habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stages/authenticator_duo: add missing duo device

Browse Source 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
2021-05-24 22:14:47 +02:00
parent ab25610643
commit 8183a51b72
6 changed files with 332 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
authentik/api/v2/urls.py
View File

@ -64,7 +64,11 @@ from authentik.sources.oauth.api.source_connection import (
) )
from authentik.sources.plex.api import PlexSourceViewSet from authentik.sources.plex.api import PlexSourceViewSet
from authentik.sources.saml.api import SAMLSourceViewSet from authentik.sources.saml.api import SAMLSourceViewSet
from authentik.stages.authenticator_duo.api import AuthenticatorDuoStageViewSet from authentik.stages.authenticator_duo.api import (
AuthenticatorDuoStageViewSet,
DuoAdminDeviceViewSet,
DuoDeviceViewSet,
)
from authentik.stages.authenticator_static.api import ( from authentik.stages.authenticator_static.api import (
AuthenticatorStaticStageViewSet, AuthenticatorStaticStageViewSet,
StaticAdminDeviceViewSet, StaticAdminDeviceViewSet,
@ -159,9 +163,15 @@ router.register("propertymappings/ldap", LDAPPropertyMappingViewSet)
router.register("propertymappings/saml", SAMLPropertyMappingViewSet) router.register("propertymappings/saml", SAMLPropertyMappingViewSet)
router.register("propertymappings/scope", ScopeMappingViewSet) router.register("propertymappings/scope", ScopeMappingViewSet)
router.register("authenticators/duo", DuoDeviceViewSet)
router.register("authenticators/static", StaticDeviceViewSet) router.register("authenticators/static", StaticDeviceViewSet)
router.register("authenticators/totp", TOTPDeviceViewSet) router.register("authenticators/totp", TOTPDeviceViewSet)
router.register("authenticators/webauthn", WebAuthnDeviceViewSet) router.register("authenticators/webauthn", WebAuthnDeviceViewSet)
router.register(
"authenticators/admin/duo",
DuoAdminDeviceViewSet,
basename="admin-duodevice",
)
router.register( router.register(
"authenticators/admin/static", "authenticators/admin/static",
StaticAdminDeviceViewSet, StaticAdminDeviceViewSet,

2
authentik/stages/authenticator_duo/models.py
View File

@ -15,7 +15,7 @@ from authentik.flows.models import ConfigurableStage, Stage
class AuthenticatorDuoStage(ConfigurableStage, Stage): class AuthenticatorDuoStage(ConfigurableStage, Stage):
"""Duo stage""" """Setup Duo authenticator devices"""
client_id = models.TextField() client_id = models.TextField()
client_secret = models.TextField() client_secret = models.TextField()

317
schema.yml
View File

@ -167,6 +167,82 @@ paths:
$ref: '#/components/schemas/ValidationError' $ref: '#/components/schemas/ValidationError'
'403': '403':
$ref: '#/components/schemas/GenericError' $ref: '#/components/schemas/GenericError'
/api/v2beta/authenticators/admin/duo/:
get:
operationId: authenticators_admin_duo_list
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
- cookieAuth: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDuoDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/api/v2beta/authenticators/admin/duo/{id}/:
get:
operationId: authenticators_admin_duo_retrieve
description: Viewset for Duo authenticator devices (for admins)
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
- cookieAuth: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/api/v2beta/authenticators/admin/static/: /api/v2beta/authenticators/admin/static/:
get: get:
operationId: authenticators_admin_static_list operationId: authenticators_admin_static_list
@ -395,6 +471,179 @@ paths:
$ref: '#/components/schemas/ValidationError' $ref: '#/components/schemas/ValidationError'
'403': '403':
$ref: '#/components/schemas/GenericError' $ref: '#/components/schemas/GenericError'
/api/v2beta/authenticators/duo/:
get:
operationId: authenticators_duo_list
description: Viewset for Duo authenticator devices
parameters:
- in: query
name: name
schema:
type: string
- name: ordering
required: false
in: query
description: Which field to use when ordering the results.
schema:
type: string
- name: page
required: false
in: query
description: A page number within the paginated result set.
schema:
type: integer
- name: page_size
required: false
in: query
description: Number of results to return per page.
schema:
type: integer
- name: search
required: false
in: query
description: A search term.
schema:
type: string
tags:
- authenticators
security:
- authentik: []
- cookieAuth: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedDuoDeviceList'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/api/v2beta/authenticators/duo/{id}/:
get:
operationId: authenticators_duo_retrieve
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
- cookieAuth: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
put:
operationId: authenticators_duo_update
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDeviceRequest'
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/DuoDeviceRequest'
multipart/form-data:
schema:
$ref: '#/components/schemas/DuoDeviceRequest'
required: true
security:
- authentik: []
- cookieAuth: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
patch:
operationId: authenticators_duo_partial_update
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
multipart/form-data:
schema:
$ref: '#/components/schemas/PatchedDuoDeviceRequest'
security:
- authentik: []
- cookieAuth: []
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DuoDevice'
description: ''
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
delete:
operationId: authenticators_duo_destroy
description: Viewset for Duo authenticator devices
parameters:
- in: path
name: id
schema:
type: integer
description: A unique integer value identifying this Duo Device.
required: true
tags:
- authenticators
security:
- authentik: []
- cookieAuth: []
responses:
'204':
description: No response body
'400':
$ref: '#/components/schemas/ValidationError'
'403':
$ref: '#/components/schemas/GenericError'
/api/v2beta/authenticators/static/: /api/v2beta/authenticators/static/:
get: get:
operationId: authenticators_static_list operationId: authenticators_static_list
@ -16316,6 +16565,31 @@ components:
$ref: '#/components/schemas/FlowRequest' $ref: '#/components/schemas/FlowRequest'
required: required:
- name - name
DuoDevice:
type: object
description: Serializer for Duo authenticator devices
properties:
pk:
type: integer
readOnly: true
title: ID
name:
type: string
description: The human-readable name of this device.
maxLength: 64
required:
- name
- pk
DuoDeviceRequest:
type: object
description: Serializer for Duo authenticator devices
properties:
name:
type: string
description: The human-readable name of this device.
maxLength: 64
required:
- name
EmailChallenge: EmailChallenge:
type: object type: object
description: Email challenge description: Email challenge
@ -18940,6 +19214,41 @@ components:
required: required:
- pagination - pagination
- results - results
PaginatedDuoDeviceList:
type: object
properties:
pagination:
type: object
properties:
next:
type: number
previous:
type: number
count:
type: number
current:
type: number
total_pages:
type: number
start_index:
type: number
end_index:
type: number
required:
- next
- previous
- count
- current
- total_pages
- start_index
- end_index
results:
type: array
items:
$ref: '#/components/schemas/DuoDevice'
required:
- pagination
- results
PaginatedEmailStageList: PaginatedEmailStageList:
type: object type: object
properties: properties:
@ -21421,6 +21730,14 @@ components:
type: array type: array
items: items:
$ref: '#/components/schemas/FlowRequest' $ref: '#/components/schemas/FlowRequest'
PatchedDuoDeviceRequest:
type: object
description: Serializer for Duo authenticator devices
properties:
name:
type: string
description: The human-readable name of this device.
maxLength: 64
PatchedEmailStageRequest: PatchedEmailStageRequest:
type: object type: object
description: EmailStage Serializer description: EmailStage Serializer

1
web/src/flows/FlowExecutor.ts
View File

@ -100,7 +100,6 @@ export class FlowExecutor extends LitElement implements StageHost {
submit(payload: FlowChallengeResponseRequest): Promise<void> { submit(payload: FlowChallengeResponseRequest): Promise<void> {
// @ts-ignore // @ts-ignore
payload.component = this.challenge?.component; payload.component = this.challenge?.component;
console.log(payload);
this.loading = true; this.loading = true;
return new FlowsApi(DEFAULT_CONFIG).flowsExecutorSolve({ return new FlowsApi(DEFAULT_CONFIG).flowsExecutorSolve({
flowSlug: this.flowSlug, flowSlug: this.flowSlug,

1
web/src/pages/providers/saml/SAMLProviderForm.ts
View File

@ -13,7 +13,6 @@ import "../../../elements/forms/FormGroup";
export class SAMLProviderFormPage extends ModelForm<SAMLProvider, number> { export class SAMLProviderFormPage extends ModelForm<SAMLProvider, number> {
loadInstance(pk: number): Promise<SAMLProvider> { loadInstance(pk: number): Promise<SAMLProvider> {
console.log("reading saml provider");
return new ProvidersApi(DEFAULT_CONFIG).providersSamlRetrieve({ return new ProvidersApi(DEFAULT_CONFIG).providersSamlRetrieve({
id: pk, id: pk,
}); });

16
web/src/pages/user-settings/settings/UserSettingsAuthenticatorDuo.ts
View File

@ -18,27 +18,17 @@ export class UserSettingsAuthenticatorDuo extends BaseUserSettings {
${t`Status: Enabled`} ${t`Status: Enabled`}
<i class="pf-icon pf-icon-ok"></i> <i class="pf-icon pf-icon-ok"></i>
</p> </p>
<ul class="ak-otp-tokens">
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticList({}).then((devices) => {
if (devices.results.length < 1) {
return;
}
return devices.results[0].tokenSet?.map((token) => {
return html`<li>${token.token}</li>`;
});
}))}
</ul>
</div> </div>
<div class="pf-c-card__footer"> <div class="pf-c-card__footer">
<button <button
class="pf-c-button pf-m-danger" class="pf-c-button pf-m-danger"
@click=${() => { @click=${() => {
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticList({}).then((devices) => { return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsDuoList({}).then((devices) => {
if (devices.results.length < 1) { if (devices.results.length < 1) {
return; return;
} }
// TODO: Handle multiple devices, currently we assume only one TOTP Device // TODO: Handle multiple devices, currently we assume only one TOTP Device
return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticDestroy({ return new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsDuoDestroy({
id: devices.results[0].pk || 0 id: devices.results[0].pk || 0
}); });
}); });
@ -70,7 +60,7 @@ export class UserSettingsAuthenticatorDuo extends BaseUserSettings {
${t`Duo`} ${t`Duo`}
</div> </div>
${this.renderDisabled()} ${this.renderDisabled()}
${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsStaticList({}).then((devices) => { ${until(new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorsDuoList({}).then((devices) => {
return devices.results.length > 0 ? this.renderEnabled() : this.renderDisabled(); return devices.results.length > 0 ? this.renderEnabled() : this.renderDisabled();
}))} }))}
</div>`; </div>`;