tenants: initial implementation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

web/src/api/Config.ts

@@ -1,4 +1,4 @@
-import { Config, Configuration, Middleware, ResponseContext, RootApi } from "authentik-api";
+import { Config, Configuration, CoreApi, CurrentTenant, Middleware, ResponseContext, RootApi, Tenant } from "authentik-api";
 import { getCookie } from "../utils";
 import { API_DRAWER_MIDDLEWARE } from "../elements/notifications/APIDrawer";
 import { MessageMiddleware } from "../elements/messages/Middleware";
@@ -20,6 +20,14 @@ export function config(): Promise<Config> {
     return globalConfigPromise;
 }
 
+let globalTenantPromise: Promise<CurrentTenant>;
+export function tenant(): Promise<CurrentTenant> {
+    if (!globalTenantPromise) {
+        globalTenantPromise = new CoreApi(DEFAULT_CONFIG).coreTenantsCurrentRetrieve();
+    }
+    return globalTenantPromise;
+}
+
 export const DEFAULT_CONFIG = new Configuration({
     basePath: "",
     headers: {

web/src/elements/PageHeader.ts

@@ -5,7 +5,7 @@ import AKGlobal from "../authentik.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 import PFButton from "@patternfly/patternfly/components/Button/button.css";
 import { EVENT_SIDEBAR_TOGGLE, TITLE_DEFAULT } from "../constants";
-import { config } from "../api/Config";
+import { tenant } from "../api/Config";
 
 @customElement("ak-page-header")
 export class PageHeader extends LitElement {
@@ -18,11 +18,11 @@ export class PageHeader extends LitElement {
 
     @property()
     set header(value: string) {
-        config().then(config => {
+        tenant().then(tenant => {
             if (value !== "") {
-                document.title = `${value} - ${config.brandingTitle}`;
+                document.title = `${value} - ${tenant.brandingTitle}`;
             } else {
-                document.title = config.brandingTitle || TITLE_DEFAULT;
+                document.title = tenant.brandingTitle || TITLE_DEFAULT;
             }
         });
         this._header = value;

web/src/elements/sidebar/SidebarBrand.ts

@@ -6,29 +6,25 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css";
 import AKGlobal from "../../authentik.css";
 
 import { configureSentry } from "../../api/Sentry";
-import { Config } from "authentik-api";
+import { CurrentTenant } from "authentik-api";
 import { ifDefined } from "lit-html/directives/if-defined";
 import { EVENT_SIDEBAR_TOGGLE } from "../../constants";
+import { tenant } from "../../api/Config";
 
 // If the viewport is wider than MIN_WIDTH, the sidebar
 // is shown besides the content, and not overlayed.
 export const MIN_WIDTH = 1200;
 
-export const DefaultConfig: Config = {
+export const DefaultTenant: CurrentTenant = {
     brandingLogo: " /static/dist/assets/icons/icon_left_brand.svg",
     brandingTitle: "authentik",
-
-    errorReportingEnabled: false,
-    errorReportingEnvironment: "",
-    errorReportingSendPii: false,
     uiFooterLinks: [],
-    capabilities: [],
 };
 
 @customElement("ak-sidebar-brand")
 export class SidebarBrand extends LitElement {
     @property({attribute: false})
-    config: Config = DefaultConfig;
+    tenant: CurrentTenant = DefaultTenant;
 
     static get styles(): CSSResult[] {
         return [
@@ -68,7 +64,8 @@ export class SidebarBrand extends LitElement {
     }
 
     firstUpdated(): void {
-        configureSentry(true).then((c) => {this.config = c;});
+        configureSentry(true);
+        tenant().then(tenant => this.tenant = tenant);
     }
 
     render(): TemplateResult {
@@ -89,7 +86,7 @@ export class SidebarBrand extends LitElement {
             ` : html``}
             <a href="#/" class="pf-c-page__header-brand-link">
                 <div class="pf-c-brand ak-brand">
-                    <img src="${ifDefined(this.config.brandingLogo)}" alt="authentik icon" loading="lazy" />
+                    <img src="${ifDefined(this.tenant.brandingLogo)}" alt="authentik icon" loading="lazy" />
                 </div>
             </a>`;
     }

web/src/flows/FlowExecutor.ts

@@ -26,8 +26,8 @@ import "./stages/password/PasswordStage";
 import "./stages/prompt/PromptStage";
 import "./sources/plex/PlexLoginInit";
 import { StageHost } from "./stages/base";
-import { ChallengeChoices, Config, FlowChallengeRequest, FlowChallengeResponseRequest, FlowsApi, RedirectChallenge, ShellChallenge } from "authentik-api";
-import { config, DEFAULT_CONFIG } from "../api/Config";
+import { ChallengeChoices, CurrentTenant, FlowChallengeRequest, FlowChallengeResponseRequest, FlowsApi, RedirectChallenge, ShellChallenge } from "authentik-api";
+import { DEFAULT_CONFIG, tenant } from "../api/Config";
 import { ifDefined } from "lit-html/directives/if-defined";
 import { until } from "lit-html/directives/until";
 import { PFSize } from "../elements/Spinner";
@@ -46,7 +46,7 @@ export class FlowExecutor extends LitElement implements StageHost {
     loading = false;
 
     @property({ attribute: false })
-    config?: Config;
+    tenant?: CurrentTenant;
 
     static get styles(): CSSResult[] {
         return [PFBase, PFLogin, PFButton, PFTitle, PFList, PFBackgroundImage, AKGlobal].concat(css`
@@ -85,11 +85,11 @@ export class FlowExecutor extends LitElement implements StageHost {
     }
 
     private postUpdate(): void {
-        config().then(config => {
+        tenant().then(tenant => {
             if (this.challenge?.title) {
-                document.title = `${this.challenge.title} - ${config.brandingTitle}`;
+                document.title = `${this.challenge.title} - ${tenant.brandingTitle}`;
             } else {
-                document.title = config.brandingTitle || TITLE_DEFAULT;
+                document.title = tenant.brandingTitle || TITLE_DEFAULT;
             }
         });
     }
@@ -115,9 +115,8 @@ export class FlowExecutor extends LitElement implements StageHost {
     }
 
     firstUpdated(): void {
-        configureSentry().then((config) => {
-            this.config = config;
-        });
+        configureSentry();
+        tenant().then(tenant => this.tenant = tenant);
         this.loading = true;
         new FlowsApi(DEFAULT_CONFIG).flowsExecutorGet({
             flowSlug: this.flowSlug,
@@ -255,7 +254,7 @@ export class FlowExecutor extends LitElement implements StageHost {
             <div class="ak-login-container">
                 <header class="pf-c-login__header">
                     <div class="pf-c-brand ak-brand">
-                        <img src="${ifDefined(this.config?.brandingLogo)}" alt="authentik icon" />
+                        <img src="${ifDefined(this.tenant?.brandingLogo)}" alt="authentik icon" />
                     </div>
                 </header>
                 <div class="pf-c-login__main">
@@ -264,12 +263,12 @@ export class FlowExecutor extends LitElement implements StageHost {
                 <footer class="pf-c-login__footer">
                     <p></p>
                     <ul class="pf-c-list pf-m-inline">
-                        ${until(this.config?.uiFooterLinks?.map((link) => {
+                        ${until(this.tenant?.uiFooterLinks?.map((link) => {
                             return html`<li>
                                 <a href="${link.href || ""}">${link.name}</a>
                             </li>`;
                         }))}
-                        ${this.config?.brandingTitle != "authentik" ? html`
+                        ${this.tenant?.brandingTitle != "authentik" ? html`
                         <li><a href="https://goauthentik.io">${t`Powered by authentik`}</a></li>` : html``}
                     </ul>
                 </footer>

web/src/locales/en.po

@@ -522,6 +522,14 @@ msgstr "Changelog"
 msgid "Characters which are considered as symbols."
 msgstr "Characters which are considered as symbols."
 
+#: src/pages/applications/ApplicationViewPage.ts
+msgid "Check"
+msgstr "Check"
+
+#: src/pages/applications/ApplicationViewPage.ts
+msgid "Check Application access"
+msgstr "Check Application access"
+
 #: src/pages/policies/reputation/ReputationPolicyForm.ts
 msgid "Check IP"
 msgstr "Check IP"
@@ -530,6 +538,10 @@ msgstr "Check IP"
 msgid "Check Username"
 msgstr "Check Username"
 
+#: src/pages/applications/ApplicationViewPage.ts
+msgid "Check access"
+msgstr "Check access"
+
 #: src/flows/stages/authenticator_duo/AuthenticatorDuoStage.ts
 msgid "Check status"
 msgstr "Check status"
@@ -1625,6 +1637,7 @@ msgstr "Hide service-accounts"
 #: src/pages/sources/plex/PlexSourceForm.ts
 #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/pages/stages/identification/IdentificationStageForm.ts
+#: src/pages/stages/identification/IdentificationStageForm.ts
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
@@ -1866,6 +1879,7 @@ msgid "Loading"
 msgstr "Loading"
 
 #: src/elements/Spinner.ts
+#: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/applications/ApplicationForm.ts
 #: src/pages/events/RuleForm.ts
 #: src/pages/events/RuleForm.ts
@@ -1916,6 +1930,7 @@ msgstr "Loading"
 #: src/pages/stages/email/EmailStageForm.ts
 #: src/pages/stages/identification/IdentificationStageForm.ts
 #: src/pages/stages/identification/IdentificationStageForm.ts
+#: src/pages/stages/identification/IdentificationStageForm.ts
 #: src/pages/stages/password/PasswordStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
 #: src/pages/stages/prompt/PromptStageForm.ts
@@ -1986,6 +2001,7 @@ msgstr "Maximum age (in days)"
 msgid "Members"
 msgstr "Members"
 
+#: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/events/EventInfo.ts
 #: src/pages/policies/PolicyTestForm.ts
 #: src/pages/system-tasks/SystemTaskListPage.ts
@@ -2130,6 +2146,7 @@ msgstr "Need an account?"
 msgid "New version available!"
 msgstr "New version available!"
 
+#: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/groups/GroupListPage.ts
 #: src/pages/groups/MemberSelectModal.ts
@@ -2408,6 +2425,7 @@ msgstr "Parent"
 msgid "Pass policy?"
 msgstr "Pass policy?"
 
+#: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/events/EventInfo.ts
 #: src/pages/policies/PolicyTestForm.ts
 msgid "Passing"
@@ -2887,6 +2905,10 @@ msgstr "Select an identification method."
 msgid "Select one of the sources below to login."
 msgstr "Select one of the sources below to login."
 
+#: src/pages/stages/identification/IdentificationStageForm.ts
+msgid "Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP."
+msgstr "Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP."
+
 #: src/pages/groups/MemberSelectModal.ts
 msgid "Select users to add"
 msgstr "Select users to add"
@@ -3054,6 +3076,7 @@ msgstr "Source {0}"
 
 #: src/interfaces/AdminInterface.ts
 #: src/pages/sources/SourcesListPage.ts
+#: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "Sources"
 msgstr "Sources"
 
@@ -3321,6 +3344,7 @@ msgstr "Successfully imported flow."
 msgid "Successfully imported provider."
 msgstr "Successfully imported provider."
 
+#: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/policies/PolicyTestForm.ts
 #: src/pages/property-mappings/PropertyMappingTestForm.ts
 msgid "Successfully sent test-request."
@@ -3516,6 +3540,7 @@ msgstr "Task finished with warnings"
 msgid "Template"
 msgstr "Template"
 
+#: src/pages/applications/ApplicationViewPage.ts
 #: src/pages/events/TransportListPage.ts
 #: src/pages/policies/PolicyListPage.ts
 #: src/pages/policies/PolicyListPage.ts
@@ -3925,6 +3950,7 @@ msgstr "Use this redirect URL:"
 
 #: src/elements/events/ObjectChangelog.ts
 #: src/elements/events/UserEvents.ts
+#: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/events/EventInfo.ts
 #: src/pages/events/EventListPage.ts
 #: src/pages/policies/PolicyBindingForm.ts
@@ -4178,6 +4204,7 @@ msgstr ""
 msgid "X509 Subject"
 msgstr "X509 Subject"
 
+#: src/pages/applications/ApplicationCheckAccessForm.ts
 #: src/pages/crypto/CertificateKeyPairListPage.ts
 #: src/pages/groups/GroupListPage.ts
 #: src/pages/groups/MemberSelectModal.ts

web/src/locales/pseudo-LOCALE.po

@@ -518,6 +518,14 @@ msgstr ""
 msgid "Characters which are considered as symbols."
 msgstr ""
 
+#: 
+msgid "Check"
+msgstr ""
+
+#: 
+msgid "Check Application access"
+msgstr ""
+
 #: 
 msgid "Check IP"
 msgstr ""
@@ -526,6 +534,10 @@ msgstr ""
 msgid "Check Username"
 msgstr ""
 
+#: 
+msgid "Check access"
+msgstr ""
+
 #: 
 msgid "Check status"
 msgstr ""
@@ -1620,6 +1632,7 @@ msgstr ""
 #: 
 #: 
 #: 
+#: 
 msgid "Hold control/command to select multiple items."
 msgstr ""
 
@@ -1911,6 +1924,8 @@ msgstr ""
 #: 
 #: 
 #: 
+#: 
+#: 
 msgid "Loading..."
 msgstr ""
 
@@ -1981,6 +1996,7 @@ msgstr ""
 #: 
 #: 
 #: 
+#: 
 msgid "Messages"
 msgstr ""
 
@@ -2133,6 +2149,7 @@ msgstr ""
 #: 
 #: 
 #: 
+#: 
 msgid "No"
 msgstr ""
 
@@ -2400,6 +2417,7 @@ msgstr ""
 msgid "Pass policy?"
 msgstr ""
 
+#: 
 #: 
 #: 
 msgid "Passing"
@@ -2879,6 +2897,10 @@ msgstr ""
 msgid "Select one of the sources below to login."
 msgstr ""
 
+#: 
+msgid "Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP."
+msgstr ""
+
 #: 
 msgid "Select users to add"
 msgstr ""
@@ -3044,6 +3066,7 @@ msgstr ""
 msgid "Source {0}"
 msgstr ""
 
+#: 
 #: 
 #: 
 msgid "Sources"
@@ -3313,6 +3336,7 @@ msgstr ""
 msgid "Successfully imported provider."
 msgstr ""
 
+#: 
 #: 
 #: 
 msgid "Successfully sent test-request."
@@ -3513,6 +3537,7 @@ msgstr ""
 #: 
 #: 
 #: 
+#: 
 msgid "Test"
 msgstr ""
 
@@ -3923,6 +3948,7 @@ msgstr ""
 #: 
 #: 
 #: 
+#: 
 msgid "User"
 msgstr ""
 
@@ -4175,6 +4201,7 @@ msgstr ""
 #: 
 #: 
 #: 
+#: 
 msgid "Yes"
 msgstr ""