Managed objects (#519)

* managed: add base manager and Ops

* core: use ManagedModel for Token and PropertyMapping

* providers/saml: implement managed objects for SAML Provider

* sources/ldap: migrate to managed

* providers/oauth2: migrate to managed

* providers/proxy: migrate to managed

* *: load .managed in apps

* managed: add reconcile task, run on startup

* providers/oauth2: fix import path for managed

* providers/saml: don't set FriendlyName when mapping is none

* *: use ObjectManager in tests to ensure objects exist

* ci: use vmImage ubuntu-latest

* providers/saml: add new mapping for username and user id

* tests: remove docker proxy

* tests/e2e: use updated attribute names

* docs: update SAML docs

* tests/e2e: fix remaining saml cases

* outposts: make tokens as managed

* *: make PropertyMapping SerializerModel

* web: add page for property-mappings

* web: add codemirror to common_styles because codemirror

* docs: fix member-of in nextcloud

* docs: nextcloud add admin

* web: fix refresh reloading data two times

* web: add loading lock to table to prevent double loads

* web: add ability to use null in QueryArgs (value will be skipped)

* web: add hide option to property mappings

* web: fix linting

authentik/core/api/propertymappings.py

@@ -2,22 +2,36 @@
 from rest_framework.serializers import ModelSerializer, SerializerMethodField
 from rest_framework.viewsets import ReadOnlyModelViewSet
 
+from authentik.core.api.utils import MetaNameSerializer
 from authentik.core.models import PropertyMapping
 
 
-class PropertyMappingSerializer(ModelSerializer):
+class PropertyMappingSerializer(ModelSerializer, MetaNameSerializer):
     """PropertyMapping Serializer"""
 
-    __type__ = SerializerMethodField(method_name="get_type")
+    object_type = SerializerMethodField(method_name="get_type")
 
     def get_type(self, obj):
         """Get object type so that we know which API Endpoint to use to get the full object"""
         return obj._meta.object_name.lower().replace("propertymapping", "")
 
+    def to_representation(self, instance: PropertyMapping):
+        # pyright: reportGeneralTypeIssues=false
+        if instance.__class__ == PropertyMapping:
+            return super().to_representation(instance)
+        return instance.serializer(instance=instance).data
+
     class Meta:
 
         model = PropertyMapping
-        fields = ["pk", "name", "expression", "__type__"]
+        fields = [
+            "pk",
+            "name",
+            "expression",
+            "object_type",
+            "verbose_name",
+            "verbose_name_plural",
+        ]
 
 
 class PropertyMappingViewSet(ReadOnlyModelViewSet):
@@ -25,6 +39,11 @@ class PropertyMappingViewSet(ReadOnlyModelViewSet):
 
     queryset = PropertyMapping.objects.none()
     serializer_class = PropertyMappingSerializer
+    search_fields = [
+        "name",
+    ]
+    filterset_fields = ["managed"]
+    ordering = ["name"]
 
     def get_queryset(self):
         return PropertyMapping.objects.select_subclasses()

authentik/core/migrations/0017_managed.py

@@ -0,0 +1,31 @@
+# Generated by Django 3.1.4 on 2021-01-30 18:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_core", "0016_auto_20201202_2234"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="propertymapping",
+            name="managed",
+            field=models.BooleanField(
+                default=False,
+                help_text="Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.",
+                verbose_name="Managed by authentik",
+            ),
+        ),
+        migrations.AddField(
+            model_name="token",
+            name="managed",
+            field=models.BooleanField(
+                default=False,
+                help_text="Objects which are managed by authentik. These objects are created and updated automatically. This is flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.",
+                verbose_name="Managed by authentik",
+            ),
+        ),
+    ]

authentik/core/models.py

@@ -22,6 +22,7 @@ from authentik.core.signals import password_changed
 from authentik.core.types import UILoginButton
 from authentik.flows.models import Flow
 from authentik.lib.models import CreatedUpdatedModel, SerializerModel
+from authentik.managed.models import ManagedModel
 from authentik.policies.models import PolicyBindingModel
 
 LOGGER = get_logger()
@@ -313,7 +314,7 @@ class TokenIntents(models.TextChoices):
     INTENT_RECOVERY = "recovery"
 
 
-class Token(ExpiringModel):
+class Token(ManagedModel, ExpiringModel):
     """Token used to authenticate the User for API Access or confirm another Stage like Email."""
 
     token_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
@@ -341,7 +342,7 @@ class Token(ExpiringModel):
         ]
 
 
-class PropertyMapping(models.Model):
+class PropertyMapping(SerializerModel, ManagedModel):
     """User-defined key -> x mapping which can be used by providers to expose extra data."""
 
     pm_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
@@ -355,6 +356,11 @@ class PropertyMapping(models.Model):
         """Return Form class used to edit this object"""
         raise NotImplementedError
 
+    @property
+    def serializer(self) -> Type[Serializer]:
+        """Get serializer for this model"""
+        raise NotImplementedError
+
     def evaluate(
         self, user: Optional[User], request: Optional[HttpRequest], **kwargs
     ) -> Any: