diff --git a/tests/mdm/test_dep_enrollment_public_views.py b/tests/mdm/test_dep_enrollment_public_views.py index 8daf34481d..d4248f1050 100644 --- a/tests/mdm/test_dep_enrollment_public_views.py +++ b/tests/mdm/test_dep_enrollment_public_views.py @@ -16,7 +16,7 @@ @override_settings(STATICFILES_STORAGE='django.contrib.staticfiles.storage.StaticFilesStorage') @patch("zentral.core.queues.backends.kombu.EventQueues.post_event") @patch("zentral.contrib.mdm.public_views.dep.verify_iphone_ca_signed_payload") -class MDMOTAEnrollmentPublicViewsTestCase(TestCase): +class MDMDEPEnrollmentPublicViewsTestCase(TestCase): @classmethod def setUpTestData(cls): cls.mbu = MetaBusinessUnit.objects.create(name=get_random_string(12)) diff --git a/tests/mdm/test_setup_user_enrollment.py b/tests/mdm/test_setup_user_enrollment.py index 9158211789..8a4b26926a 100644 --- a/tests/mdm/test_setup_user_enrollment.py +++ b/tests/mdm/test_setup_user_enrollment.py @@ -7,7 +7,7 @@ from django.utils.crypto import get_random_string from accounts.models import User from zentral.contrib.inventory.models import MetaBusinessUnit -from .utils import force_push_certificate, force_scep_config, force_user_enrollment +from .utils import force_push_certificate, force_realm, force_scep_config, force_user_enrollment @override_settings(STATICFILES_STORAGE='django.contrib.staticfiles.storage.StaticFilesStorage') @@ -57,7 +57,7 @@ def test_create_user_enrollment_get(self): self.assertTemplateUsed(response, "mdm/userenrollment_form.html") self.assertContains(response, "Create user enrollment") - def test_create_user_enrollment_post(self): + def test_create_user_enrollment_no_realm(self): self._login("mdm.add_userenrollment", "mdm.view_userenrollment") name = get_random_string(64) push_certificate = force_push_certificate() @@ -70,6 +70,24 @@ def test_create_user_enrollment_post(self): "es-meta_business_unit": self.mbu.pk}, follow=True) self.assertEqual(response.status_code, 200) + self.assertTemplateUsed(response, "mdm/userenrollment_form.html") + self.assertFormError(response.context["user_enrollment_form"], "realm", "This field is required") + + def test_create_user_enrollment_post(self): + self._login("mdm.add_userenrollment", "mdm.view_userenrollment") + realm = force_realm() + name = get_random_string(64) + push_certificate = force_push_certificate() + scep_config = force_scep_config() + response = self.client.post(reverse("mdm:create_user_enrollment"), + {"ue-realm": realm.pk, + "ue-name": name, + "ue-scep_config": scep_config.pk, + "ue-scep_verification": "", + "ue-push_certificate": push_certificate.pk, + "es-meta_business_unit": self.mbu.pk}, + follow=True) + self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, "mdm/userenrollment_detail.html") self.assertContains(response, name) self.assertContains(response, push_certificate.name) @@ -83,17 +101,17 @@ def test_create_user_enrollment_post(self): # view User enrollment def test_view_user_enrollment_redirect(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login_redirect(reverse("mdm:user_enrollment", args=(enrollment.pk,))) def test_view_user_enrollment_permission_denied(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login() response = self.client.get(reverse("mdm:user_enrollment", args=(enrollment.pk,))) self.assertEqual(response.status_code, 403) def test_view_user_enrollment_no_extra_perms(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login("mdm.view_userenrollment") response = self.client.get(reverse("mdm:user_enrollment", args=(enrollment.pk,))) self.assertEqual(response.status_code, 200) @@ -105,7 +123,7 @@ def test_view_user_enrollment_no_extra_perms(self): self.assertNotContains(response, enrollment.scep_config.get_absolute_url()) def test_view_user_enrollment_extra_perms(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login("mdm.view_userenrollment", "mdm.view_pushcertificate", "mdm.view_scepconfig") response = self.client.get(reverse("mdm:user_enrollment", args=(enrollment.pk,))) self.assertEqual(response.status_code, 200) @@ -119,17 +137,17 @@ def test_view_user_enrollment_extra_perms(self): # update User enrollment def test_update_user_enrollment_redirect(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login_redirect(reverse("mdm:update_user_enrollment", args=(enrollment.pk,))) def test_update_user_enrollment_permission_denied(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login() response = self.client.get(reverse("mdm:update_user_enrollment", args=(enrollment.pk,))) self.assertEqual(response.status_code, 403) def test_update_user_enrollment_get(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login("mdm.change_userenrollment") response = self.client.get(reverse("mdm:update_user_enrollment", args=(enrollment.pk,))) self.assertEqual(response.status_code, 200) @@ -137,11 +155,13 @@ def test_update_user_enrollment_get(self): self.assertContains(response, f"[USER] {enrollment.name}") def test_update_user_enrollment_post(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login("mdm.change_userenrollment", "mdm.view_userenrollment") + new_realm = force_realm() new_name = get_random_string(64) response = self.client.post(reverse("mdm:update_user_enrollment", args=(enrollment.pk,)), - {"ue-name": new_name, + {"ue-realm": new_realm.pk, + "ue-name": new_name, "ue-scep_config": enrollment.scep_config.pk, "ue-scep_verification": "on", "ue-push_certificate": enrollment.push_certificate.pk, @@ -149,11 +169,13 @@ def test_update_user_enrollment_post(self): follow=True) self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, "mdm/userenrollment_detail.html") + self.assertContains(response, new_realm.name) self.assertContains(response, new_name) self.assertContains(response, enrollment.push_certificate.name) self.assertContains(response, enrollment.scep_config.name) self.assertContains(response, "with CSR verification") enrollment = response.context["object"] + self.assertEqual(enrollment.realm, new_realm) self.assertEqual(enrollment.name, new_name) # list User enrollments @@ -162,7 +184,7 @@ def test_list_user_enrollments_redirect(self): self._login_redirect(reverse("mdm:enrollments")) def test_list_user_enrollments_no_perm_empty(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login() response = self.client.get(reverse("mdm:enrollments")) self.assertEqual(response.status_code, 200) @@ -170,7 +192,7 @@ def test_list_user_enrollments_no_perm_empty(self): self.assertNotContains(response, enrollment.name) def test_list_user_enrollments(self): - enrollment = force_user_enrollment(self.mbu, None) + enrollment = force_user_enrollment(self.mbu) self._login("mdm.view_userenrollment") response = self.client.get(reverse("mdm:enrollments")) self.assertEqual(response.status_code, 200) diff --git a/tests/mdm/test_user_enrollment_public_views.py b/tests/mdm/test_user_enrollment_public_views.py new file mode 100644 index 0000000000..85b398b4ad --- /dev/null +++ b/tests/mdm/test_user_enrollment_public_views.py @@ -0,0 +1,161 @@ +import plistlib +from unittest.mock import Mock, patch +from django.test import TestCase, override_settings +from django.urls import reverse +from django.utils.crypto import get_random_string +from zentral.contrib.mdm.crypto import verify_signed_payload +from zentral.contrib.mdm.events import UserEnrollmentRequestEvent +from zentral.contrib.mdm.models import UserEnrollmentSession +from zentral.contrib.mdm.public_views.user import user_enroll_callback +from zentral.contrib.inventory.models import MetaBusinessUnit +from .utils import force_realm_user, force_user_enrollment + + +@override_settings(STATICFILES_STORAGE='django.contrib.staticfiles.storage.StaticFilesStorage') +@patch("zentral.core.queues.backends.kombu.EventQueues.post_event") +class MDMUserEnrollmentPublicViewsTestCase(TestCase): + @classmethod + def setUpTestData(cls): + cls.mbu = MetaBusinessUnit.objects.create(name=get_random_string(12)) + cls.mbu.create_enrollment_business_unit() + cls.realm, cls.realm_user = force_realm_user() + + def assertAbort(self, post_event, reason, **kwargs): + last_event = post_event.call_args.args[0] + self.assertIsInstance(last_event, UserEnrollmentRequestEvent) + self.assertEqual(last_event.payload["status"], "failure") + self.assertEqual(last_event.payload["reason"], reason) + for k, v in kwargs.items(): + if k == "serial_number": + self.assertEqual(last_event.metadata.machine_serial_number, v) + else: + self.assertEqual(last_event.payload.get(k), v) + + def assertSuccess(self, post_event, **kwargs): + last_event = post_event.call_args.args[0] + self.assertIsInstance(last_event, UserEnrollmentRequestEvent) + self.assertEqual(last_event.payload["status"], "success") + for k, v in kwargs.items(): + self.assertEqual(last_event.payload.get(k), v) + + # service discovery + + def test_service_discovery(self, post_event): + enrollment = force_user_enrollment(self.mbu, self.realm) + response = self.client.get(reverse("mdm_public:user_enrollment_service_discovery", + args=(enrollment.enrollment_secret.secret,))) + self.assertEqual( + response.json(), + {'Servers': [{'Version': 'mdm-byod', + 'BaseURL': 'https://zentral' + reverse("mdm_public:enroll_user", + args=(enrollment.enrollment_secret.secret,))}]} + ) + + # enroll user view + + def test_enroll_user_unknown_secret(self, post_event): + response = self.client.post(reverse("mdm_public:enroll_user", args=(get_random_string(12),))) + self.assertEqual(response.status_code, 400) + self.assertAbort(post_event, "secret verification failed: 'unknown secret'") + + def test_enroll_user_no_realm(self, post_event): + enrollment = force_user_enrollment(self.mbu, self.realm) + enrollment.realm = None # Should never happen + enrollment.save() + response = self.client.post(reverse("mdm_public:enroll_user", args=(enrollment.enrollment_secret.secret,))) + self.assertEqual(response.status_code, 400) + self.assertAbort(post_event, "This user enrollment has no realm") + + def test_enroll_user_no_authorization(self, post_event): + enrollment = force_user_enrollment(self.mbu, self.realm) + self.assertEqual(enrollment.userenrollmentsession_set.count(), 0) + response = self.client.post(reverse("mdm_public:enroll_user", args=(enrollment.enrollment_secret.secret,))) + self.assertEqual(response.status_code, 401) + self.assertEqual(enrollment.userenrollmentsession_set.count(), 1) + enrollment_session = enrollment.userenrollmentsession_set.first() + self.assertEqual(enrollment_session.status, "ACCOUNT_DRIVEN_START") + auth_url = "https://zentral" + reverse("mdm_public:authenticate_user", + args=(enrollment_session.enrollment_secret.secret,)) + self.assertEqual(response.headers["WWW-Authenticate"], f'Bearer method="apple-as-web" url="{auth_url}"') + + def test_enroll_user_invalid_access_token(self, post_event): + enrollment = force_user_enrollment(self.mbu, self.realm) + _, realm_user = force_realm_user(self.realm) + enrollment_session = UserEnrollmentSession.objects.create_from_user_enrollment(enrollment) + self.assertIsNone(enrollment_session.access_token) + enrollment_session.set_account_driven_authenticated_status(realm_user) + self.assertIsNotNone(enrollment_session.access_token) + response = self.client.post( + reverse("mdm_public:enroll_user", args=(enrollment.enrollment_secret.secret,)), + headers={"Authorization": "Bearer " + get_random_string(12)} + ) + self.assertEqual(response.status_code, 400) + self.assertAbort(post_event, "Invalid access token") + + def test_enroll_user(self, post_event): + enrollment = force_user_enrollment(self.mbu, self.realm) + _, realm_user = force_realm_user(self.realm) + enrollment_session = UserEnrollmentSession.objects.create_from_user_enrollment(enrollment) + enrollment_session.set_account_driven_authenticated_status(realm_user) + response = self.client.post( + reverse("mdm_public:enroll_user", args=(enrollment.enrollment_secret.secret,)), + headers={"Authorization": f"Bearer {enrollment_session.access_token}"} + ) + self.assertEqual(response.status_code, 200) + self.assertSuccess(post_event) + _, data = verify_signed_payload(response.content) + payload = plistlib.loads(data) + mdm_payload = [p for p in payload["PayloadContent"] if p["PayloadType"] == "com.apple.mdm"][0] + self.assertEqual(mdm_payload["AssignedManagedAppleID"], realm_user.email) + self.assertEqual(mdm_payload["EnrollmentMode"], "BYOD") + + # authenticate user view + + def test_authenticate_user_unknown_secret(self, post_event): + enrollment = force_user_enrollment(self.mbu, self.realm) + UserEnrollmentSession.objects.create_from_user_enrollment(enrollment) + response = self.client.get(reverse("mdm_public:authenticate_user", args=(get_random_string(12),))) + self.assertEqual(response.status_code, 400) + self.assertAbort(post_event, "secret verification failed: 'unknown secret'") + + def test_authenticate_user_no_realm(self, post_event): + enrollment = force_user_enrollment(self.mbu, self.realm) + enrollment.realm = None # Should never happen + enrollment.save() + enrollment_session = UserEnrollmentSession.objects.create_from_user_enrollment(enrollment) + response = self.client.get( + reverse("mdm_public:authenticate_user", args=(enrollment_session.enrollment_secret.secret,)) + ) + self.assertEqual(response.status_code, 400) + self.assertAbort(post_event, "This user enrollment has no realm") + + def test_authenticate_user(self, post_event): + enrollment = force_user_enrollment(self.mbu, self.realm) + enrollment_session = UserEnrollmentSession.objects.create_from_user_enrollment(enrollment) + self.assertIsNone(enrollment_session.access_token) + response = self.client.get( + reverse("mdm_public:authenticate_user", args=(enrollment_session.enrollment_secret.secret,)) + ) + self.assertEqual(response.status_code, 302) + realm = enrollment.realm + ras = realm.realmauthenticationsession_set.first() + self.assertEqual(response.url, f"/public/realms/{realm.pk}/ldap/{ras.pk}/login/") + self.assertEqual(ras.callback, "zentral.contrib.mdm.public_views.user.user_enroll_callback") + self.assertEqual(ras.callback_kwargs, {"user_enrollment_session_pk": enrollment_session.pk}) + enrollment_session.refresh_from_db() + self.assertIsNone(enrollment_session.access_token) + self.assertEqual(enrollment_session.status, "ACCOUNT_DRIVEN_START") + # fake the realm auth + _, ras.user = force_realm_user(realm) + request = Mock() + request.session = self.client.session + response = user_enroll_callback(request, ras, enrollment_session.pk) + enrollment_session.refresh_from_db() + self.assertIsNotNone(enrollment_session.access_token) + self.assertEqual(enrollment_session.status, "ACCOUNT_DRIVEN_AUTHENTICATED") + self.assertEqual(response.status_code, 308) + self.assertEqual( + response.url, + "apple-remotemanagement-user-login://authentication-results?access-token=" + + enrollment_session.access_token + ) diff --git a/tests/mdm/utils.py b/tests/mdm/utils.py index c4a3f859c8..3268199a00 100644 --- a/tests/mdm/utils.py +++ b/tests/mdm/utils.py @@ -230,10 +230,10 @@ def force_ota_enrollment(mbu, realm=None): ) -def force_user_enrollment(mbu, realm): +def force_user_enrollment(mbu, realm=None): return UserEnrollment.objects.create( push_certificate=force_push_certificate(), - realm=realm, + realm=realm or force_realm(), scep_config=force_scep_config(), name=get_random_string(12), enrollment_secret=EnrollmentSecret.objects.create(meta_business_unit=mbu) diff --git a/zentral/contrib/mdm/forms.py b/zentral/contrib/mdm/forms.py index 68855a4bb6..d8040a47d6 100644 --- a/zentral/contrib/mdm/forms.py +++ b/zentral/contrib/mdm/forms.py @@ -46,9 +46,11 @@ class Meta: "scep_config", "scep_verification", "blueprint") - -class UserEnrollmentEnrollForm(forms.Form): - managed_apple_id = forms.EmailField(label="Email", required=True) + def clean(self): + cleaned_data = super().clean() + if not cleaned_data.get("realm"): + self.add_error("realm", "This field is required") + return cleaned_data class PushCertificateForm(forms.ModelForm): diff --git a/zentral/contrib/mdm/models.py b/zentral/contrib/mdm/models.py index bc8aa7aa28..4feea61bb7 100644 --- a/zentral/contrib/mdm/models.py +++ b/zentral/contrib/mdm/models.py @@ -1817,7 +1817,9 @@ class UserEnrollment(MDMEnrollment): enrollment_secret = models.OneToOneField(EnrollmentSecret, on_delete=models.PROTECT, related_name="user_enrollment") - # if linked to a realm, the enrollment can start from the device + # Realm is required, but not in the database schema. + # User enrollments via profiles, with authentication in the device is deprecated + # and has been removed. class Meta: ordering = ("-created_at",) @@ -1836,12 +1838,6 @@ def serialize_for_event(self): def get_absolute_url(self): return reverse("mdm:user_enrollment", args=(self.pk,)) - def get_enroll_full_url(self): - return "https://{}{}".format( - settings["api"]["fqdn"], - reverse("mdm_public:user_enrollment_enroll", args=(self.pk,)) - ) - def get_service_discovery_full_url(self): if self.realm: return "https://{}{}".format( @@ -1858,25 +1854,18 @@ def revoke(self): class UserEnrollmentSessionManager(models.Manager): - def create_from_user_enrollment(self, user_enrollment, managed_apple_id=None): - if managed_apple_id: - status = self.model.STARTED - quota = 1 # verified once with SCEP - else: - status = self.model.ACCOUNT_DRIVEN_START - quota = 10 # verified at the beginning of the authentication and once with SCEP + def create_from_user_enrollment(self, user_enrollment): enrollment_secret = user_enrollment.enrollment_secret tags = list(enrollment_secret.tags.all()) new_es = EnrollmentSecret( meta_business_unit=enrollment_secret.meta_business_unit, - quota=quota, + quota=10, # verified at the beginning of the authentication and once with SCEP expired_at=enrollment_secret.expired_at ) new_es.save(secret_length=55) # CN max 64 - $ separator - mdm$user new_es.tags.set(tags) - enrollment_session = self.model(status=status, + enrollment_session = self.model(status=self.model.ACCOUNT_DRIVEN_START, user_enrollment=user_enrollment, - managed_apple_id=managed_apple_id, enrollment_secret=new_es) enrollment_session.save() return enrollment_session diff --git a/zentral/contrib/mdm/payloads.py b/zentral/contrib/mdm/payloads.py index ef879280e5..5b444d3190 100644 --- a/zentral/contrib/mdm/payloads.py +++ b/zentral/contrib/mdm/payloads.py @@ -164,13 +164,10 @@ def build_mdm_configuration_profile(enrollment_session): mdm_config["CheckInURL"] = "https://{}{}".format(settings["api"][fqdn_key], reverse("mdm_public:checkin")) managed_apple_id = getattr(enrollment_session, "managed_apple_id", None) if managed_apple_id: - if enrollment_session.access_token: - # account-driven user enrollment - mdm_config["AssignedManagedAppleID"] = managed_apple_id - mdm_config["EnrollmentMode"] = "BYOD" - else: - # unauthenticated user enrollment - mdm_config["ManagedAppleID"] = managed_apple_id + # account-driven user enrollment + mdm_config["AssignedManagedAppleID"] = managed_apple_id + # TODO we currently only have BYOD. Implement ADDE / mdm-adde + mdm_config["EnrollmentMode"] = "BYOD" else: mdm_config["AccessRights"] = 8191 # TODO: config payloads.extend([ diff --git a/zentral/contrib/mdm/public_urls.py b/zentral/contrib/mdm/public_urls.py index 50fece5da6..d9daacae40 100644 --- a/zentral/contrib/mdm/public_urls.py +++ b/zentral/contrib/mdm/public_urls.py @@ -53,9 +53,6 @@ name='verify_scep_csr'), # User enrollment / user views - path('user_enrollment//enroll/', - public_views.UserEnrollmentEnrollView.as_view(), - name='user_enrollment_enroll'), path('user_enrollment//com.apple.remotemanagement/', csrf_exempt(public_views.UserEnrollmentServiceDiscoveryView.as_view()), name='user_enrollment_service_discovery'), diff --git a/zentral/contrib/mdm/public_views/user.py b/zentral/contrib/mdm/public_views/user.py index 67bc3a069e..25af5ded61 100644 --- a/zentral/contrib/mdm/public_views/user.py +++ b/zentral/contrib/mdm/public_views/user.py @@ -1,14 +1,12 @@ import logging -from django.core.exceptions import SuspiciousOperation from django.http import HttpResponse, HttpResponseRedirect, JsonResponse from django.shortcuts import get_object_or_404 from django.urls import reverse -from django.views.generic import FormView, View +from django.views.generic import View from zentral.conf import settings from zentral.contrib.inventory.exceptions import EnrollmentSecretVerificationFailed from zentral.contrib.inventory.utils import verify_enrollment_secret from zentral.contrib.mdm.events import UserEnrollmentRequestEvent -from zentral.contrib.mdm.forms import UserEnrollmentEnrollForm from zentral.contrib.mdm.models import UserEnrollment, UserEnrollmentSession from zentral.contrib.mdm.payloads import build_configuration_profile_response, build_mdm_configuration_profile from .base import PostEventMixin @@ -17,36 +15,6 @@ logger = logging.getLogger('zentral.contrib.mdm.public_views.user') -class UserEnrollmentEnrollView(FormView): - form_class = UserEnrollmentEnrollForm - template_name = "mdm/user_enrollment_enroll.html" - - def dispatch(self, request, *args, **kwargs): - self.user_enrollment = get_object_or_404( - UserEnrollment, - pk=kwargs["pk"] - ) - if not self.user_enrollment.enrollment_secret.is_valid(): - # should not happen - raise SuspiciousOperation - return super().dispatch(request, *args, **kwargs) - - def get_context_data(self, **kwargs): - ctx = super().get_context_data(**kwargs) - ctx["user_enrollment"] = self.user_enrollment - return ctx - - def form_valid(self, form): - managed_apple_id = form.cleaned_data["managed_apple_id"] - user_enrollment_session = UserEnrollmentSession.objects.create_from_user_enrollment( - self.user_enrollment, managed_apple_id - ) - return build_configuration_profile_response( - build_mdm_configuration_profile(user_enrollment_session), - "zentral_user_enrollment" - ) - - class UserEnrollmentServiceDiscoveryView(View): def get(self, request, *args, **kwargs): user_enrollment = get_object_or_404( @@ -77,7 +45,7 @@ def verify_enrollment_secret(self): self.abort("secret verification failed: '{}'".format(e.err_msg)) else: self.user_enrollment = es_request.enrollment_secret.user_enrollment - if not self.user_enrollment.realm: + if not self.user_enrollment.realm: # Deprecated, should never happen self.abort("This user enrollment has no realm") def post(self, request, *args, **kwargs): @@ -125,6 +93,8 @@ def user_enroll_callback(request, realm_authentication_session, user_enrollment_ class AuthenticateUserView(PostEventMixin, View): + event_class = UserEnrollmentRequestEvent + def verify_enrollment_secret(self): try: es_request = verify_enrollment_secret( @@ -137,7 +107,7 @@ def verify_enrollment_secret(self): else: self.user_enrollment_session = es_request.enrollment_secret.user_enrollment_session self.realm = self.user_enrollment_session.user_enrollment.realm - if not self.realm: + if not self.realm: # Deprecated, should never happen self.abort("This user enrollment has no realm") def get(self, request, *args, **kwargs): diff --git a/zentral/contrib/mdm/templates/mdm/user_enrollment_enroll.html b/zentral/contrib/mdm/templates/mdm/user_enrollment_enroll.html deleted file mode 100644 index df966477b4..0000000000 --- a/zentral/contrib/mdm/templates/mdm/user_enrollment_enroll.html +++ /dev/null @@ -1,13 +0,0 @@ -{% extends 'base.html' %} -{% load bootstrap inventory_extras %} - -{% block content %} -

Enroll with user enrollment {{ user_enrollment }}

- -
{% csrf_token %} - {{ form.as_p }} -

- -

-
-{% endblock %} diff --git a/zentral/contrib/mdm/templates/mdm/userenrollment_detail.html b/zentral/contrib/mdm/templates/mdm/userenrollment_detail.html index 4efcea58bf..d68a88827f 100644 --- a/zentral/contrib/mdm/templates/mdm/userenrollment_detail.html +++ b/zentral/contrib/mdm/templates/mdm/userenrollment_detail.html @@ -93,21 +93,12 @@

[USER]

Authentication

- - - -
Self-Enrollment - {% if enroll_url %} - {{ enroll_url }} - {% else %} - - - {% endif %} -
Service discovery {% if service_discovery_url %} - https://YOUR_DOMAIN/.well-known/com.apple.remotemanagement/ + See the Apple documentation.
+ {{ service_discovery_url }} {% else %} - {% endif %} diff --git a/zentral/contrib/mdm/views/management.py b/zentral/contrib/mdm/views/management.py index 51639e50c5..3964c02775 100644 --- a/zentral/contrib/mdm/views/management.py +++ b/zentral/contrib/mdm/views/management.py @@ -416,7 +416,6 @@ def get_context_data(self, **kwargs): ctx = super().get_context_data(**kwargs) user_enrollment = ctx["object"] ctx["meta_business_unit"] = user_enrollment.enrollment_secret.meta_business_unit - ctx["enroll_url"] = user_enrollment.get_enroll_full_url() ctx["service_discovery_url"] = user_enrollment.get_service_discovery_full_url() # TODO: pagination, separate view ctx["user_enrollment_sessions"] = (ctx["object"].userenrollmentsession_set.all()