authentik.stages.consent.models

authentik consent stage

View Source

 1"""authentik consent stage"""
 2
 3from django.db import models
 4from django.utils.translation import gettext_lazy as _
 5from django.views import View
 6from rest_framework.serializers import BaseSerializer, Serializer
 7
 8from authentik.core.models import Application, ExpiringModel, User
 9from authentik.flows.models import Stage
10from authentik.lib.models import InternallyManagedMixin, SerializerModel
11from authentik.lib.utils.time import timedelta_string_validator
12
13
14class ConsentMode(models.TextChoices):
15    """Modes a Consent Stage can operate in"""
16
17    ALWAYS_REQUIRE = "always_require"
18    PERMANENT = "permanent"
19    EXPIRING = "expiring"
20
21
22class ConsentStage(Stage):
23    """Prompt the user for confirmation."""
24
25    mode = models.TextField(choices=ConsentMode.choices, default=ConsentMode.EXPIRING)
26    consent_expire_in = models.TextField(
27        validators=[timedelta_string_validator],
28        default="weeks=4",
29        verbose_name="Consent expires in",
30        help_text=_("Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)."),
31    )
32
33    @property
34    def serializer(self) -> type[BaseSerializer]:
35        from authentik.stages.consent.api import ConsentStageSerializer
36
37        return ConsentStageSerializer
38
39    @property
40    def view(self) -> type[View]:
41        from authentik.stages.consent.stage import ConsentStageView
42
43        return ConsentStageView
44
45    @property
46    def component(self) -> str:
47        return "ak-stage-consent-form"
48
49    class Meta:
50        verbose_name = _("Consent Stage")
51        verbose_name_plural = _("Consent Stages")
52
53
54class UserConsent(InternallyManagedMixin, SerializerModel, ExpiringModel):
55    """Consent given by a user for an application"""
56
57    user = models.ForeignKey(User, on_delete=models.CASCADE)
58    application = models.ForeignKey(Application, on_delete=models.CASCADE)
59    permissions = models.TextField(default="")
60
61    @property
62    def serializer(self) -> Serializer:
63        from authentik.stages.consent.api import UserConsentSerializer
64
65        return UserConsentSerializer
66
67    def __str__(self):
68        return f"User Consent {self.application_id} by {self.user_id}"
69
70    class Meta:
71        unique_together = (("user", "application", "permissions"),)
72        verbose_name = _("User Consent")
73        verbose_name_plural = _("User Consents")
74        indexes = ExpiringModel.Meta.indexes

class ConsentMode(django.db.models.enums.TextChoices): View Source

15class ConsentMode(models.TextChoices):
16    """Modes a Consent Stage can operate in"""
17
18    ALWAYS_REQUIRE = "always_require"
19    PERMANENT = "permanent"
20    EXPIRING = "expiring"

Modes a Consent Stage can operate in

ALWAYS_REQUIRE = ConsentMode.ALWAYS_REQUIRE

PERMANENT = ConsentMode.PERMANENT

EXPIRING = ConsentMode.EXPIRING

class ConsentStage(authentik.flows.models.Stage): View Source

23class ConsentStage(Stage):
24    """Prompt the user for confirmation."""
25
26    mode = models.TextField(choices=ConsentMode.choices, default=ConsentMode.EXPIRING)
27    consent_expire_in = models.TextField(
28        validators=[timedelta_string_validator],
29        default="weeks=4",
30        verbose_name="Consent expires in",
31        help_text=_("Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)."),
32    )
33
34    @property
35    def serializer(self) -> type[BaseSerializer]:
36        from authentik.stages.consent.api import ConsentStageSerializer
37
38        return ConsentStageSerializer
39
40    @property
41    def view(self) -> type[View]:
42        from authentik.stages.consent.stage import ConsentStageView
43
44        return ConsentStageView
45
46    @property
47    def component(self) -> str:
48        return "ak-stage-consent-form"
49
50    class Meta:
51        verbose_name = _("Consent Stage")
52        verbose_name_plural = _("Consent Stages")

Prompt the user for confirmation.

def mode(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def consent_expire_in(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

serializer: type[rest_framework.serializers.BaseSerializer] View Source

34    @property
35    def serializer(self) -> type[BaseSerializer]:
36        from authentik.stages.consent.api import ConsentStageSerializer
37
38        return ConsentStageSerializer

Get serializer for this model

view: type[django.views.generic.base.View] View Source

40    @property
41    def view(self) -> type[View]:
42        from authentik.stages.consent.stage import ConsentStageView
43
44        return ConsentStageView

Return StageView class that implements logic for this stage

component: str View Source

46    @property
47    def component(self) -> str:
48        return "ak-stage-consent-form"

Return component used to edit this object

def get_mode_display(unknown):

Method descriptor with partial application of the given arguments and keywords.

Supports wrapping existing descriptors and handles non-descriptor callables as instance methods.

stage_ptr_id

stage_ptr

Accessor to the related object on the forward side of a one-to-one relation.

In the example::

class Restaurant(Model):
    place = OneToOneField(Place, related_name='restaurant')

Restaurant.place is a ForwardOneToOneDescriptor instance.

Inherited Members

authentik.lib.models.SerializerModel: Meta
authentik.flows.models.Stage: stage_uuid; name; objects; ui_user_settings; is_in_memory; flow_set; flowstagebinding_set; emailstage; endpointstage; invitationstage; passwordstage; promptstage; authenticatorstaticstage; authenticatorduostage; authenticatoremailstage; authenticatorsmsstage; authenticatorwebauthnstage; authenticatorvalidatestage; captchastage; identificationstage; authenticatortotpstage; consentstage; denystage; dummystage; redirectstage; userdeletestage; userloginstage; userlogoutstage; userwritestage; authenticatorendpointgdtcstage; mutualtlsstage; sourcestage

class ConsentStage.DoesNotExist(authentik.flows.models.Stage.DoesNotExist):

The requested object does not exist

class ConsentStage.MultipleObjectsReturned(authentik.flows.models.Stage.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.

class UserConsent(authentik.lib.models.InternallyManagedMixin, authentik.lib.models.SerializerModel, authentik.core.models.ExpiringModel): View Source

55class UserConsent(InternallyManagedMixin, SerializerModel, ExpiringModel):
56    """Consent given by a user for an application"""
57
58    user = models.ForeignKey(User, on_delete=models.CASCADE)
59    application = models.ForeignKey(Application, on_delete=models.CASCADE)
60    permissions = models.TextField(default="")
61
62    @property
63    def serializer(self) -> Serializer:
64        from authentik.stages.consent.api import UserConsentSerializer
65
66        return UserConsentSerializer
67
68    def __str__(self):
69        return f"User Consent {self.application_id} by {self.user_id}"
70
71    class Meta:
72        unique_together = (("user", "application", "permissions"),)
73        verbose_name = _("User Consent")
74        verbose_name_plural = _("User Consents")
75        indexes = ExpiringModel.Meta.indexes

Consent given by a user for an application

user

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

application

Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.

In the example::

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Child.parent is a ForwardManyToOneDescriptor instance.

def permissions(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

serializer: rest_framework.serializers.Serializer View Source

62    @property
63    def serializer(self) -> Serializer:
64        from authentik.stages.consent.api import UserConsentSerializer
65
66        return UserConsentSerializer

Get serializer for this model

def expires(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

def expiring(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

user_id

application_id

def id(unknown):

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

Inherited Members

authentik.lib.models.SerializerModel: Meta
authentik.core.models.ExpiringModel: objects; expire_action; filter_not_expired; is_expired

class UserConsent.DoesNotExist(django.core.exceptions.ObjectDoesNotExist):

The requested object does not exist

class UserConsent.MultipleObjectsReturned(django.core.exceptions.MultipleObjectsReturned):

The query returned multiple objects when only one was expected.