Merge branch 'master' into version-2021.3

Signed-off-by: Jens Langhammer <[email protected]>

# Conflicts:
#	docker-compose.yml
#	helm/README.md
#	web/src/authentik.css
#	web/src/flows/FlowExecutor.ts
#	web/src/flows/stages/identification/IdentificationStage.ts
#	website/docs/installation/kubernetes.md

Author: BeryJu

.bumpversion.cfg

@@ -36,3 +36,7 @@ values =
 [bumpversion:file:outpost/pkg/version.go]
 
 [bumpversion:file:web/src/constants.ts]
+
+[bumpversion:file:website/docs/outpusts/manual-deploy-docker-compose.md]
+
+[bumpversion:file:website/docs/outpusts/manual-deploy-kubernetes.md]

.github/workflows/release.yml

@@ -59,6 +59,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
+      - name: prepare ts api client
+        run: |
+          docker run --rm -v $(pwd):/local openapitools/openapi-generator-cli generate -i /local/swagger.yaml -g typescript-fetch -o /local/web/src/api --additional-properties=typescriptThreePlus=true
       - name: Docker Login Registry
         env:
           DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

Dockerfile

@@ -45,4 +45,5 @@ COPY ./lifecycle/ /lifecycle
 USER authentik
 STOPSIGNAL SIGINT
 ENV TMPDIR /dev/shm/
+ENV PYTHONUBUFFERED 1
 ENTRYPOINT [ "/lifecycle/bootstrap.sh" ]

Pipfile.lock

@@ -7,8 +7,8 @@
 from django.db.models.fields import DurationField
 from django.db.models.functions import ExtractHour
 from django.utils.timezone import now
-from drf_yasg2.utils import swagger_auto_schema
-from rest_framework.fields import SerializerMethodField
+from drf_yasg2.utils import swagger_auto_schema, swagger_serializer_method
+from rest_framework.fields import IntegerField, SerializerMethodField
 from rest_framework.permissions import IsAdminUser
 from rest_framework.request import Request
 from rest_framework.response import Response
@@ -37,23 +37,39 @@ def get_events_per_1h(**filter_kwargs) -> list[dict[str, int]]:
     for hour in range(0, -24, -1):
         results.append(
             {
-                "x": time.mktime((_now + timedelta(hours=hour)).timetuple()) * 1000,
-                "y": data[hour * -1],
+                "x_cord": time.mktime((_now + timedelta(hours=hour)).timetuple())
+                * 1000,
+                "y_cord": data[hour * -1],
             }
         )
     return results
 
 
-class AdministrationMetricsSerializer(Serializer):
+class CoordinateSerializer(Serializer):
+    """Coordinates for diagrams"""
+
+    x_cord = IntegerField(read_only=True)
+    y_cord = IntegerField(read_only=True)
+
+    def create(self, validated_data: dict) -> Model:
+        raise NotImplementedError
+
+    def update(self, instance: Model, validated_data: dict) -> Model:
+        raise NotImplementedError
+
+
+class LoginMetricsSerializer(Serializer):
     """Login Metrics per 1h"""
 
     logins_per_1h = SerializerMethodField()
     logins_failed_per_1h = SerializerMethodField()
 
+    @swagger_serializer_method(serializer_or_field=CoordinateSerializer(many=True))
     def get_logins_per_1h(self, _):
         """Get successful logins per hour for the last 24 hours"""
         return get_events_per_1h(action=EventAction.LOGIN)
 
+    @swagger_serializer_method(serializer_or_field=CoordinateSerializer(many=True))
     def get_logins_failed_per_1h(self, _):
         """Get failed logins per hour for the last 24 hours"""
         return get_events_per_1h(action=EventAction.LOGIN_FAILED)
@@ -70,8 +86,8 @@ class AdministrationMetricsViewSet(ViewSet):
 
     permission_classes = [IsAdminUser]
 
-    @swagger_auto_schema(responses={200: AdministrationMetricsSerializer(many=True)})
+    @swagger_auto_schema(responses={200: LoginMetricsSerializer(many=False)})
     def list(self, request: Request) -> Response:
         """Login Metrics per 1h"""
-        serializer = AdministrationMetricsSerializer(True)
+        serializer = LoginMetricsSerializer(True)
         return Response(serializer.data)

authentik/admin/api/metrics.py

@@ -25,8 +25,8 @@ class TaskSerializer(Serializer):
     task_finish_timestamp = DateTimeField(source="finish_timestamp")
 
     status = ChoiceField(
-        source="result.status.value",
-        choices=[(x.value, x.name) for x in TaskResultStatus],
+        source="result.status.name",
+        choices=[(x.name, x.name) for x in TaskResultStatus],
     )
     messages = ListField(source="result.messages")
 

authentik/admin/api/tasks.py

@@ -1,4 +1,5 @@
 """api v2 urls"""
+from django.conf import settings
 from django.urls import path, re_path
 from drf_yasg2 import openapi
 from drf_yasg2.views import get_schema_view
@@ -54,12 +55,24 @@
 from authentik.sources.ldap.api import LDAPPropertyMappingViewSet, LDAPSourceViewSet
 from authentik.sources.oauth.api import OAuthSourceViewSet
 from authentik.sources.saml.api import SAMLSourceViewSet
-from authentik.stages.authenticator_static.api import AuthenticatorStaticStageViewSet
-from authentik.stages.authenticator_totp.api import AuthenticatorTOTPStageViewSet
+from authentik.stages.authenticator_static.api import (
+    AuthenticatorStaticStageViewSet,
+    StaticAdminDeviceViewSet,
+    StaticDeviceViewSet,
+)
+from authentik.stages.authenticator_totp.api import (
+    AuthenticatorTOTPStageViewSet,
+    TOTPAdminDeviceViewSet,
+    TOTPDeviceViewSet,
+)
 from authentik.stages.authenticator_validate.api import (
     AuthenticatorValidateStageViewSet,
 )
-from authentik.stages.authenticator_webauthn.api import AuthenticateWebAuthnStageViewSet
+from authentik.stages.authenticator_webauthn.api import (
+    AuthenticateWebAuthnStageViewSet,
+    WebAuthnAdminDeviceViewSet,
+    WebAuthnDeviceViewSet,
+)
 from authentik.stages.captcha.api import CaptchaStageViewSet
 from authentik.stages.consent.api import ConsentStageViewSet
 from authentik.stages.deny.api import DenyStageViewSet
@@ -133,6 +146,13 @@
 router.register("propertymappings/saml", SAMLPropertyMappingViewSet)
 router.register("propertymappings/scope", ScopeMappingViewSet)
 
+router.register("authenticators/static", StaticDeviceViewSet)
+router.register("authenticators/totp", TOTPDeviceViewSet)
+router.register("authenticators/webauthn", WebAuthnDeviceViewSet)
+router.register("authenticators/admin/static", StaticAdminDeviceViewSet)
+router.register("authenticators/admin/totp", TOTPAdminDeviceViewSet)
+router.register("authenticators/admin/webauthn", WebAuthnAdminDeviceViewSet)
+
 router.register("stages/all", StageViewSet)
 router.register("stages/authenticator/static", AuthenticatorStaticStageViewSet)
 router.register("stages/authenticator/totp", AuthenticatorTOTPStageViewSet)
@@ -164,27 +184,26 @@
         name="GNU GPLv3", url="https://github.com/BeryJu/authentik/blob/master/LICENSE"
     ),
 )
-SchemaView = get_schema_view(
-    info,
-    public=True,
-    permission_classes=(AllowAny,),
-)
+SchemaView = get_schema_view(info, public=True, permission_classes=(AllowAny,))
 
-urlpatterns = [
-    re_path(
-        r"^swagger(?P<format>\.json|\.yaml)$",
-        SchemaView.without_ui(cache_timeout=0),
-        name="schema-json",
-    ),
-    path(
-        "swagger/",
-        SchemaView.with_ui("swagger", cache_timeout=0),
-        name="schema-swagger-ui",
-    ),
-    path("redoc/", SchemaView.with_ui("redoc", cache_timeout=0), name="schema-redoc"),
+urlpatterns = router.urls + [
     path(
         "flows/executor/<slug:flow_slug>/",
         FlowExecutorView.as_view(),
         name="flow-executor",
     ),
-] + router.urls
+    re_path(
+        r"^swagger(?P<format>\.json|\.yaml)$",
+        SchemaView.without_ui(cache_timeout=0),
+        name="schema-json",
+    ),
+]
+
+if settings.DEBUG:
+    urlpatterns = urlpatterns + [
+        path(
+            "swagger/",
+            SchemaView.with_ui("swagger", cache_timeout=0),
+            name="schema-swagger-ui",
+        ),
+    ]

authentik/api/v2/urls.py

@@ -2,6 +2,7 @@
 from django.core.cache import cache
 from django.db.models import QuerySet
 from django.http.response import Http404
+from drf_yasg2.utils import swagger_auto_schema
 from guardian.shortcuts import get_objects_for_user
 from rest_framework.decorators import action
 from rest_framework.fields import SerializerMethodField
@@ -13,7 +14,7 @@
 from rest_framework_guardian.filters import ObjectPermissionsFilter
 from structlog.stdlib import get_logger
 
-from authentik.admin.api.metrics import get_events_per_1h
+from authentik.admin.api.metrics import CoordinateSerializer, get_events_per_1h
 from authentik.core.api.providers import ProviderSerializer
 from authentik.core.models import Application
 from authentik.events.models import EventAction
@@ -109,6 +110,7 @@ def list(self, request: Request) -> Response:
         serializer = self.get_serializer(allowed_applications, many=True)
         return self.get_paginated_response(serializer.data)
 
+    @swagger_auto_schema(responses={200: CoordinateSerializer(many=True)})
     @action(detail=True)
     def metrics(self, request: Request, slug: str):
         """Metrics for application logins"""

authentik/core/api/applications.py

@@ -21,3 +21,4 @@ class GroupViewSet(ModelViewSet):
     serializer_class = GroupSerializer
     search_fields = ["name", "is_superuser"]
     filterset_fields = ["name", "is_superuser"]
+    ordering = ["name"]

authentik/core/api/groups.py

@@ -28,9 +28,9 @@ def get_verbose_name_plural(self, obj: Model) -> str:
 class TypeCreateSerializer(Serializer):
     """Types of an object that can be created"""
 
-    name = CharField(read_only=True)
-    description = CharField(read_only=True)
-    link = CharField(read_only=True)
+    name = CharField(required=True)
+    description = CharField(required=True)
+    link = CharField(required=True)
 
     def create(self, validated_data: dict) -> Model:
         raise NotImplementedError