events: add configurable headers to webhooks (#13602)

* events: add configurable headers to webhooks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make it a full thing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-03-21 19:37:15 +00:00
parent 0b806b7130
commit ce23209ae8
8 changed files with 163 additions and 22 deletions
--- a/authentik/events/models.py
+++ b/authentik/events/models.py
@ -336,8 +336,27 @@ class NotificationTransport(SerializerModel):
    mode = models.TextField(choices=TransportMode.choices, default=TransportMode.LOCAL)

    webhook_url = models.TextField(blank=True, validators=[DomainlessURLValidator()])
-    webhook_mapping = models.ForeignKey(
-        "NotificationWebhookMapping", on_delete=models.SET_DEFAULT, null=True, default=None
+    webhook_mapping_body = models.ForeignKey(
+        "NotificationWebhookMapping",
+        on_delete=models.SET_DEFAULT,
+        null=True,
+        default=None,
+        related_name="+",
+        help_text=_(
+            "Customize the body of the request. "
+            "Mapping should return data that is JSON-serializable."
+        ),
+    )
+    webhook_mapping_headers = models.ForeignKey(
+        "NotificationWebhookMapping",
+        on_delete=models.SET_DEFAULT,
+        null=True,
+        default=None,
+        related_name="+",
+        help_text=_(
+            "Configure additional headers to be sent. "
+            "Mapping should return a dictionary of key-value pairs"
+        ),
    )
    send_once = models.BooleanField(
        default=False,
@ -360,8 +379,8 @@ class NotificationTransport(SerializerModel):

    def send_local(self, notification: "Notification") -> list[str]:
        """Local notification delivery"""
-        if self.webhook_mapping:
-            self.webhook_mapping.evaluate(
+        if self.webhook_mapping_body:
+            self.webhook_mapping_body.evaluate(
                user=notification.user,
                request=None,
                notification=notification,
@ -380,9 +399,18 @@ class NotificationTransport(SerializerModel):
        if notification.event and notification.event.user:
            default_body["event_user_email"] = notification.event.user.get("email", None)
            default_body["event_user_username"] = notification.event.user.get("username", None)
-        if self.webhook_mapping:
+        headers = {}
+        if self.webhook_mapping_body:
            default_body = sanitize_item(
-                self.webhook_mapping.evaluate(
+                self.webhook_mapping_body.evaluate(
+                    user=notification.user,
+                    request=None,
+                    notification=notification,
+                )
+            )
+        if self.webhook_mapping_headers:
+            headers = sanitize_item(
+                self.webhook_mapping_headers.evaluate(
                    user=notification.user,
                    request=None,
                    notification=notification,
@ -392,6 +420,7 @@ class NotificationTransport(SerializerModel):
            response = get_http_session().post(
                self.webhook_url,
                json=default_body,
+                headers=headers,
            )
            response.raise_for_status()
        except RequestException as exc: