providers: SCIM (#4835)

* basic user sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group sync and some refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow null authorization flow Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task monitored Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing dependency Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make authorization_flow required for most providers via API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make task result better readable, exclude anonymous user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add task UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scheduled task for all sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make scim errors more readable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mappings, migrate to mappings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mapping UI and more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim docs to web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start implementing membership Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate signals to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate fully to tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * strip none keys, fix lint errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix saml Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add scim schemas and validate against it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group put support, add group tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * send correct application/scim+json headers Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stop sync if no mappings are confiugred Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test for task sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add membership tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use decorator for tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make tests better Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-06 19:39:08 +01:00
parent dbc07f55f4
commit 28ddeb124f
67 changed files with 5422 additions and 192 deletions
--- a/web/src/admin/property-mappings/PropertyMappingListPage.ts
+++ b/web/src/admin/property-mappings/PropertyMappingListPage.ts
@ -1,6 +1,7 @@
 import "@goauthentik/admin/property-mappings/PropertyMappingLDAPForm";
 import "@goauthentik/admin/property-mappings/PropertyMappingNotification";
 import "@goauthentik/admin/property-mappings/PropertyMappingSAMLForm";
+import "@goauthentik/admin/property-mappings/PropertyMappingSCIMForm";
 import "@goauthentik/admin/property-mappings/PropertyMappingScopeForm";
 import "@goauthentik/admin/property-mappings/PropertyMappingTestForm";
 import "@goauthentik/admin/property-mappings/PropertyMappingWizard";
--- a/web/src/admin/property-mappings/PropertyMappingSAMLForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingSAMLForm.ts
@ -13,7 +13,7 @@ import { ifDefined } from "lit/directives/if-defined.js";
 import { PropertymappingsApi, SAMLPropertyMapping } from "@goauthentik/api";

@customElement("ak-property-mapping-saml-form")
-export class PropertyMappingLDAPForm extends ModelForm<SAMLPropertyMapping, string> {
+export class PropertyMappingSAMLForm extends ModelForm<SAMLPropertyMapping, string> {
    loadInstance(pk: string): Promise<SAMLPropertyMapping> {
        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsSamlRetrieve({
            pmUuid: pk,
--- a/web/src/admin/property-mappings/PropertyMappingSCIMForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingSCIMForm.ts
@ -0,0 +1,69 @@
+import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
+import { docLink } from "@goauthentik/common/global";
+import "@goauthentik/elements/CodeMirror";
+import "@goauthentik/elements/forms/HorizontalFormElement";
+import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
+
+import { t } from "@lingui/macro";
+
+import { TemplateResult, html } from "lit";
+import { customElement } from "lit/decorators.js";
+import { ifDefined } from "lit/directives/if-defined.js";
+
+import { PropertymappingsApi, SCIMMapping } from "@goauthentik/api";
+
+@customElement("ak-property-mapping-scim-form")
+export class PropertyMappingSCIMForm extends ModelForm<SCIMMapping, string> {
+    loadInstance(pk: string): Promise<SCIMMapping> {
+        return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsScimRetrieve({
+            pmUuid: pk,
+        });
+    }
+
+    getSuccessMessage(): string {
+        if (this.instance) {
+            return t`Successfully updated mapping.`;
+        } else {
+            return t`Successfully created mapping.`;
+        }
+    }
+
+    send = (data: SCIMMapping): Promise<SCIMMapping> => {
+        if (this.instance) {
+            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsScimUpdate({
+                pmUuid: this.instance.pk || "",
+                sCIMMappingRequest: data,
+            });
+        } else {
+            return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsScimCreate({
+                sCIMMappingRequest: data,
+            });
+        }
+    };
+
+    renderForm(): TemplateResult {
+        return html`<form class="pf-c-form pf-m-horizontal">
+            <ak-form-element-horizontal label=${t`Name`} ?required=${true} name="name">
+                <input
+                    type="text"
+                    value="${ifDefined(this.instance?.name)}"
+                    class="pf-c-form-control"
+                    required
+                />
+            </ak-form-element-horizontal>
+            <ak-form-element-horizontal label=${t`Expression`} ?required=${true} name="expression">
+                <ak-codemirror mode="python" value="${ifDefined(this.instance?.expression)}">
+                </ak-codemirror>
+                <p class="pf-c-form__helper-text">
+                    ${t`Expression using Python.`}
+                    <a
+                        target="_blank"
+                        href="${docLink("/docs/property-mappings/expression?utm_source=authentik")}"
+                    >
+                        ${t`See documentation for a list of all variables.`}
+                    </a>
+                </p>
+            </ak-form-element-horizontal>
+        </form>`;
+    }
+}