Skip to content

Commit

Permalink
fix ui, fix missing api
Browse files Browse the repository at this point in the history 
Signed-off-by: Jens Langhammer <[email protected]>
  • Loading branch information
@BeryJu
BeryJu committed Jan 2, 2025
1 parent fb81042 commit a2cc87e
Show file tree
Hide file tree
Showing 7 changed files with 162 additions and 37 deletions.
4 changes: 3 additions & 1 deletion authentik/policies/geoip/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,12 @@ class Meta:
"asns",
"countries",
"countries_obj",
"check_history",
"check_history_distance",
"history_max_distance_km",
"distance_tolerance_km",
"history_login_count",
"check_impossible_travel",
"impossible_tolerance_km",
]


Expand Down
6 changes: 3 additions & 3 deletions ...002_geoippolicy_check_history_and_more.py → ...policy_check_history_distance_and_more.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Generated by Django 5.0.10 on 2024-12-22 17:55
# Generated by Django 5.0.10 on 2025-01-02 20:40

from django.db import migrations, models

Expand All @@ -12,7 +12,7 @@ class Migration(migrations.Migration):
operations = [
migrations.AddField(
model_name="geoippolicy",
name="check_history",
name="check_history_distance",
field=models.BooleanField(default=False),
),
migrations.AddField(
Expand All @@ -33,7 +33,7 @@ class Migration(migrations.Migration):
migrations.AddField(
model_name="geoippolicy",
name="history_max_distance_km",
field=models.PositiveBigIntegerField(default=0),
field=models.PositiveBigIntegerField(default=100),
),
migrations.AddField(
model_name="geoippolicy",
Expand Down
7 changes: 4 additions & 3 deletions authentik/policies/geoip/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@ class GeoIPPolicy(Policy):
countries = CountryField(multiple=True, blank=True)

distance_tolerance_km = models.PositiveIntegerField(default=50)
check_history = models.BooleanField(default=False)

check_history_distance = models.BooleanField(default=False)
history_max_distance_km = models.PositiveBigIntegerField(default=100)
history_login_count = models.PositiveIntegerField(default=5)

Expand Down Expand Up @@ -59,7 +60,7 @@ def passes(self, request: PolicyRequest) -> PolicyResult:
if self.countries:
static_results.append(self.passes_country(request))

if self.check_history or self.check_impossible_travel:
if self.check_history_distance or self.check_impossible_travel:
dynamic_results.append(self.passes_distance(request))

if not static_results and not dynamic_results:
Expand Down Expand Up @@ -126,7 +127,7 @@ def passes_distance(self, request: PolicyRequest) -> PolicyResult:
(previous_login_geoip["lat"], previous_login_geoip["long"]),
(geoip_data["lat"], geoip_data["long"]),
)
if self.check_history and dist.km >= (
if self.check_history_distance and dist.km >= (
self.history_max_distance_km - self.distance_tolerance_km
):
return PolicyResult(
Expand Down
6 changes: 3 additions & 3 deletions authentik/policies/geoip/tests.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ def test_history(self):
# Random location in Poland
self.request.context["geoip"] = {"lat": 50.950613, "long": 20.363679}

policy = GeoIPPolicy.objects.create(check_history=True)
policy = GeoIPPolicy.objects.create(check_history_distance=True)

result: PolicyResult = policy.passes(self.request)
self.assertFalse(result.passing)
Expand All @@ -158,7 +158,7 @@ def test_history_no_data(self):
},
)

policy = GeoIPPolicy.objects.create(check_history=True)
policy = GeoIPPolicy.objects.create(check_history_distance=True)

result: PolicyResult = policy.passes(self.request)
self.assertFalse(result.passing)
Expand Down Expand Up @@ -191,7 +191,7 @@ def test_history_no_geoip(self):
# Random location in Poland
self.request.context["geoip"] = {"lat": 50.950613, "long": 20.363679}

policy = GeoIPPolicy.objects.create(check_history=True)
policy = GeoIPPolicy.objects.create(check_history_distance=True)

result: PolicyResult = policy.passes(self.request)
self.assertFalse(result.passing)
14 changes: 12 additions & 2 deletions blueprints/schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5108,9 +5108,9 @@
"maxItems": 249,
"title": "Countries"
},
"check_history": {
"check_history_distance": {
"type": "boolean",
"title": "Check history"
"title": "Check history distance"
},
"history_max_distance_km": {
"type": "integer",
Expand All @@ -5129,6 +5129,16 @@
"minimum": 0,
"maximum": 2147483647,
"title": "History login count"
},
"check_impossible_travel": {
"type": "boolean",
"title": "Check impossible travel"
},
"impossible_tolerance_km": {
"type": "integer",
"minimum": 0,
"maximum": 2147483647,
"title": "Impossible tolerance km"
}
},
"required": []
Expand Down
24 changes: 21 additions & 3 deletions schema.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42553,7 +42553,7 @@ components:
items:
$ref: '#/components/schemas/DetailedCountryField'
readOnly: true
check_history:
check_history_distance:
type: boolean
history_max_distance_km:
type: integer
Expand All @@ -42568,6 +42568,12 @@ components:
type: integer
maximum: 2147483647
minimum: 0
check_impossible_travel:
type: boolean
impossible_tolerance_km:
type: integer
maximum: 2147483647
minimum: 0
required:
- bound_to
- component
Expand Down Expand Up @@ -42600,7 +42606,7 @@ components:
items:
$ref: '#/components/schemas/CountryCodeEnum'
maxItems: 249
check_history:
check_history_distance:
type: boolean
history_max_distance_km:
type: integer
Expand All @@ -42615,6 +42621,12 @@ components:
type: integer
maximum: 2147483647
minimum: 0
check_impossible_travel:
type: boolean
impossible_tolerance_km:
type: integer
maximum: 2147483647
minimum: 0
required:
- countries
- name
Expand Down Expand Up @@ -49015,7 +49027,7 @@ components:
items:
$ref: '#/components/schemas/CountryCodeEnum'
maxItems: 249
check_history:
check_history_distance:
type: boolean
history_max_distance_km:
type: integer
Expand All @@ -49030,6 +49042,12 @@ components:
type: integer
maximum: 2147483647
minimum: 0
check_impossible_travel:
type: boolean
impossible_tolerance_km:
type: integer
maximum: 2147483647
minimum: 0
PatchedGoogleWorkspaceProviderMappingRequest:
type: object
description: GoogleWorkspaceProviderMapping Serializer
Expand Down
138 changes: 116 additions & 22 deletions web/src/admin/policies/geoip/GeoIPPolicyForm.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { BasePolicyForm } from "@goauthentik/admin/policies/BasePolicyForm";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { first } from "@goauthentik/common/utils";
import "@goauthentik/elements/ak-dual-select";
import { DataProvision, DualSelectPair } from "@goauthentik/elements/ak-dual-select/types";
import "@goauthentik/elements/forms/FormGroup";
Expand Down Expand Up @@ -79,13 +80,125 @@ export class GeoIPPolicyForm extends BasePolicyForm<GeoIPPolicy> {
)}
</p>
</ak-form-element-horizontal>
<ak-form-group .expanded=${true}>
<span slot="header"> ${msg("Static rule settings")} </span>
<ak-form-group>
<span slot="header"> ${msg("Distance settings")} </span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal name="checkHistoryDistance">
<label class="pf-c-switch">
<input
class="pf-c-switch__input"
type="checkbox"
?checked=${this.instance?.checkHistoryDistance ?? false}
/>
<span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon">
<i class="fas fa-check" aria-hidden="true"></i>
</span>
</span>
<span class="pf-c-switch__label"
>${msg("Check historical distance of logins")}</span
>
</label>
<p class="pf-c-form__helper-text">
${msg(
"When this option enabled, the GeoIP data of the policy request is compared to the specified number of historical logins.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Distance tolerance")}
name="distanceToleranceKm"
>
<input
type="number"
min="1"
value="${first(this.instance?.distanceToleranceKm, 50)}"
class="pf-c-form-control"
/>
<p class="pf-c-form__helper-text">
${msg("Tolerance in checking for distances in kilometers.")}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Historical Login Count")}
name="historyLoginCount"
>
<input
type="number"
min="1"
value="${first(this.instance?.historyLoginCount, 5)}"
class="pf-c-form-control"
/>
<p class="pf-c-form__helper-text">
${msg("Amount of previous login events to check against.")}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Maximum distance")}
name="historyMaxDistanceKm"
>
<input
type="number"
min="1"
value="${first(this.instance?.historyMaxDistanceKm, 100)}"
class="pf-c-form-control"
/>
<p class="pf-c-form__helper-text">
${msg(
"Maximum distance a login attempt is allowed from in kilometers.",
)}
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group>
<span slot="header"> ${msg("Distance settings (Impossible travel)")} </span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal name="checkImpossibleTravel">
<label class="pf-c-switch">
<input
class="pf-c-switch__input"
type="checkbox"
?checked=${this.instance?.checkImpossibleTravel ?? true}
/>
<span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon">
<i class="fas fa-check" aria-hidden="true"></i>
</span>
</span>
<span class="pf-c-switch__label"
>${msg("Check impossible travel")}</span
>
</label>
<p class="pf-c-form__helper-text">
${msg(
"When this option enabled, the GeoIP data of the policy request is compared to the specified number of historical logins and if the travel would have been possible in the amount of time since the previous event.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Impossible travel tolerance")}
name="impossibleToleranceKm"
>
<input
type="number"
min="1"
value="${first(this.instance?.impossibleToleranceKm, 50)}"
class="pf-c-form-control"
/>
<p class="pf-c-form__helper-text">
${msg("Tolerance in checking for distances in kilometers.")}
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group>
<span slot="header">${msg("Static rule settings")}</span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal label=${msg("ASNs")} name="asns">
<input
type="text"
value="${this.instance?.asns ?? ""}"
value="${this.instance?.asns?.join(",") ?? ""}"
class="pf-c-form-control"
/>
<p class="pf-c-form__helper-text">
Expand Down Expand Up @@ -120,25 +233,6 @@ export class GeoIPPolicyForm extends BasePolicyForm<GeoIPPolicy> {
</ak-dual-select-provider>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group .expanded=${true}>
<span slot="header"> ${msg("Dynamic rule settings")} </span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal
label=${msg("Historical Login Count")}
name="historyLoginCount"
>
<input
type="number"
min="1"
value="${this.instance?.historyLoginCount ?? ""}"
class="pf-c-form-control"
/>
<p class="pf-c-form__helper-text">
${msg("Amount of previous login events to check against.")}
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>`;
}
}

0 comments on commit a2cc87e

Please sign in to comment.