authentik.enterprise.stages.authenticator_endpoint_gdtc.models

Endpoint stage

  1"""Endpoint stage"""
  2
  3from uuid import uuid4
  4
  5from django.contrib.auth import get_user_model
  6from django.db import models
  7from django.utils.translation import gettext_lazy as _
  8from google.oauth2.service_account import Credentials
  9from rest_framework.serializers import BaseSerializer, Serializer
 10
 11from authentik.core.types import UserSettingSerializer
 12from authentik.flows.models import ConfigurableStage, FriendlyNamedStage, Stage
 13from authentik.flows.stage import StageView
 14from authentik.lib.models import DeprecatedMixin, InternallyManagedMixin, SerializerModel
 15from authentik.stages.authenticator.models import Device
 16
 17
 18class AuthenticatorEndpointGDTCStage(DeprecatedMixin, ConfigurableStage, FriendlyNamedStage, Stage):
 19    """Verify Google Chrome Device Trust connection for the user's browser."""
 20
 21    credentials = models.JSONField()
 22
 23    def google_credentials(self):
 24        return {
 25            "credentials": Credentials.from_service_account_info(
 26                self.credentials, scopes=["https://www.googleapis.com/auth/verifiedaccess"]
 27            ),
 28        }
 29
 30    @property
 31    def serializer(self) -> type[BaseSerializer]:
 32        from authentik.enterprise.stages.authenticator_endpoint_gdtc.api import (
 33            AuthenticatorEndpointGDTCStageSerializer,
 34        )
 35
 36        return AuthenticatorEndpointGDTCStageSerializer
 37
 38    @property
 39    def view(self) -> type[StageView]:
 40        from authentik.enterprise.stages.authenticator_endpoint_gdtc.stage import (
 41            AuthenticatorEndpointStageView,
 42        )
 43
 44        return AuthenticatorEndpointStageView
 45
 46    @property
 47    def component(self) -> str:
 48        return "ak-stage-authenticator-endpoint-gdtc-form"
 49
 50    def ui_user_settings(self) -> UserSettingSerializer | None:
 51        return UserSettingSerializer(
 52            data={
 53                "title": self.friendly_name or str(self._meta.verbose_name),
 54                "component": "ak-user-settings-authenticator-endpoint",
 55            }
 56        )
 57
 58    def __str__(self) -> str:
 59        return f"Endpoint Authenticator Google Device Trust Connector Stage {self.name}"
 60
 61    class Meta:
 62        verbose_name = _("Endpoint Authenticator Google Device Trust Connector Stage")
 63        verbose_name_plural = _("Endpoint Authenticator Google Device Trust Connector Stages")
 64
 65
 66class EndpointDevice(InternallyManagedMixin, SerializerModel, Device):
 67    """Endpoint Device for a single user"""
 68
 69    uuid = models.UUIDField(primary_key=True, default=uuid4)
 70    host_identifier = models.TextField(
 71        unique=True,
 72        help_text="A unique identifier for the endpoint device, usually the device serial number",
 73    )
 74
 75    user = models.ForeignKey(get_user_model(), on_delete=models.CASCADE)
 76    data = models.JSONField()
 77
 78    @property
 79    def serializer(self) -> Serializer:
 80        from authentik.enterprise.stages.authenticator_endpoint_gdtc.api import (
 81            GoogleEndpointDeviceSerializer,
 82        )
 83
 84        return GoogleEndpointDeviceSerializer
 85
 86    def __str__(self):
 87        return str(self.name) or str(self.user_id)
 88
 89    class Meta:
 90        verbose_name = _("Endpoint Device")
 91        verbose_name_plural = _("Endpoint Devices")
 92
 93
 94class EndpointDeviceConnection(InternallyManagedMixin, models.Model):
 95    device = models.ForeignKey(EndpointDevice, on_delete=models.CASCADE)
 96    stage = models.ForeignKey(AuthenticatorEndpointGDTCStage, on_delete=models.CASCADE)
 97
 98    attributes = models.JSONField()
 99
100    def __str__(self) -> str:
101        return f"Endpoint device connection {self.device_id} to {self.stage_id}"
class AuthenticatorEndpointGDTCStage(authentik.lib.models.DeprecatedMixin, authentik.flows.models.ConfigurableStage, authentik.flows.models.FriendlyNamedStage, authentik.flows.models.Stage): 
19class AuthenticatorEndpointGDTCStage(DeprecatedMixin, ConfigurableStage, FriendlyNamedStage, Stage):
20    """Verify Google Chrome Device Trust connection for the user's browser."""
21
22    credentials = models.JSONField()
23
24    def google_credentials(self):
25        return {
26            "credentials": Credentials.from_service_account_info(
27                self.credentials, scopes=["https://www.googleapis.com/auth/verifiedaccess"]
28            ),
29        }
30
31    @property
32    def serializer(self) -> type[BaseSerializer]:
33        from authentik.enterprise.stages.authenticator_endpoint_gdtc.api import (
34            AuthenticatorEndpointGDTCStageSerializer,
35        )
36
37        return AuthenticatorEndpointGDTCStageSerializer
38
39    @property
40    def view(self) -> type[StageView]:
41        from authentik.enterprise.stages.authenticator_endpoint_gdtc.stage import (
42            AuthenticatorEndpointStageView,
43        )
44
45        return AuthenticatorEndpointStageView
46
47    @property
48    def component(self) -> str:
49        return "ak-stage-authenticator-endpoint-gdtc-form"
50
51    def ui_user_settings(self) -> UserSettingSerializer | None:
52        return UserSettingSerializer(
53            data={
54                "title": self.friendly_name or str(self._meta.verbose_name),
55                "component": "ak-user-settings-authenticator-endpoint",
56            }
57        )
58
59    def __str__(self) -> str:
60        return f"Endpoint Authenticator Google Device Trust Connector Stage {self.name}"
61
62    class Meta:
63        verbose_name = _("Endpoint Authenticator Google Device Trust Connector Stage")
64        verbose_name_plural = _("Endpoint Authenticator Google Device Trust Connector Stages")

Verify Google Chrome Device Trust connection for the user's browser.

def credentials(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def google_credentials(self): 
24    def google_credentials(self):
25        return {
26            "credentials": Credentials.from_service_account_info(
27                self.credentials, scopes=["https://www.googleapis.com/auth/verifiedaccess"]
28            ),
29        }
serializer: type[rest_framework.serializers.BaseSerializer] 
31    @property
32    def serializer(self) -> type[BaseSerializer]:
33        from authentik.enterprise.stages.authenticator_endpoint_gdtc.api import (
34            AuthenticatorEndpointGDTCStageSerializer,
35        )
36
37        return AuthenticatorEndpointGDTCStageSerializer

Get serializer for this model

view: type[authentik.flows.stage.StageView] 
39    @property
40    def view(self) -> type[StageView]:
41        from authentik.enterprise.stages.authenticator_endpoint_gdtc.stage import (
42            AuthenticatorEndpointStageView,
43        )
44
45        return AuthenticatorEndpointStageView

Return StageView class that implements logic for this stage

component: str 
47    @property
48    def component(self) -> str:
49        return "ak-stage-authenticator-endpoint-gdtc-form"

Return component used to edit this object

def ui_user_settings(self) -> authentik.core.types.UserSettingSerializer | None: 
51    def ui_user_settings(self) -> UserSettingSerializer | None:
52        return UserSettingSerializer(
53            data={
54                "title": self.friendly_name or str(self._meta.verbose_name),
55                "component": "ak-user-settings-authenticator-endpoint",
56            }
57        )

Entrypoint to integrate with User settings. Can either return None if no user settings are available, or a challenge.

configure_flow

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def friendly_name(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

configure_flow_id
stage_ptr_id
stage_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

endpointdeviceconnection_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

Inherited Members
authentik.flows.models.ConfigurableStage
Meta
authentik.flows.models.Stage
stage_uuid
name
objects
is_in_memory
flow_set
flowstagebinding_set
emailstage
endpointstage
invitationstage
passwordstage
promptstage
authenticatorstaticstage
authenticatorduostage
authenticatoremailstage
authenticatorsmsstage
authenticatorwebauthnstage
authenticatorvalidatestage
captchastage
identificationstage
authenticatortotpstage
consentstage
denystage
dummystage
redirectstage
userdeletestage
userloginstage
userlogoutstage
userwritestage
authenticatorendpointgdtcstage
mutualtlsstage
sourcestage
class AuthenticatorEndpointGDTCStage.DoesNotExist(authentik.flows.models.Stage.DoesNotExist):

The requested object does not exist

class AuthenticatorEndpointGDTCStage.MultipleObjectsReturned(authentik.flows.models.Stage.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class EndpointDevice(authentik.lib.models.InternallyManagedMixin, authentik.lib.models.SerializerModel, authentik.stages.authenticator.models.Device): 
67class EndpointDevice(InternallyManagedMixin, SerializerModel, Device):
68    """Endpoint Device for a single user"""
69
70    uuid = models.UUIDField(primary_key=True, default=uuid4)
71    host_identifier = models.TextField(
72        unique=True,
73        help_text="A unique identifier for the endpoint device, usually the device serial number",
74    )
75
76    user = models.ForeignKey(get_user_model(), on_delete=models.CASCADE)
77    data = models.JSONField()
78
79    @property
80    def serializer(self) -> Serializer:
81        from authentik.enterprise.stages.authenticator_endpoint_gdtc.api import (
82            GoogleEndpointDeviceSerializer,
83        )
84
85        return GoogleEndpointDeviceSerializer
86
87    def __str__(self):
88        return str(self.name) or str(self.user_id)
89
90    class Meta:
91        verbose_name = _("Endpoint Device")
92        verbose_name_plural = _("Endpoint Devices")

Endpoint Device for a single user

def uuid(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def host_identifier(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

user

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def data(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

serializer: rest_framework.serializers.Serializer 
79    @property
80    def serializer(self) -> Serializer:
81        from authentik.enterprise.stages.authenticator_endpoint_gdtc.api import (
82            GoogleEndpointDeviceSerializer,
83        )
84
85        return GoogleEndpointDeviceSerializer

Get serializer for this model

def name(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def confirmed(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def last_used(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def created(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def last_updated(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

user_id
def get_next_by_created(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

def get_previous_by_created(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

def get_next_by_last_updated(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

def get_previous_by_last_updated(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

endpointdeviceconnection_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

Inherited Members
authentik.lib.models.SerializerModel
Meta
authentik.stages.authenticator.models.Device
objects
persistent_id
model_label
from_persistent_id
is_interactive
generate_challenge
verify_is_allowed
verify_token
class EndpointDevice.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class EndpointDevice.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class EndpointDeviceConnection(authentik.lib.models.InternallyManagedMixin, django.db.models.base.Model): 
 95class EndpointDeviceConnection(InternallyManagedMixin, models.Model):
 96    device = models.ForeignKey(EndpointDevice, on_delete=models.CASCADE)
 97    stage = models.ForeignKey(AuthenticatorEndpointGDTCStage, on_delete=models.CASCADE)
 98
 99    attributes = models.JSONField()
100
101    def __str__(self) -> str:
102        return f"Endpoint device connection {self.device_id} to {self.stage_id}"

EndpointDeviceConnection(id, device, stage, attributes)

device

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

stage

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def attributes(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

device_id
stage_id
def id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def objects(unknown):

The type of the None singleton.

class EndpointDeviceConnection.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class EndpointDeviceConnection.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.