stages/user_login: add default backend
closes #763 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
7ccf8bcdc8
commit
1f783dfc01
|
@ -39,13 +39,13 @@ from authentik.sources.saml.processors.constants import (
|
||||||
from authentik.sources.saml.processors.request import SESSION_REQUEST_ID
|
from authentik.sources.saml.processors.request import SESSION_REQUEST_ID
|
||||||
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
||||||
from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
|
from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
|
||||||
|
from authentik.stages.user_login.stage import DEFAULT_BACKEND
|
||||||
|
|
||||||
LOGGER = get_logger()
|
LOGGER = get_logger()
|
||||||
if TYPE_CHECKING:
|
if TYPE_CHECKING:
|
||||||
from xml.etree.ElementTree import Element # nosec
|
from xml.etree.ElementTree import Element # nosec
|
||||||
|
|
||||||
CACHE_SEEN_REQUEST_ID = "authentik_saml_seen_ids_%s"
|
CACHE_SEEN_REQUEST_ID = "authentik_saml_seen_ids_%s"
|
||||||
DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend"
|
|
||||||
|
|
||||||
|
|
||||||
class ResponseProcessor:
|
class ResponseProcessor:
|
||||||
|
|
|
@ -11,6 +11,7 @@ from authentik.lib.utils.time import timedelta_from_string
|
||||||
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
||||||
|
|
||||||
LOGGER = get_logger()
|
LOGGER = get_logger()
|
||||||
|
DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend"
|
||||||
|
|
||||||
|
|
||||||
class UserLoginStageView(StageView):
|
class UserLoginStageView(StageView):
|
||||||
|
@ -23,12 +24,9 @@ class UserLoginStageView(StageView):
|
||||||
messages.error(request, message)
|
messages.error(request, message)
|
||||||
LOGGER.debug(message)
|
LOGGER.debug(message)
|
||||||
return self.executor.stage_invalid()
|
return self.executor.stage_invalid()
|
||||||
if PLAN_CONTEXT_AUTHENTICATION_BACKEND not in self.executor.plan.context:
|
backend = self.executor.plan.context.get(
|
||||||
message = _("Pending user has no backend.")
|
PLAN_CONTEXT_AUTHENTICATION_BACKEND, DEFAULT_BACKEND
|
||||||
messages.error(request, message)
|
)
|
||||||
LOGGER.debug(message)
|
|
||||||
return self.executor.stage_invalid()
|
|
||||||
backend = self.executor.plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND]
|
|
||||||
login(
|
login(
|
||||||
self.request,
|
self.request,
|
||||||
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],
|
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],
|
||||||
|
|
|
@ -12,7 +12,6 @@ from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding
|
||||||
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
|
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
|
||||||
from authentik.flows.tests.test_views import TO_STAGE_RESPONSE_MOCK
|
from authentik.flows.tests.test_views import TO_STAGE_RESPONSE_MOCK
|
||||||
from authentik.flows.views import SESSION_KEY_PLAN
|
from authentik.flows.views import SESSION_KEY_PLAN
|
||||||
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
|
||||||
from authentik.stages.user_login.models import UserLoginStage
|
from authentik.stages.user_login.models import UserLoginStage
|
||||||
|
|
||||||
|
|
||||||
|
@ -38,9 +37,6 @@ class TestUserLoginStage(TestCase):
|
||||||
flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
|
flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
|
||||||
)
|
)
|
||||||
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
|
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
|
||||||
plan.context[
|
|
||||||
PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
|
||||||
] = "django.contrib.auth.backends.ModelBackend"
|
|
||||||
session = self.client.session
|
session = self.client.session
|
||||||
session[SESSION_KEY_PLAN] = plan
|
session[SESSION_KEY_PLAN] = plan
|
||||||
session.save()
|
session.save()
|
||||||
|
@ -82,32 +78,3 @@ class TestUserLoginStage(TestCase):
|
||||||
"type": ChallengeTypes.NATIVE.value,
|
"type": ChallengeTypes.NATIVE.value,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
@patch(
|
|
||||||
"authentik.flows.views.to_stage_response",
|
|
||||||
TO_STAGE_RESPONSE_MOCK,
|
|
||||||
)
|
|
||||||
def test_without_backend(self):
|
|
||||||
"""Test a plan with pending user, without backend, resulting in a denied"""
|
|
||||||
plan = FlowPlan(
|
|
||||||
flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
|
|
||||||
)
|
|
||||||
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
|
|
||||||
session = self.client.session
|
|
||||||
session[SESSION_KEY_PLAN] = plan
|
|
||||||
session.save()
|
|
||||||
|
|
||||||
response = self.client.get(
|
|
||||||
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
|
|
||||||
)
|
|
||||||
|
|
||||||
self.assertEqual(response.status_code, 200)
|
|
||||||
self.assertJSONEqual(
|
|
||||||
force_str(response.content),
|
|
||||||
{
|
|
||||||
"component": "ak-stage-access-denied",
|
|
||||||
"error_message": None,
|
|
||||||
"title": "",
|
|
||||||
"type": ChallengeTypes.NATIVE.value,
|
|
||||||
},
|
|
||||||
)
|
|
||||||
|
|
Reference in a new issue