authentik.core.views.interface
Interface views
1"""Interface views""" 2 3from json import dumps 4from typing import Any 5 6from django.contrib.auth.mixins import AccessMixin 7from django.http import HttpRequest 8from django.http.response import HttpResponse 9from django.shortcuts import redirect 10from django.utils.translation import gettext as _ 11from django.views.generic.base import RedirectView, TemplateView 12 13from authentik import authentik_build_hash 14from authentik.admin.tasks import LOCAL_VERSION 15from authentik.api.v3.config import ConfigView 16from authentik.brands.api import CurrentBrandSerializer 17from authentik.brands.models import Brand 18from authentik.core.apps import Setup 19from authentik.core.models import UserTypes 20from authentik.lib.config import CONFIG 21from authentik.policies.denied import AccessDeniedResponse 22 23 24class RootRedirectView(AccessMixin, RedirectView): 25 """Root redirect view, redirect to brand's default application if set""" 26 27 pattern_name = "authentik_core:if-user" 28 query_string = True 29 30 def redirect_to_app(self, request: HttpRequest): 31 if request.user.is_authenticated and request.user.type in ( 32 UserTypes.EXTERNAL, 33 UserTypes.SERVICE_ACCOUNT, 34 UserTypes.INTERNAL_SERVICE_ACCOUNT, 35 ): 36 brand: Brand = request.brand 37 if brand.default_application: 38 return redirect( 39 "authentik_core:application-launch", 40 application_slug=brand.default_application.slug, 41 ) 42 return None 43 44 def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: 45 if not Setup.get(): 46 return redirect("authentik_core:setup") 47 if not request.user.is_authenticated: 48 return self.handle_no_permission() 49 if redirect_response := RootRedirectView().redirect_to_app(request): 50 return redirect_response 51 return super().dispatch(request, *args, **kwargs) 52 53 54class InterfaceView(TemplateView): 55 """Base interface view""" 56 57 def get_context_data(self, **kwargs: Any) -> dict[str, Any]: 58 brand = CurrentBrandSerializer(self.request.brand) 59 kwargs["config_json"] = dumps(ConfigView.get_config(self.request).data) 60 kwargs["ui_theme"] = brand.data["ui_theme"] 61 kwargs["brand_json"] = dumps(brand.data) 62 kwargs["version_family"] = f"{LOCAL_VERSION.major}.{LOCAL_VERSION.minor}" 63 kwargs["version_subdomain"] = f"version-{LOCAL_VERSION.major}-{LOCAL_VERSION.minor}" 64 kwargs["build"] = authentik_build_hash() 65 kwargs["url_kwargs"] = self.kwargs 66 kwargs["base_url"] = self.request.build_absolute_uri(CONFIG.get("web.path", "/")) 67 kwargs["base_url_rel"] = CONFIG.get("web.path", "/") 68 return super().get_context_data(**kwargs) 69 70 71class BrandDefaultRedirectView(InterfaceView): 72 """By default redirect to default app""" 73 74 def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: 75 if request.user.is_authenticated and request.user.type in ( 76 UserTypes.EXTERNAL, 77 UserTypes.SERVICE_ACCOUNT, 78 UserTypes.INTERNAL_SERVICE_ACCOUNT, 79 ): 80 brand: Brand = request.brand 81 if brand.default_application: 82 return redirect( 83 "authentik_core:application-launch", 84 application_slug=brand.default_application.slug, 85 ) 86 response = AccessDeniedResponse(self.request) 87 response.error_message = _("Interface can only be accessed by internal users.") 88 return response 89 return super().dispatch(request, *args, **kwargs)
class
RootRedirectView(django.contrib.auth.mixins.AccessMixin, django.views.generic.base.RedirectView):
25class RootRedirectView(AccessMixin, RedirectView): 26 """Root redirect view, redirect to brand's default application if set""" 27 28 pattern_name = "authentik_core:if-user" 29 query_string = True 30 31 def redirect_to_app(self, request: HttpRequest): 32 if request.user.is_authenticated and request.user.type in ( 33 UserTypes.EXTERNAL, 34 UserTypes.SERVICE_ACCOUNT, 35 UserTypes.INTERNAL_SERVICE_ACCOUNT, 36 ): 37 brand: Brand = request.brand 38 if brand.default_application: 39 return redirect( 40 "authentik_core:application-launch", 41 application_slug=brand.default_application.slug, 42 ) 43 return None 44 45 def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: 46 if not Setup.get(): 47 return redirect("authentik_core:setup") 48 if not request.user.is_authenticated: 49 return self.handle_no_permission() 50 if redirect_response := RootRedirectView().redirect_to_app(request): 51 return redirect_response 52 return super().dispatch(request, *args, **kwargs)
Root redirect view, redirect to brand's default application if set
def
redirect_to_app(self, request: django.http.request.HttpRequest):
31 def redirect_to_app(self, request: HttpRequest): 32 if request.user.is_authenticated and request.user.type in ( 33 UserTypes.EXTERNAL, 34 UserTypes.SERVICE_ACCOUNT, 35 UserTypes.INTERNAL_SERVICE_ACCOUNT, 36 ): 37 brand: Brand = request.brand 38 if brand.default_application: 39 return redirect( 40 "authentik_core:application-launch", 41 application_slug=brand.default_application.slug, 42 ) 43 return None
def
dispatch( self, request: django.http.request.HttpRequest, *args: Any, **kwargs: Any) -> django.http.response.HttpResponse:
45 def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: 46 if not Setup.get(): 47 return redirect("authentik_core:setup") 48 if not request.user.is_authenticated: 49 return self.handle_no_permission() 50 if redirect_response := RootRedirectView().redirect_to_app(request): 51 return redirect_response 52 return super().dispatch(request, *args, **kwargs)
class
InterfaceView(django.views.generic.base.TemplateView):
55class InterfaceView(TemplateView): 56 """Base interface view""" 57 58 def get_context_data(self, **kwargs: Any) -> dict[str, Any]: 59 brand = CurrentBrandSerializer(self.request.brand) 60 kwargs["config_json"] = dumps(ConfigView.get_config(self.request).data) 61 kwargs["ui_theme"] = brand.data["ui_theme"] 62 kwargs["brand_json"] = dumps(brand.data) 63 kwargs["version_family"] = f"{LOCAL_VERSION.major}.{LOCAL_VERSION.minor}" 64 kwargs["version_subdomain"] = f"version-{LOCAL_VERSION.major}-{LOCAL_VERSION.minor}" 65 kwargs["build"] = authentik_build_hash() 66 kwargs["url_kwargs"] = self.kwargs 67 kwargs["base_url"] = self.request.build_absolute_uri(CONFIG.get("web.path", "/")) 68 kwargs["base_url_rel"] = CONFIG.get("web.path", "/") 69 return super().get_context_data(**kwargs)
Base interface view
def
get_context_data(self, **kwargs: Any) -> dict[str, typing.Any]:
58 def get_context_data(self, **kwargs: Any) -> dict[str, Any]: 59 brand = CurrentBrandSerializer(self.request.brand) 60 kwargs["config_json"] = dumps(ConfigView.get_config(self.request).data) 61 kwargs["ui_theme"] = brand.data["ui_theme"] 62 kwargs["brand_json"] = dumps(brand.data) 63 kwargs["version_family"] = f"{LOCAL_VERSION.major}.{LOCAL_VERSION.minor}" 64 kwargs["version_subdomain"] = f"version-{LOCAL_VERSION.major}-{LOCAL_VERSION.minor}" 65 kwargs["build"] = authentik_build_hash() 66 kwargs["url_kwargs"] = self.kwargs 67 kwargs["base_url"] = self.request.build_absolute_uri(CONFIG.get("web.path", "/")) 68 kwargs["base_url_rel"] = CONFIG.get("web.path", "/") 69 return super().get_context_data(**kwargs)
72class BrandDefaultRedirectView(InterfaceView): 73 """By default redirect to default app""" 74 75 def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: 76 if request.user.is_authenticated and request.user.type in ( 77 UserTypes.EXTERNAL, 78 UserTypes.SERVICE_ACCOUNT, 79 UserTypes.INTERNAL_SERVICE_ACCOUNT, 80 ): 81 brand: Brand = request.brand 82 if brand.default_application: 83 return redirect( 84 "authentik_core:application-launch", 85 application_slug=brand.default_application.slug, 86 ) 87 response = AccessDeniedResponse(self.request) 88 response.error_message = _("Interface can only be accessed by internal users.") 89 return response 90 return super().dispatch(request, *args, **kwargs)
By default redirect to default app
def
dispatch( self, request: django.http.request.HttpRequest, *args: Any, **kwargs: Any) -> django.http.response.HttpResponse:
75 def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: 76 if request.user.is_authenticated and request.user.type in ( 77 UserTypes.EXTERNAL, 78 UserTypes.SERVICE_ACCOUNT, 79 UserTypes.INTERNAL_SERVICE_ACCOUNT, 80 ): 81 brand: Brand = request.brand 82 if brand.default_application: 83 return redirect( 84 "authentik_core:application-launch", 85 application_slug=brand.default_application.slug, 86 ) 87 response = AccessDeniedResponse(self.request) 88 response.error_message = _("Interface can only be accessed by internal users.") 89 return response 90 return super().dispatch(request, *args, **kwargs)