stages/user_login: stay logged in (#4958)

* add initial remember me offset Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add to go executor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ui for user login stage Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-15 20:21:05 +01:00
parent fd9293e3e8
commit eaf56f4f3f
21 changed files with 311 additions and 18 deletions
--- a/internal/outpost/flow/const.go
+++ b/internal/outpost/flow/const.go
@ -3,10 +3,11 @@ package flow
 type StageComponent string

 const (
+	StageAccessDenied          = StageComponent("ak-stage-access-denied")
+	StageAuthenticatorValidate = StageComponent("ak-stage-authenticator-validate")
 	StageIdentification        = StageComponent("ak-stage-identification")
 	StagePassword              = StageComponent("ak-stage-password")
-	StageAuthenticatorValidate = StageComponent("ak-stage-authenticator-validate")
-	StageAccessDenied          = StageComponent("ak-stage-access-denied")
+	StageUserLogin             = StageComponent("ak-stage-user-login")
 )

 const (
--- a/internal/outpost/flow/executor.go
+++ b/internal/outpost/flow/executor.go
@ -75,6 +75,7 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config
 		StageIdentification:        fe.solveChallenge_Identification,
 		StagePassword:              fe.solveChallenge_Password,
 		StageAuthenticatorValidate: fe.solveChallenge_AuthenticatorValidate,
+		StageUserLogin:             fe.solveChallenge_UserLogin,
 	}
 	// Create new http client that also sets the correct ip
 	config := api.NewConfiguration()
--- a/internal/outpost/flow/solvers.go
+++ b/internal/outpost/flow/solvers.go
@ -30,6 +30,11 @@ func (fe *FlowExecutor) solveChallenge_Password(challenge *api.ChallengeTypes, r
 	return api.PasswordChallengeResponseRequestAsFlowChallengeResponseRequest(r), nil
 }

+func (fe *FlowExecutor) solveChallenge_UserLogin(challenge *api.ChallengeTypes, req api.ApiFlowsExecutorSolveRequest) (api.FlowChallengeResponseRequest, error) {
+	r := api.NewUserLoginChallengeResponseRequest(true)
+	return api.UserLoginChallengeResponseRequestAsFlowChallengeResponseRequest(r), nil
+}
+
 func (fe *FlowExecutor) solveChallenge_AuthenticatorValidate(challenge *api.ChallengeTypes, req api.ApiFlowsExecutorSolveRequest) (api.FlowChallengeResponseRequest, error) {
 	// We only support duo and code-based authenticators, check if that's allowed
 	var deviceChallenge *api.DeviceChallenge