
||||
username=self.pre_user.username,
|
||||
password=password,
|
||||
)
|
||||
if not user:
|
||||
raise ValidationError("Failed to authenticate.")
|
||||
self.pre_user = user
|
||||
except PermissionDenied as exc:
|
||||
raise ValidationError(str(exc)) from exc
|
||||
if current_stage.password_stage:
|
||||
password = attrs.get("password", None)
|
||||
if not password:
|
||||
self.stage.logger.warning("Password not set for ident+auth attempt")
|
||||
try:
|
||||
with start_span(
|
||||
op="authentik.stages.identification.authenticate",
|
||||
description="User authenticate call (combo stage)",
|
||||
):
|
||||
user = authenticate(
|
||||
self.stage.request,
|
||||
current_stage.password_stage.backends,
|
||||
current_stage,
|
||||
username=self.pre_user.username,
|
||||
password=password,
|
||||
)
|
||||
if not user:
|
||||
raise ValidationError("Failed to authenticate.")
|
||||
self.pre_user = user
|
||||
except PermissionDenied as exc:
|
||||
raise ValidationError(str(exc)) from exc
|
||||
print(attrs)
|
||||
# if current_stage.captcha_stage:
|
||||
# captcha = CaptchaStageView(self.stage.executor)
|
||||
# captcha.stage = current_stage.captcha_stage
|
||||
# captcha.challenge_valid(attrs.get("captcha"))
|
||||
return attrs
|
||||
|
||||
|
||||
@ -230,6 +239,12 @@ class IdentificationStageView(ChallengeStageView):
|
||||
query=get_qs,
|
||||
kwargs={"flow_slug": current_stage.passwordless_flow.slug},
|
||||
)
|
||||
if current_stage.captcha_stage:
|
||||
captcha = CaptchaStageView(self.executor)
|
||||
captcha.stage = current_stage.captcha_stage
|
||||
captcha_challenge = captcha.get_challenge()
|
||||
captcha_challenge.is_valid()
|
||||
challenge.initial_data["captcha_stage"] = captcha_challenge.data
|
||||
|
||||
# Check all enabled source, add them if they have a UI Login button.
|
||||
ui_sources = []
|
||||
|
||||
@ -10091,6 +10091,11 @@
|
||||
"title": "Password stage",
|
||||
"description": "When set, shows a password field, instead of showing the password field as separate step."
|
||||
},
|
||||
"captcha_stage": {
|
||||
"type": "integer",
|
||||
"title": "Captcha stage",
|
||||
"description": "When set, the captcha element is shown on the identification stage."
|
||||
},
|
||||
"case_insensitive_matching": {
|
||||
"type": "boolean",
|
||||
"title": "Case insensitive matching",
|
||||
|
||||
22
schema.yml
22
schema.yml
@ -40459,6 +40459,8 @@ components:
|
||||
nullable: true
|
||||
password_fields:
|
||||
type: boolean
|
||||
captcha_stage:
|
||||
$ref: '#/components/schemas/CaptchaChallenge'
|
||||
allow_show_password:
|
||||
type: boolean
|
||||
default: false
|
||||
@ -40500,6 +40502,8 @@ components:
|
||||
password:
|
||||
type: string
|
||||
nullable: true
|
||||
captcha:
|
||||
$ref: '#/components/schemas/CaptchaChallengeResponseRequest'
|
||||
required:
|
||||
- uid_field
|
||||
IdentificationStage:
|
||||
@ -40545,6 +40549,12 @@ components:
|
||||
nullable: true
|
||||
description: When set, shows a password field, instead of showing the password
|
||||
field as separate step.
|
||||
captcha_stage:
|
||||
type: string
|
||||
format: uuid
|
||||
nullable: true
|
||||
description: When set, the captcha element is shown on the identification
|
||||
stage.
|
||||
case_insensitive_matching:
|
||||
type: boolean
|
||||
description: When enabled, user fields are matched regardless of their casing.
|
||||
@ -40613,6 +40623,12 @@ components:
|
||||
nullable: true
|
||||
description: When set, shows a password field, instead of showing the password
|
||||
field as separate step.
|
||||
captcha_stage:
|
||||
type: string
|
||||
format: uuid
|
||||
nullable: true
|
||||
description: When set, the captcha element is shown on the identification
|
||||
stage.
|
||||
case_insensitive_matching:
|
||||
type: boolean
|
||||
description: When enabled, user fields are matched regardless of their casing.
|
||||
@ -45745,6 +45761,12 @@ components:
|
||||
nullable: true
|
||||
description: When set, shows a password field, instead of showing the password
|
||||
field as separate step.
|
||||
captcha_stage:
|
||||
type: string
|
||||
format: uuid
|
||||
nullable: true
|
||||
description: When set, the captcha element is shown on the identification
|
||||
stage.
|
||||
case_insensitive_matching:
|
||||
type: boolean
|
||||
description: When enabled, user fields are matched regardless of their casing.
|
||||
|
||||
@ -21,6 +21,7 @@ import {
|
||||
SourcesApi,
|
||||
Stage,
|
||||
StagesApi,
|
||||
StagesCaptchaListRequest,
|
||||
StagesPasswordListRequest,
|
||||
UserFieldsEnum,
|
||||
} from "@goauthentik/api";
|
||||
@ -160,6 +161,41 @@ export class IdentificationStageForm extends BaseStageForm<IdentificationStage>
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal label=${msg("Captcha stage")} name="captchaStage">
|
||||
<ak-search-select
|
||||
.fetchObjects=${async (query?: string): Promise<Stage[]> => {
|
||||
const args: StagesCaptchaListRequest = {
|
||||
ordering: "name",
|
||||
};
|
||||
if (query !== undefined) {
|
||||
args.search = query;
|
||||
}
|
||||
const stages = await new StagesApi(
|
||||
DEFAULT_CONFIG,
|
||||
).stagesCaptchaList(args);
|
||||
return stages.results;
|
||||
}}
|
||||
.groupBy=${(items: Stage[]) => {
|
||||
return groupBy(items, (stage) => stage.verboseNamePlural);
|
||||
}}
|
||||
.renderElement=${(stage: Stage): string => {
|
||||
return stage.name;
|
||||
}}
|
||||
.value=${(stage: Stage | undefined): string | undefined => {
|
||||
return stage?.pk;
|
||||
}}
|
||||
.selected=${(stage: Stage): boolean => {
|
||||
return stage.pk === this.instance?.captchaStage;
|
||||
}}
|
||||
?blankable=${true}
|
||||
>
|
||||
</ak-search-select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"TODO.",
|
||||
)}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal name="caseInsensitiveMatching">
|
||||
<label class="pf-c-switch">
|
||||
<input
|
||||
|
||||
@ -7,7 +7,7 @@ import type { TurnstileObject } from "turnstile-types";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { CSSResult, PropertyValues, TemplateResult, html } from "lit";
|
||||
import { customElement, state } from "lit/decorators.js";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||
@ -45,6 +45,9 @@ export class CaptchaStage extends BaseStage<CaptchaChallenge, CaptchaChallengeRe
|
||||
@state()
|
||||
scriptElement?: HTMLScriptElement;
|
||||
|
||||
@property({type: Boolean})
|
||||
embedded = false;
|
||||
|
||||
constructor() {
|
||||
super();
|
||||
this.captchaContainer = document.createElement("div");
|
||||
@ -161,6 +164,9 @@ export class CaptchaStage extends BaseStage<CaptchaChallenge, CaptchaChallengeRe
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
if (this.embedded) {
|
||||
return this.renderBody();
|
||||
}
|
||||
if (!this.challenge) {
|
||||
return html`<ak-empty-state loading> </ak-empty-state>`;
|
||||
}
|
||||
|
||||
@ -3,6 +3,7 @@ import "@goauthentik/elements/Divider";
|
||||
import "@goauthentik/elements/EmptyState";
|
||||
import "@goauthentik/elements/forms/FormElement";
|
||||
import "@goauthentik/flow/components/ak-flow-password-input.js";
|
||||
import "@goauthentik/flow/stages/captcha/CaptchaStage";
|
||||
import { BaseStage } from "@goauthentik/flow/stages/base";
|
||||
|
||||
import { msg, str } from "@lit/localize";
|
||||
@ -274,6 +275,9 @@ export class IdentificationStage extends BaseStage<
|
||||
`
|
||||
: nothing}
|
||||
${this.renderNonFieldErrors()}
|
||||
${this.challenge.captchaStage ? html`
|
||||
<ak-stage-captcha .challenge=${this.challenge.captchaStage} embedded></ak-stage-captcha>
|
||||
` : nothing}
|
||||
<div class="pf-c-form__group pf-m-action">
|
||||
<button type="submit" class="pf-c-button pf-m-primary pf-m-block">
|
||||
${this.challenge.primaryAction}
|
||||
@ -284,6 +288,11 @@ export class IdentificationStage extends BaseStage<
|
||||
: nothing}`;
|
||||
}
|
||||
|
||||
submitForm(e: Event, defaults?: IdentificationChallengeResponseRequest | undefined): Promise<boolean> {
|
||||
|
||||
return super.submitForm(e, defaults);
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
if (!this.challenge) {
|
||||
return html`<ak-empty-state loading> </ak-empty-state>`;
|
||||
|
||||
Reference in New Issue
Block a user