-
-
Notifications
You must be signed in to change notification settings - Fork 580
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
providers/radius: simple radius outpost (#1796)
* initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * minor fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use search-select Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix ip with port being sent to delegated ip Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add radius tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>
- Loading branch information
Showing
54 changed files
with
5,433 additions
and
677 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Generated by Django 4.1.7 on 2023-03-20 10:58 | ||
|
||
from django.db import migrations, models | ||
|
||
|
||
class Migration(migrations.Migration): | ||
dependencies = [ | ||
("authentik_outposts", "0019_alter_outpost_name_and_more"), | ||
] | ||
|
||
operations = [ | ||
migrations.AlterField( | ||
model_name="outpost", | ||
name="type", | ||
field=models.TextField( | ||
choices=[("proxy", "Proxy"), ("ldap", "Ldap"), ("radius", "Radius")], | ||
default="proxy", | ||
), | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
"""RadiusProvider API Views""" | ||
from rest_framework.fields import CharField | ||
from rest_framework.serializers import ModelSerializer | ||
from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet | ||
|
||
from authentik.core.api.providers import ProviderSerializer | ||
from authentik.core.api.used_by import UsedByMixin | ||
from authentik.providers.radius.models import RadiusProvider | ||
|
||
|
||
class RadiusProviderSerializer(ProviderSerializer): | ||
"""RadiusProvider Serializer""" | ||
|
||
class Meta: | ||
model = RadiusProvider | ||
fields = ProviderSerializer.Meta.fields + [ | ||
"client_networks", | ||
# Shared secret is not a write-only field, as | ||
# an admin might have to view it | ||
"shared_secret", | ||
] | ||
extra_kwargs = ProviderSerializer.Meta.extra_kwargs | ||
|
||
|
||
class RadiusProviderViewSet(UsedByMixin, ModelViewSet): | ||
"""RadiusProvider Viewset""" | ||
|
||
queryset = RadiusProvider.objects.all() | ||
serializer_class = RadiusProviderSerializer | ||
ordering = ["name"] | ||
search_fields = ["name", "client_networks"] | ||
filterset_fields = { | ||
"application": ["isnull"], | ||
"name": ["iexact"], | ||
"authorization_flow__slug": ["iexact"], | ||
"client_networks": ["iexact"], | ||
} | ||
|
||
|
||
class RadiusOutpostConfigSerializer(ModelSerializer): | ||
"""RadiusProvider Serializer""" | ||
|
||
application_slug = CharField(source="application.slug") | ||
auth_flow_slug = CharField(source="authorization_flow.slug") | ||
|
||
class Meta: | ||
model = RadiusProvider | ||
fields = [ | ||
"pk", | ||
"name", | ||
"application_slug", | ||
"auth_flow_slug", | ||
"client_networks", | ||
"shared_secret", | ||
] | ||
|
||
|
||
class RadiusOutpostConfigViewSet(ReadOnlyModelViewSet): | ||
"""RadiusProvider Viewset""" | ||
|
||
queryset = RadiusProvider.objects.filter(application__isnull=False) | ||
serializer_class = RadiusOutpostConfigSerializer | ||
ordering = ["name"] | ||
search_fields = ["name"] | ||
filterset_fields = ["name"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
"""authentik radius provider app config""" | ||
from django.apps import AppConfig | ||
|
||
|
||
class AuthentikProviderRadiusConfig(AppConfig): | ||
"""authentik radius provider app config""" | ||
|
||
name = "authentik.providers.radius" | ||
label = "authentik_providers_radius" | ||
verbose_name = "authentik Providers.Radius" |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
"""Radius Provider Docker Controller""" | ||
from authentik.outposts.controllers.base import DeploymentPort | ||
from authentik.outposts.controllers.docker import DockerController | ||
from authentik.outposts.models import DockerServiceConnection, Outpost | ||
|
||
|
||
class RadiusDockerController(DockerController): | ||
"""Radius Provider Docker Controller""" | ||
|
||
def __init__(self, outpost: Outpost, connection: DockerServiceConnection): | ||
super().__init__(outpost, connection) | ||
self.deployment_ports = [ | ||
DeploymentPort(1812, "radius", "udp", 1812), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
"""Radius Provider Kubernetes Controller""" | ||
from authentik.outposts.controllers.base import DeploymentPort | ||
from authentik.outposts.controllers.kubernetes import KubernetesController | ||
from authentik.outposts.models import KubernetesServiceConnection, Outpost | ||
|
||
|
||
class RadiusKubernetesController(KubernetesController): | ||
"""Radius Provider Kubernetes Controller""" | ||
|
||
def __init__(self, outpost: Outpost, connection: KubernetesServiceConnection): | ||
super().__init__(outpost, connection) | ||
self.deployment_ports = [ | ||
DeploymentPort(1812, "radius", "udp", 1812), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
# Generated by Django 4.1.7 on 2023-03-20 10:58 | ||
|
||
import django.db.models.deletion | ||
from django.db import migrations, models | ||
|
||
import authentik.lib.generators | ||
|
||
|
||
class Migration(migrations.Migration): | ||
initial = True | ||
|
||
dependencies = [ | ||
("authentik_core", "0027_alter_user_uuid"), | ||
] | ||
|
||
operations = [ | ||
migrations.CreateModel( | ||
name="RadiusProvider", | ||
fields=[ | ||
( | ||
"provider_ptr", | ||
models.OneToOneField( | ||
auto_created=True, | ||
on_delete=django.db.models.deletion.CASCADE, | ||
parent_link=True, | ||
primary_key=True, | ||
serialize=False, | ||
to="authentik_core.provider", | ||
), | ||
), | ||
( | ||
"shared_secret", | ||
models.TextField( | ||
default=authentik.lib.generators.generate_key, | ||
help_text="Shared secret between clients and server to hash packets.", | ||
), | ||
), | ||
( | ||
"client_networks", | ||
models.TextField( | ||
default="0.0.0.0/0, ::/0", | ||
help_text="List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped.", | ||
), | ||
), | ||
], | ||
options={ | ||
"verbose_name": "Radius Provider", | ||
"verbose_name_plural": "Radius Providers", | ||
}, | ||
bases=("authentik_core.provider", models.Model), | ||
), | ||
] |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
"""Radius Provider""" | ||
from typing import Optional, Type | ||
|
||
from django.db import models | ||
from django.utils.translation import gettext_lazy as _ | ||
from rest_framework.serializers import Serializer | ||
|
||
from authentik.core.models import Provider | ||
from authentik.lib.generators import generate_key | ||
from authentik.outposts.models import OutpostModel | ||
|
||
|
||
class RadiusProvider(OutpostModel, Provider): | ||
"""Allow applications to authenticate against authentik's users using Radius.""" | ||
|
||
shared_secret = models.TextField( | ||
default=generate_key, | ||
help_text=_("Shared secret between clients and server to hash packets."), | ||
) | ||
|
||
client_networks = models.TextField( | ||
default="0.0.0.0/0, ::/0", | ||
help_text=_( | ||
"List of CIDRs (comma-separated) that clients can connect from. A more specific " | ||
"CIDR will match before a looser one. Clients connecting from a non-specified CIDR " | ||
"will be dropped." | ||
), | ||
) | ||
|
||
@property | ||
def launch_url(self) -> Optional[str]: | ||
"""Radius never has a launch URL""" | ||
return None | ||
|
||
@property | ||
def component(self) -> str: | ||
return "ak-provider-radius-form" | ||
|
||
@property | ||
def serializer(self) -> Type[Serializer]: | ||
from authentik.providers.radius.api import RadiusProviderSerializer | ||
|
||
return RadiusProviderSerializer | ||
|
||
def __str__(self): | ||
return f"Radius Provider {self.name}" | ||
|
||
class Meta: | ||
verbose_name = _("Radius Provider") | ||
verbose_name_plural = _("Radius Providers") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.