providers: SCIM (#4835)

* basic user sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group sync and some refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow null authorization flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task monitored Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing dependency Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make authorization_flow required for most providers via API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task result better readable, exclude anonymous user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add task UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scheduled task for all sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scim errors more readable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mappings, migrate to mappings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mapping UI and more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim docs to web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start implementing membership Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate signals to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate fully to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * strip none keys, fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix saml Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim schemas and validate against it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group put support, add group tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * send correct application/scim+json headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stop sync if no mappings are confiugred Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for task sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add membership tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use decorator for tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make tests better Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:39:08 +01:00
parent dbc07f55f4
commit 28ddeb124f
67 changed files with 5422 additions and 192 deletions
--- a/authentik/core/api/providers.py
+++ b/authentik/core/api/providers.py
@ -44,6 +44,9 @@ class ProviderSerializer(ModelSerializer, MetaNameSerializer):
            "verbose_name_plural",
            "meta_model_name",
        ]
+        extra_kwargs = {
+            "authorization_flow": {"required": True, "allow_null": False},
+        }


 class ProviderViewSet(
--- a/authentik/core/migrations/0025_alter_provider_authorization_flow.py
+++ b/authentik/core/migrations/0025_alter_provider_authorization_flow.py
@ -0,0 +1,25 @@
+# Generated by Django 4.1.7 on 2023-03-02 21:32
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("authentik_flows", "0025_alter_flowstagebinding_evaluate_on_plan_and_more"),
+        ("authentik_core", "0024_source_icon"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="provider",
+            name="authorization_flow",
+            field=models.ForeignKey(
+                help_text="Flow used when authorizing this provider.",
+                null=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="provider_authorization",
+                to="authentik_flows.flow",
+            ),
+        ),
+    ]
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@ -248,6 +248,7 @@ class Provider(SerializerModel):
    authorization_flow = models.ForeignKey(
        "authentik_flows.Flow",
        on_delete=models.CASCADE,
+        null=True,
        help_text=_("Flow used when authorizing this provider."),
        related_name="provider_authorization",
    )
@ -630,7 +631,7 @@ class PropertyMapping(SerializerModel, ManagedModel):
        try:
            return evaluator.evaluate(self.expression)
        except Exception as exc:
-            raise PropertyMappingExpressionException(str(exc)) from exc
+            raise PropertyMappingExpressionException(exc) from exc

    def __str__(self):
        return f"Property Mapping {self.name}"