web/flows: improve error messages for failed duo push
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
118555c97a
commit
1c2cdfe06a
|
@ -208,8 +208,7 @@ def validate_challenge_duo(device_pk: int, stage_view: StageView, user: User) ->
|
||||||
stage=stage_view.executor.current_stage,
|
stage=stage_view.executor.current_stage,
|
||||||
device_class=DeviceClasses.DUO.value,
|
device_class=DeviceClasses.DUO.value,
|
||||||
)
|
)
|
||||||
raise ValidationError("Duo denied access")
|
raise ValidationError("Duo denied access", code="denied")
|
||||||
device.save()
|
|
||||||
return device
|
return device
|
||||||
except RuntimeError as exc:
|
except RuntimeError as exc:
|
||||||
Event.new(
|
Event.new(
|
||||||
|
@ -217,4 +216,4 @@ def validate_challenge_duo(device_pk: int, stage_view: StageView, user: User) ->
|
||||||
message=f"Failed to DUO authenticate user: {str(exc)}",
|
message=f"Failed to DUO authenticate user: {str(exc)}",
|
||||||
user=user,
|
user=user,
|
||||||
).from_http(stage_view.request, user)
|
).from_http(stage_view.request, user)
|
||||||
raise ValidationError("Duo denied access")
|
raise ValidationError("Duo denied access", code="denied")
|
||||||
|
|
|
@ -73,7 +73,17 @@ class AuthenticatorValidateStageDuoTests(FlowTestCase):
|
||||||
)
|
)
|
||||||
with patch(
|
with patch(
|
||||||
"authentik.stages.authenticator_duo.models.AuthenticatorDuoStage.auth_client",
|
"authentik.stages.authenticator_duo.models.AuthenticatorDuoStage.auth_client",
|
||||||
MagicMock(return_value=MagicMock(auth=MagicMock(return_value={"result": "deny"}))),
|
MagicMock(
|
||||||
|
return_value=MagicMock(
|
||||||
|
auth=MagicMock(
|
||||||
|
return_value={
|
||||||
|
"result": "deny",
|
||||||
|
"status": "deny",
|
||||||
|
"status_msg": "foo",
|
||||||
|
}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
),
|
||||||
):
|
):
|
||||||
with self.assertRaises(ValidationError):
|
with self.assertRaises(ValidationError):
|
||||||
validate_challenge_duo(
|
validate_challenge_duo(
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
import { AKElement } from "@goauthentik/elements/Base";
|
||||||
import "@goauthentik/elements/EmptyState";
|
import "@goauthentik/elements/EmptyState";
|
||||||
import "@goauthentik/flow/FormStatic";
|
import "@goauthentik/flow/FormStatic";
|
||||||
import { BaseStage } from "@goauthentik/flow/stages/base";
|
import { BaseStage } from "@goauthentik/flow/stages/base";
|
||||||
|
@ -5,7 +6,7 @@ import { BaseStage } from "@goauthentik/flow/stages/base";
|
||||||
import { t } from "@lingui/macro";
|
import { t } from "@lingui/macro";
|
||||||
|
|
||||||
import { CSSResult, TemplateResult, css, html } from "lit";
|
import { CSSResult, TemplateResult, css, html } from "lit";
|
||||||
import { customElement } from "lit/decorators.js";
|
import { customElement, property } from "lit/decorators.js";
|
||||||
import { ifDefined } from "lit/directives/if-defined.js";
|
import { ifDefined } from "lit/directives/if-defined.js";
|
||||||
|
|
||||||
import AKGlobal from "@goauthentik/common/styles/authentik.css";
|
import AKGlobal from "@goauthentik/common/styles/authentik.css";
|
||||||
|
@ -18,18 +19,14 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||||
|
|
||||||
import { AccessDeniedChallenge, FlowChallengeResponseRequest } from "@goauthentik/api";
|
import { AccessDeniedChallenge, FlowChallengeResponseRequest } from "@goauthentik/api";
|
||||||
|
|
||||||
@customElement("ak-stage-access-denied")
|
@customElement("ak-stage-access-denied-icon")
|
||||||
export class AccessDeniedStage extends BaseStage<
|
export class AccessDeniedIcon extends AKElement {
|
||||||
AccessDeniedChallenge,
|
@property()
|
||||||
FlowChallengeResponseRequest
|
errorMessage?: string;
|
||||||
> {
|
|
||||||
static get styles(): CSSResult[] {
|
static get styles(): CSSResult[] {
|
||||||
return [
|
return [
|
||||||
PFBase,
|
PFBase,
|
||||||
PFLogin,
|
|
||||||
PFForm,
|
|
||||||
PFList,
|
|
||||||
PFFormControl,
|
|
||||||
PFTitle,
|
PFTitle,
|
||||||
AKGlobal,
|
AKGlobal,
|
||||||
css`
|
css`
|
||||||
|
@ -50,6 +47,29 @@ export class AccessDeniedStage extends BaseStage<
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
render(): TemplateResult {
|
||||||
|
return html` <div class="pf-c-form__group">
|
||||||
|
<p class="big-icon">
|
||||||
|
<i class="pf-icon pf-icon-error-circle-o"></i>
|
||||||
|
</p>
|
||||||
|
<h3 class="pf-c-title pf-m-3xl reason">${t`Request has been denied.`}</h3>
|
||||||
|
${this.errorMessage
|
||||||
|
? html`<hr />
|
||||||
|
<p>${this.errorMessage}</p>`
|
||||||
|
: html``}
|
||||||
|
</div>`;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@customElement("ak-stage-access-denied")
|
||||||
|
export class AccessDeniedStage extends BaseStage<
|
||||||
|
AccessDeniedChallenge,
|
||||||
|
FlowChallengeResponseRequest
|
||||||
|
> {
|
||||||
|
static get styles(): CSSResult[] {
|
||||||
|
return [PFBase, PFLogin, PFForm, PFList, PFFormControl, PFTitle, AKGlobal];
|
||||||
|
}
|
||||||
|
|
||||||
render(): TemplateResult {
|
render(): TemplateResult {
|
||||||
if (!this.challenge) {
|
if (!this.challenge) {
|
||||||
return html`<ak-empty-state ?loading="${true}" header=${t`Loading`}> </ak-empty-state>`;
|
return html`<ak-empty-state ?loading="${true}" header=${t`Loading`}> </ak-empty-state>`;
|
||||||
|
@ -70,15 +90,10 @@ export class AccessDeniedStage extends BaseStage<
|
||||||
>
|
>
|
||||||
</div>
|
</div>
|
||||||
</ak-form-static>
|
</ak-form-static>
|
||||||
<div class="pf-c-form__group">
|
<ak-stage-access-denied-icon
|
||||||
<p class="big-icon">
|
errorMessage=${ifDefined(this.challenge.errorMessage)}
|
||||||
<i class="pf-icon pf-icon-error-circle-o"></i>
|
>
|
||||||
</p>
|
</ak-stage-access-denied-icon>
|
||||||
<h3 class="pf-c-title pf-m-3xl reason">${t`Request has been denied.`}</h3>
|
|
||||||
${this.challenge?.errorMessage &&
|
|
||||||
html`<hr />
|
|
||||||
<p>${this.challenge.errorMessage}</p>`}
|
|
||||||
</div>
|
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
<footer class="pf-c-login__main-footer">
|
<footer class="pf-c-login__main-footer">
|
||||||
|
|
|
@ -69,15 +69,17 @@ export class AuthenticatorValidateStageWebDuo extends BaseStage<
|
||||||
</div>
|
</div>
|
||||||
</ak-form-static>
|
</ak-form-static>
|
||||||
|
|
||||||
${errors.map((err) => {
|
${errors.length > 0
|
||||||
|
? errors.map((err) => {
|
||||||
|
if (err.code === "denied") {
|
||||||
|
return html` <ak-stage-access-denied-icon
|
||||||
|
errorMessage=${err.string}
|
||||||
|
>
|
||||||
|
</ak-stage-access-denied-icon>`;
|
||||||
|
}
|
||||||
return html`<p>${err.string}</p>`;
|
return html`<p>${err.string}</p>`;
|
||||||
})}
|
})
|
||||||
|
: html`${t`Sending Duo push notification`}`}
|
||||||
<div class="pf-c-form__group pf-m-action">
|
|
||||||
<button type="submit" class="pf-c-button pf-m-primary pf-m-block">
|
|
||||||
${t`Continue`}
|
|
||||||
</button>
|
|
||||||
</div>
|
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
<footer class="pf-c-login__main-footer">
|
<footer class="pf-c-login__main-footer">
|
||||||
|
|
Reference in a new issue