From 1a1d4998339b2b2b4bf52391891a212da057a0f2 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Wed, 18 Dec 2024 13:28:22 +0100 Subject: [PATCH] sources/oauth: allow creation of user connection objects with parameters (#12195) * sources/oauth: allow creation of user connection objects with parameters Signed-off-by: Jens Langhammer * fix web Signed-off-by: Jens Langhammer * tix tests Signed-off-by: Jens Langhammer * add for all Signed-off-by: Jens Langhammer * align Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- authentik/core/api/sources.py | 13 +- blueprints/schema.json | 84 +++++ schema.yml | 301 +++++++++++++++++- tests/e2e/test_source_oauth_oauth2.py | 2 +- .../elements/user/sources/SourceSettings.ts | 2 +- 5 files changed, 380 insertions(+), 22 deletions(-) diff --git a/authentik/core/api/sources.py b/authentik/core/api/sources.py index 015cbd52b9f3..c1ccd44672d7 100644 --- a/authentik/core/api/sources.py +++ b/authentik/core/api/sources.py @@ -159,9 +159,9 @@ def user_settings(self, request: Request) -> Response: class UserSourceConnectionSerializer(SourceSerializer): - """OAuth Source Serializer""" + """User source connection""" - source = SourceSerializer(read_only=True) + source_obj = SourceSerializer(read_only=True, source="source") class Meta: model = UserSourceConnection @@ -169,10 +169,10 @@ class Meta: "pk", "user", "source", + "source_obj", "created", ] extra_kwargs = { - "user": {"read_only": True}, "created": {"read_only": True}, } @@ -197,9 +197,9 @@ class UserSourceConnectionViewSet( class GroupSourceConnectionSerializer(SourceSerializer): - """Group Source Connection Serializer""" + """Group Source Connection""" - source = SourceSerializer(read_only=True) + source_obj = SourceSerializer(read_only=True) class Meta: model = GroupSourceConnection @@ -207,12 +207,11 @@ class Meta: "pk", "group", "source", + "source_obj", "identifier", "created", ] extra_kwargs = { - "group": {"read_only": True}, - "identifier": {"read_only": True}, "created": {"read_only": True}, } diff --git a/blueprints/schema.json b/blueprints/schema.json index a34894b6541c..872bf3ad96be 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -7170,6 +7170,10 @@ "type": "integer", "title": "User" }, + "source": { + "type": "integer", + "title": "Source" + }, "identifier": { "type": "string", "minLength": 1, @@ -7212,6 +7216,20 @@ "model_authentik_sources_kerberos.groupkerberossourceconnection": { "type": "object", "properties": { + "group": { + "type": "string", + "format": "uuid", + "title": "Group" + }, + "source": { + "type": "integer", + "title": "Source" + }, + "identifier": { + "type": "string", + "minLength": 1, + "title": "Identifier" + }, "icon": { "type": "string", "minLength": 1, @@ -7755,6 +7773,14 @@ "model_authentik_sources_oauth.useroauthsourceconnection": { "type": "object", "properties": { + "user": { + "type": "integer", + "title": "User" + }, + "source": { + "type": "integer", + "title": "Source" + }, "identifier": { "type": "string", "maxLength": 255, @@ -7805,6 +7831,20 @@ "model_authentik_sources_oauth.groupoauthsourceconnection": { "type": "object", "properties": { + "group": { + "type": "string", + "format": "uuid", + "title": "Group" + }, + "source": { + "type": "integer", + "title": "Source" + }, + "identifier": { + "type": "string", + "minLength": 1, + "title": "Identifier" + }, "icon": { "type": "string", "minLength": 1, @@ -8038,6 +8078,14 @@ "model_authentik_sources_plex.userplexsourceconnection": { "type": "object", "properties": { + "user": { + "type": "integer", + "title": "User" + }, + "source": { + "type": "integer", + "title": "Source" + }, "identifier": { "type": "string", "minLength": 1, @@ -8085,6 +8133,20 @@ "model_authentik_sources_plex.groupplexsourceconnection": { "type": "object", "properties": { + "group": { + "type": "string", + "format": "uuid", + "title": "Group" + }, + "source": { + "type": "integer", + "title": "Source" + }, + "identifier": { + "type": "string", + "minLength": 1, + "title": "Identifier" + }, "icon": { "type": "string", "minLength": 1, @@ -8395,6 +8457,14 @@ "model_authentik_sources_saml.usersamlsourceconnection": { "type": "object", "properties": { + "user": { + "type": "integer", + "title": "User" + }, + "source": { + "type": "integer", + "title": "Source" + }, "identifier": { "type": "string", "minLength": 1, @@ -8437,6 +8507,20 @@ "model_authentik_sources_saml.groupsamlsourceconnection": { "type": "object", "properties": { + "group": { + "type": "string", + "format": "uuid", + "title": "Group" + }, + "source": { + "type": "integer", + "title": "Source" + }, + "identifier": { + "type": "string", + "minLength": 1, + "title": "Identifier" + }, "icon": { "type": "string", "minLength": 1, diff --git a/schema.yml b/schema.yml index 1f74a2ed70f5..a8484192e1af 100644 --- a/schema.yml +++ b/schema.yml @@ -25008,6 +25008,12 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupKerberosSourceConnectionRequest' + required: true security: - authentik: [] responses: @@ -25042,6 +25048,11 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedGroupKerberosSourceConnectionRequest' security: - authentik: [] responses: @@ -25196,6 +25207,12 @@ paths: description: Group-source connection Viewset tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupOAuthSourceConnectionRequest' + required: true security: - authentik: [] responses: @@ -25263,6 +25280,12 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupOAuthSourceConnectionRequest' + required: true security: - authentik: [] responses: @@ -25296,6 +25319,11 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedGroupOAuthSourceConnectionRequest' security: - authentik: [] responses: @@ -25448,6 +25476,12 @@ paths: description: Group-source connection Viewset tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupPlexSourceConnectionRequest' + required: true security: - authentik: [] responses: @@ -25515,6 +25549,12 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupPlexSourceConnectionRequest' + required: true security: - authentik: [] responses: @@ -25548,6 +25588,11 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedGroupPlexSourceConnectionRequest' security: - authentik: [] responses: @@ -25741,6 +25786,12 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupSAMLSourceConnectionRequest' + required: true security: - authentik: [] responses: @@ -25774,6 +25825,11 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedGroupSAMLSourceConnectionRequest' security: - authentik: [] responses: @@ -28734,6 +28790,12 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserSourceConnectionRequest' + required: true security: - authentik: [] responses: @@ -28767,6 +28829,11 @@ paths: required: true tags: - sources + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedUserSourceConnectionRequest' security: - authentik: [] responses: @@ -42555,14 +42622,15 @@ components: group: type: string format: uuid - readOnly: true source: + type: string + format: uuid + source_obj: allOf: - $ref: '#/components/schemas/Source' readOnly: true identifier: type: string - readOnly: true created: type: string format: date-time @@ -42573,6 +42641,24 @@ components: - identifier - pk - source + - source_obj + GroupKerberosSourceConnectionRequest: + type: object + description: OAuth Group-Source connection Serializer + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 + required: + - group + - identifier + - source GroupMatchingModeEnum: enum: - identifier @@ -42667,14 +42753,15 @@ components: group: type: string format: uuid - readOnly: true source: + type: string + format: uuid + source_obj: allOf: - $ref: '#/components/schemas/Source' readOnly: true identifier: type: string - readOnly: true created: type: string format: date-time @@ -42685,6 +42772,24 @@ components: - identifier - pk - source + - source_obj + GroupOAuthSourceConnectionRequest: + type: object + description: OAuth Group-Source connection Serializer + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 + required: + - group + - identifier + - source GroupPlexSourceConnection: type: object description: Plex Group-Source connection Serializer @@ -42696,14 +42801,15 @@ components: group: type: string format: uuid - readOnly: true source: + type: string + format: uuid + source_obj: allOf: - $ref: '#/components/schemas/Source' readOnly: true identifier: type: string - readOnly: true created: type: string format: date-time @@ -42714,6 +42820,24 @@ components: - identifier - pk - source + - source_obj + GroupPlexSourceConnectionRequest: + type: object + description: Plex Group-Source connection Serializer + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 + required: + - group + - identifier + - source GroupRequest: type: object description: Group Serializer @@ -42753,14 +42877,15 @@ components: group: type: string format: uuid - readOnly: true source: + type: string + format: uuid + source_obj: allOf: - $ref: '#/components/schemas/Source' readOnly: true identifier: type: string - readOnly: true created: type: string format: date-time @@ -42771,6 +42896,24 @@ components: - identifier - pk - source + - source_obj + GroupSAMLSourceConnectionRequest: + type: object + description: OAuth Group-Source connection Serializer + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 + required: + - group + - identifier + - source IdentificationChallenge: type: object description: Identification challenges with all UI elements @@ -48562,6 +48705,45 @@ components: default_group_email_domain: type: string minLength: 1 + PatchedGroupKerberosSourceConnectionRequest: + type: object + description: OAuth Group-Source connection Serializer + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 + PatchedGroupOAuthSourceConnectionRequest: + type: object + description: OAuth Group-Source connection Serializer + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 + PatchedGroupPlexSourceConnectionRequest: + type: object + description: Plex Group-Source connection Serializer + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 PatchedGroupRequest: type: object description: Group Serializer @@ -48588,6 +48770,19 @@ components: items: type: string format: uuid + PatchedGroupSAMLSourceConnectionRequest: + type: object + description: OAuth Group-Source connection Serializer + properties: + group: + type: string + format: uuid + source: + type: string + format: uuid + identifier: + type: string + minLength: 1 PatchedIdentificationStageRequest: type: object description: IdentificationStage Serializer @@ -50510,6 +50705,9 @@ components: properties: user: type: integer + source: + type: string + format: uuid identifier: type: string minLength: 1 @@ -50562,6 +50760,11 @@ components: type: object description: OAuth Source Serializer properties: + user: + type: integer + source: + type: string + format: uuid identifier: type: string minLength: 1 @@ -50574,6 +50777,11 @@ components: type: object description: Plex Source connection Serializer properties: + user: + type: integer + source: + type: string + format: uuid identifier: type: string minLength: 1 @@ -50623,9 +50831,23 @@ components: type: object description: SAML Source Serializer properties: + user: + type: integer + source: + type: string + format: uuid identifier: type: string minLength: 1 + PatchedUserSourceConnectionRequest: + type: object + description: User source connection + properties: + user: + type: integer + source: + type: string + format: uuid PatchedUserWriteStageRequest: type: object description: UserWriteStage Serializer @@ -55550,6 +55772,9 @@ components: user: type: integer source: + type: string + format: uuid + source_obj: allOf: - $ref: '#/components/schemas/Source' readOnly: true @@ -55564,6 +55789,7 @@ components: - identifier - pk - source + - source_obj - user UserKerberosSourceConnectionRequest: type: object @@ -55571,11 +55797,15 @@ components: properties: user: type: integer + source: + type: string + format: uuid identifier: type: string minLength: 1 required: - identifier + - source - user UserLoginChallenge: type: object @@ -55798,8 +56028,10 @@ components: title: ID user: type: integer - readOnly: true source: + type: string + format: uuid + source_obj: allOf: - $ref: '#/components/schemas/Source' readOnly: true @@ -55815,11 +56047,17 @@ components: - identifier - pk - source + - source_obj - user UserOAuthSourceConnectionRequest: type: object description: OAuth Source Serializer properties: + user: + type: integer + source: + type: string + format: uuid identifier: type: string minLength: 1 @@ -55830,6 +56068,8 @@ components: nullable: true required: - identifier + - source + - user UserObjectPermission: type: object description: User-bound object level permission @@ -55887,8 +56127,10 @@ components: title: ID user: type: integer - readOnly: true source: + type: string + format: uuid + source_obj: allOf: - $ref: '#/components/schemas/Source' readOnly: true @@ -55903,11 +56145,17 @@ components: - identifier - pk - source + - source_obj - user UserPlexSourceConnectionRequest: type: object description: Plex Source connection Serializer properties: + user: + type: integer + source: + type: string + format: uuid identifier: type: string minLength: 1 @@ -55918,6 +56166,8 @@ components: required: - identifier - plex_token + - source + - user UserRequest: type: object description: User Serializer @@ -55969,8 +56219,10 @@ components: title: ID user: type: integer - readOnly: true source: + type: string + format: uuid + source_obj: allOf: - $ref: '#/components/schemas/Source' readOnly: true @@ -55985,16 +56237,24 @@ components: - identifier - pk - source + - source_obj - user UserSAMLSourceConnectionRequest: type: object description: SAML Source Serializer properties: + user: + type: integer + source: + type: string + format: uuid identifier: type: string minLength: 1 required: - identifier + - source + - user UserSelf: type: object description: User Serializer for information a user can retrieve about themselves @@ -56130,7 +56390,7 @@ components: - title UserSourceConnection: type: object - description: OAuth Source Serializer + description: User source connection properties: pk: type: integer @@ -56138,8 +56398,10 @@ components: title: ID user: type: integer - readOnly: true source: + type: string + format: uuid + source_obj: allOf: - $ref: '#/components/schemas/Source' readOnly: true @@ -56151,6 +56413,19 @@ components: - created - pk - source + - source_obj + - user + UserSourceConnectionRequest: + type: object + description: User source connection + properties: + user: + type: integer + source: + type: string + format: uuid + required: + - source - user UserTypeEnum: enum: diff --git a/tests/e2e/test_source_oauth_oauth2.py b/tests/e2e/test_source_oauth_oauth2.py index 87d976797f76..3766c23d48b0 100644 --- a/tests/e2e/test_source_oauth_oauth2.py +++ b/tests/e2e/test_source_oauth_oauth2.py @@ -192,5 +192,5 @@ def test_oauth_link(self): results = body_json["results"] self.assertEqual(len(results), 1) connection = results[0] - self.assertEqual(connection["source"]["slug"], self.slug) + self.assertEqual(connection["source_obj"]["slug"], self.slug) self.assertEqual(connection["user"], self.user.pk) diff --git a/web/src/elements/user/sources/SourceSettings.ts b/web/src/elements/user/sources/SourceSettings.ts index feae1f35b979..2cfd8a8c5190 100644 --- a/web/src/elements/user/sources/SourceSettings.ts +++ b/web/src/elements/user/sources/SourceSettings.ts @@ -70,7 +70,7 @@ export class UserSourceSettingsPage extends AKElement { let connectionPk = -1; if (this.connections) { const connections = this.connections.results.filter( - (con) => con.source.slug === source.objectUid, + (con) => con.sourceObj.slug === source.objectUid, ); if (connections.length > 0) { connectionPk = connections[0].pk;