|
|
|
# ===============================================
|
|
|
|
# AUTHENTICATION
|
|
|
|
# ===============================================
|
|
|
|
|
|
|
|
extend type Query {
|
|
|
|
authentication: AuthenticationQuery
|
|
|
|
}
|
|
|
|
|
|
|
|
extend type Mutation {
|
|
|
|
authentication: AuthenticationMutation
|
|
|
|
}
|
|
|
|
|
|
|
|
# -----------------------------------------------
|
|
|
|
# QUERIES
|
|
|
|
# -----------------------------------------------
|
|
|
|
|
|
|
|
type AuthenticationQuery {
|
|
|
|
apiKeys: [AuthenticationApiKey] @auth(requires: ["manage:system", "manage:api"])
|
|
|
|
|
|
|
|
apiState: Boolean! @auth(requires: ["manage:system", "manage:api"])
|
|
|
|
|
|
|
|
strategies: [AuthenticationStrategy] @auth(requires: ["manage:system"])
|
|
|
|
activeStrategies: [AuthenticationActiveStrategy]
|
|
|
|
}
|
|
|
|
|
|
|
|
# -----------------------------------------------
|
|
|
|
# MUTATIONS
|
|
|
|
# -----------------------------------------------
|
|
|
|
|
|
|
|
type AuthenticationMutation {
|
|
|
|
createApiKey(
|
|
|
|
name: String!
|
|
|
|
expiration: String!
|
|
|
|
fullAccess: Boolean!
|
|
|
|
group: Int
|
|
|
|
): AuthenticationCreateApiKeyResponse @auth(requires: ["manage:system", "manage:api"])
|
|
|
|
|
|
|
|
login(
|
|
|
|
username: String!
|
|
|
|
password: String!
|
|
|
|
strategy: String!
|
|
|
|
): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60)
|
|
|
|
|
|
|
|
loginTFA(
|
|
|
|
continuationToken: String!
|
|
|
|
securityCode: String!
|
|
|
|
setup: Boolean
|
|
|
|
): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60)
|
|
|
|
|
|
|
|
loginChangePassword(
|
|
|
|
continuationToken: String!
|
|
|
|
newPassword: String!
|
|
|
|
): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60)
|
|
|
|
|
|
|
|
register(
|
|
|
|
email: String!
|
|
|
|
password: String!
|
|
|
|
name: String!
|
|
|
|
): AuthenticationRegisterResponse
|
|
|
|
|
|
|
|
revokeApiKey(
|
|
|
|
id: Int!
|
|
|
|
): DefaultResponse @auth(requires: ["manage:system", "manage:api"])
|
|
|
|
|
|
|
|
setApiState(
|
|
|
|
enabled: Boolean!
|
|
|
|
): DefaultResponse @auth(requires: ["manage:system", "manage:api"])
|
|
|
|
|
|
|
|
updateStrategies(
|
|
|
|
strategies: [AuthenticationStrategyInput]!
|
|
|
|
): DefaultResponse @auth(requires: ["manage:system"])
|
|
|
|
|
|
|
|
regenerateCertificates: DefaultResponse @auth(requires: ["manage:system"])
|
|
|
|
|
|
|
|
resetGuestUser: DefaultResponse @auth(requires: ["manage:system"])
|
|
|
|
}
|
|
|
|
|
|
|
|
# -----------------------------------------------
|
|
|
|
# TYPES
|
|
|
|
# -----------------------------------------------
|
|
|
|
|
|
|
|
type AuthenticationStrategy {
|
|
|
|
key: String!
|
|
|
|
props: [KeyValuePair] @auth(requires: ["manage:system"])
|
|
|
|
title: String!
|
|
|
|
description: String
|
|
|
|
isAvailable: Boolean
|
|
|
|
useForm: Boolean!
|
|
|
|
usernameType: String
|
|
|
|
logo: String
|
|
|
|
color: String
|
|
|
|
website: String
|
|
|
|
icon: String
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationActiveStrategy {
|
|
|
|
key: String!
|
|
|
|
strategy: AuthenticationStrategy!
|
|
|
|
displayName: String!
|
|
|
|
order: Int!
|
|
|
|
config: [KeyValuePair] @auth(requires: ["manage:system"])
|
|
|
|
selfRegistration: Boolean!
|
|
|
|
domainWhitelist: [String]! @auth(requires: ["manage:system"])
|
|
|
|
autoEnrollGroups: [Int]! @auth(requires: ["manage:system"])
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationLoginResponse {
|
|
|
|
responseResult: ResponseStatus
|
|
|
|
jwt: String
|
|
|
|
mustChangePwd: Boolean
|
|
|
|
mustProvideTFA: Boolean
|
|
|
|
mustSetupTFA: Boolean
|
|
|
|
continuationToken: String
|
|
|
|
redirect: String
|
|
|
|
tfaQRImage: String
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationRegisterResponse {
|
|
|
|
responseResult: ResponseStatus
|
|
|
|
jwt: String
|
|
|
|
}
|
|
|
|
|
|
|
|
input AuthenticationStrategyInput {
|
|
|
|
key: String!
|
|
|
|
strategyKey: String!
|
|
|
|
config: [KeyValuePairInput]
|
|
|
|
displayName: String!
|
|
|
|
order: Int!
|
|
|
|
selfRegistration: Boolean!
|
|
|
|
domainWhitelist: [String]!
|
|
|
|
autoEnrollGroups: [Int]!
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationApiKey {
|
|
|
|
id: Int!
|
|
|
|
name: String!
|
|
|
|
keyShort: String!
|
|
|
|
expiration: Date!
|
|
|
|
createdAt: Date!
|
|
|
|
updatedAt: Date!
|
|
|
|
isRevoked: Boolean!
|
|
|
|
}
|
|
|
|
|
|
|
|
type AuthenticationCreateApiKeyResponse {
|
|
|
|
responseResult: ResponseStatus
|
|
|
|
key: String
|
|
|
|
}
|