2022-10-19 11:32:27 +00:00
|
|
|
export CUSTOM_CSS_VERSION=v2
|
2023-10-31 20:08:28 +00:00
|
|
|
export FLOW_AUTHENTICATION_VERSION=v3
|
2023-03-22 16:26:25 +00:00
|
|
|
export FLOW_INVITATION_VERSION=v1
|
2023-10-31 20:08:28 +00:00
|
|
|
export FLOW_INVALIDATION_VERSION=v2
|
2023-03-22 16:26:25 +00:00
|
|
|
export FLOW_RECOVERY_VERSION=v1
|
2023-10-31 20:08:28 +00:00
|
|
|
export FLOW_TRANSLATION_VERSION=v2
|
2023-10-31 20:00:06 +00:00
|
|
|
export SYSTEM_TENANT_VERSION=v2
|
2023-03-22 16:29:34 +00:00
|
|
|
export NEXTCLOUD_CONFIG_VERSION=v1
|
2023-06-08 13:55:25 +00:00
|
|
|
export WORDPRESS_CONFIG_VERSION=v2
|
2023-04-05 19:40:32 +00:00
|
|
|
export MATRIX_CONFIG_VERSION=v1
|
2023-05-03 11:07:51 +00:00
|
|
|
export WEKAN_CONFIG_VERSION=v3
|
2023-04-26 08:19:47 +00:00
|
|
|
export VIKUNJA_CONFIG_VERSION=v1
|
2023-05-23 10:38:16 +00:00
|
|
|
export MONITORING_CONFIG_VERSION=v1
|
2022-10-25 15:47:21 +00:00
|
|
|
|
|
|
|
customize() {
|
|
|
|
if [ -z "$1" ]
|
|
|
|
then
|
|
|
|
echo "Usage: ... customize <assets_path>"
|
|
|
|
exit 1
|
|
|
|
fi
|
2022-11-16 15:15:00 +00:00
|
|
|
asset_dir=$1
|
|
|
|
for asset in $COPY_ASSETS; do
|
|
|
|
source=$(echo $asset | cut -d "|" -f1)
|
|
|
|
target=$(echo $asset | cut -d "|" -f2)
|
|
|
|
echo copy $source to $target
|
|
|
|
abra app cp $APP_NAME $asset_dir/$source $target
|
|
|
|
done
|
2022-10-25 15:47:21 +00:00
|
|
|
}
|
2022-11-17 18:34:20 +00:00
|
|
|
|
2023-06-08 16:30:10 +00:00
|
|
|
import_user() {
|
|
|
|
if [ -z "$1" ]
|
|
|
|
then
|
|
|
|
echo "Usage: ... import_user <users.csv>"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
source_file=$1
|
|
|
|
filename=$(basename $source_file)
|
|
|
|
abra app cp $APP_NAME $source_file worker:/tmp/
|
|
|
|
abra app cmd -T $APP_NAME worker _import_user $filename
|
|
|
|
}
|
|
|
|
|
|
|
|
_import_user() {
|
|
|
|
/manage.py shell -c """
|
|
|
|
import csv
|
|
|
|
new_user = User()
|
|
|
|
with open('/tmp/$1', newline='') as file:
|
|
|
|
reader = csv.reader(file)
|
|
|
|
for row in reader:
|
|
|
|
name = row[0].strip()
|
|
|
|
username = row[1].strip()
|
|
|
|
email = row[2].strip()
|
|
|
|
groups = row[3].split(';')
|
|
|
|
if User.objects.filter(username=username):
|
|
|
|
continue
|
|
|
|
new_user = User.objects.create(name=name, username=username, email=email)
|
|
|
|
for group_name in groups:
|
|
|
|
group_name = group_name.strip()
|
|
|
|
if Group.objects.filter(name=group_name):
|
|
|
|
group = Group.objects.get(name=group_name)
|
|
|
|
else:
|
|
|
|
group = Group.objects.create(name=group_name)
|
|
|
|
group.users.add(new_user)
|
|
|
|
""" 2>&1 | quieten
|
|
|
|
}
|
|
|
|
|
2022-11-17 18:34:20 +00:00
|
|
|
set_admin_pass() {
|
|
|
|
password=$(cat /run/secrets/admin_pass)
|
|
|
|
token=$(cat /run/secrets/admin_token)
|
|
|
|
/manage.py shell -c """
|
|
|
|
akadmin = User.objects.get(username='akadmin')
|
|
|
|
akadmin.set_password('$password')
|
|
|
|
akadmin.save()
|
|
|
|
print('Changed akadmin password')
|
|
|
|
|
|
|
|
from authentik.core.models import TokenIntents
|
|
|
|
key='$token'
|
|
|
|
if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()):
|
|
|
|
token.key=key
|
|
|
|
token.save()
|
|
|
|
print('Changed authentik-bootstrap-token')
|
2022-12-20 19:39:04 +00:00
|
|
|
else:
|
2022-11-17 18:34:20 +00:00
|
|
|
Token.objects.create(
|
|
|
|
identifier='authentik-bootstrap-token',
|
|
|
|
user=akadmin,
|
|
|
|
intent=TokenIntents.INTENT_API,
|
|
|
|
expiring=False,
|
|
|
|
key=key,
|
|
|
|
)
|
|
|
|
print('Created authentik-bootstrap-token')
|
2023-04-26 16:12:49 +00:00
|
|
|
""" 2>&1 | quieten
|
2022-11-17 18:34:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
rotate_db_pass() {
|
|
|
|
db_password=$(cat /run/secrets/db_password)
|
|
|
|
psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';"""
|
|
|
|
}
|
2023-03-22 16:26:25 +00:00
|
|
|
|
2023-08-01 00:20:40 +00:00
|
|
|
# This function is for blueprints that are overwriting custom blueprints
|
|
|
|
# It deactivates the affected custom blueprints to avoid changes to be reverted
|
2023-03-22 16:26:25 +00:00
|
|
|
apply_blueprints() {
|
2023-08-01 00:20:40 +00:00
|
|
|
update_and_disable_blueprint default/flow-password-change.yaml
|
|
|
|
update_and_disable_blueprint default/flow-default-authentication-flow.yaml
|
|
|
|
update_and_disable_blueprint default/flow-default-user-settings-flow.yaml
|
|
|
|
update_and_disable_blueprint default/flow-default-source-enrollment.yaml
|
|
|
|
|
|
|
|
apply_blueprint 3_flow_translation.yaml
|
|
|
|
apply_blueprint 2_flow_authentication.yaml
|
|
|
|
}
|
|
|
|
|
|
|
|
update_and_disable_blueprint() {
|
|
|
|
enable_blueprint $@ 2>&1 | quieten
|
|
|
|
sleep 1
|
|
|
|
apply_blueprint $@
|
|
|
|
sleep 1
|
|
|
|
disable_blueprint $@ 2>&1 | quieten
|
2023-03-22 16:26:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
disable_blueprint() {
|
|
|
|
blueprint_state False $@
|
|
|
|
}
|
|
|
|
|
|
|
|
enable_blueprint() {
|
|
|
|
blueprint_state True $@
|
|
|
|
}
|
|
|
|
|
2023-08-01 00:20:40 +00:00
|
|
|
apply_blueprint() {
|
|
|
|
echo apply blueprint $@
|
|
|
|
ak apply_blueprint $@ 2>&1 | quieten
|
|
|
|
}
|
|
|
|
|
2023-03-22 16:26:25 +00:00
|
|
|
blueprint_state() {
|
2023-04-18 16:20:36 +00:00
|
|
|
/manage.py shell -c """
|
2023-08-01 00:20:40 +00:00
|
|
|
import time
|
2023-03-22 16:26:25 +00:00
|
|
|
blueprint_state=$1
|
|
|
|
blueprint_path='$2'
|
2023-04-18 16:20:36 +00:00
|
|
|
blueprint = BlueprintInstance.objects.filter(path=blueprint_path).first()
|
|
|
|
blueprint.enabled = blueprint_state
|
2023-08-01 00:20:40 +00:00
|
|
|
# Hacky workaround to reduce chance of a race condition
|
|
|
|
blueprint.save()
|
|
|
|
time.sleep(1)
|
|
|
|
blueprint.save()
|
|
|
|
time.sleep(1)
|
|
|
|
blueprint.save()
|
2023-04-18 16:20:36 +00:00
|
|
|
print(f'{blueprint.name} enabled: {blueprint.enabled}')
|
2023-04-26 16:12:49 +00:00
|
|
|
""" 2>&1 | quieten
|
2023-03-22 16:26:25 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2023-04-26 16:12:49 +00:00
|
|
|
add_applications(){
|
|
|
|
/manage.py shell -c """
|
|
|
|
import json
|
|
|
|
if '$APPLICATIONS' == '':
|
|
|
|
exit()
|
|
|
|
applications = json.loads('$APPLICATIONS')
|
|
|
|
for name, url in applications.items():
|
|
|
|
print(f'Add {name}: {url}')
|
|
|
|
app = Application.objects.filter(name=name).first()
|
|
|
|
if not app:
|
|
|
|
app = Application()
|
|
|
|
app.name = name
|
|
|
|
app.slug = name.replace(' ', '-')
|
|
|
|
app.meta_launch_url = url
|
|
|
|
app.open_in_new_tab = True
|
|
|
|
app.save()
|
|
|
|
""" 2>&1 | quieten
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
quieten(){
|
2023-08-01 00:20:40 +00:00
|
|
|
grep -v -e '{"event"' -e '{"action"'
|
2023-04-26 16:12:49 +00:00
|
|
|
}
|
|
|
|
|
2023-07-20 17:31:20 +00:00
|
|
|
add_email_templates(){
|
|
|
|
for file_path in "$@"; do
|
|
|
|
echo copy template $file_path
|
|
|
|
abra app cp $APP_NAME $file_path app:/templates/
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2023-03-29 16:10:29 +00:00
|
|
|
set_icons(){
|
|
|
|
for icon in $APP_ICONS; do
|
|
|
|
app=$(echo $icon | cut -d ":" -f1)
|
|
|
|
file_path=$(eval echo $(echo $icon | cut -d ":" -f2))
|
|
|
|
file=$(basename $file_path)
|
|
|
|
echo copy icon $file_path for $app
|
|
|
|
abra app cp $APP_NAME $file_path app:/media/
|
|
|
|
abra app cmd -T $APP_NAME app set_app_icon $app /media/$file
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
|
|
|
set_app_icon() {
|
|
|
|
TOKEN=$(cat /run/secrets/admin_token)
|
|
|
|
python -c """
|
|
|
|
import requests
|
|
|
|
import os
|
|
|
|
my_token = '$TOKEN'
|
|
|
|
application = '$1'
|
|
|
|
icon_path = '$2'
|
|
|
|
url = f'https://$DOMAIN/api/v3/core/applications/{application}/set_icon/'
|
|
|
|
headers = {'Authorization':f'Bearer {my_token}'}
|
|
|
|
with open(icon_path, 'rb') as img:
|
|
|
|
name_img = os.path.basename(icon_path)
|
|
|
|
files= {'file': (name_img,img,'image/png') }
|
|
|
|
with requests.Session() as s:
|
|
|
|
r = s.post(url,files=files,headers=headers)
|
|
|
|
print(r.status_code)
|
|
|
|
"""
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2023-03-22 16:26:25 +00:00
|
|
|
blueprint_cleanup() {
|
|
|
|
/manage.py shell -c """
|
|
|
|
delete_flows = ['default-recovery-flow' , 'custom-authentication-flow' , 'invitation-enrollment-flow' , 'initial-setup']
|
|
|
|
Flow.objects.filter(slug__in=delete_flows).delete()
|
|
|
|
Stage.objects.filter(flow=None).delete()
|
|
|
|
Prompt.objects.filter(promptstage=None).delete()
|
2023-03-22 16:29:34 +00:00
|
|
|
Tenant.objects.filter(default=True).delete()
|
2023-04-26 16:12:49 +00:00
|
|
|
""" 2>&1 | quieten
|
2023-03-22 16:26:25 +00:00
|
|
|
apply_blueprints
|
|
|
|
}
|