policies: fix current user not being set in server-side policy deny

closes #2039

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-04-21 22:30:27 +02:00
parent c8c69a9a56
commit 2399fa456b
5 changed files with 36 additions and 6 deletions

View file

@ -12,6 +12,25 @@
.pf-c-background-image::before { .pf-c-background-image::before {
--ak-flow-background: url("/static/dist/assets/images/flow_background.jpg"); --ak-flow-background: url("/static/dist/assets/images/flow_background.jpg");
} }
/* Form with user */
.form-control-static {
margin-top: var(--pf-global--spacer--sm);
display: flex;
align-items: center;
justify-content: space-between;
}
.form-control-static .avatar {
display: flex;
align-items: center;
}
.form-control-static img {
margin-right: var(--pf-global--spacer--xs);
}
.form-control-static a {
padding-top: var(--pf-global--spacer--xs);
padding-bottom: var(--pf-global--spacer--xs);
line-height: var(--pf-global--spacer--xl);
}
</style> </style>
{% endblock %} {% endblock %}
@ -59,13 +78,11 @@
<a href="{{ link.href }}">{{ link.name }}</a> <a href="{{ link.href }}">{{ link.name }}</a>
</li> </li>
{% endfor %} {% endfor %}
{% if tenant.branding_title != "authentik" %}
<li> <li>
<a href="https://goauthentik.io?utm_source=authentik"> <a href="https://goauthentik.io?utm_source=authentik">
{% trans 'Powered by authentik' %} {% trans 'Powered by authentik' %}
</a> </a>
</li> </li>
{% endif %}
</ul> </ul>
</footer> </footer>
</div> </div>

View file

@ -3,6 +3,7 @@ from typing import Any, Optional
from django.http.request import HttpRequest from django.http.request import HttpRequest
from django.template.response import TemplateResponse from django.template.response import TemplateResponse
from django.urls import reverse
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from authentik.core.models import USER_ATTRIBUTE_DEBUG from authentik.core.models import USER_ATTRIBUTE_DEBUG
@ -37,4 +38,5 @@ class AccessDeniedResponse(TemplateResponse):
self._request self._request
).get(USER_ATTRIBUTE_DEBUG, False): ).get(USER_ATTRIBUTE_DEBUG, False):
context["policy_result"] = self.policy_result context["policy_result"] = self.policy_result
context["cancel"] = reverse("authentik_flows:cancel")
return context return context

View file

@ -12,8 +12,21 @@
{% endblock %} {% endblock %}
{% block card %} {% block card %}
<form method="POST" class="pf-c-form"> <form class="pf-c-form">
{% csrf_token %} {% csrf_token %}
{% if user.is_authenticated %}
<div class="pf-c-form__group">
<div class="form-control-static">
<div class="avatar">
<img class="pf-c-avatar" src="{{ user.avatar }}" alt="{% trans "User's avatar" %}" />
{{ user.username }}
</div>
<div slot="link">
<a href="{{ cancel }}">{% trans "Not you?" %}</a>
</div>
</div>
</div>
{% endif %}
<div class="pf-c-form__group"> <div class="pf-c-form__group">
<p> <p>
<i class="pf-icon pf-icon-error-circle-o"></i> <i class="pf-icon pf-icon-error-circle-o"></i>

View file

@ -37,6 +37,7 @@ html > form > input {
.pf-c-login__main { .pf-c-login__main {
display: block; display: block;
position: relative; position: relative;
width: 100%;
} }
.ak-login-container { .ak-login-container {
height: calc(100vh - var(--pf-global--spacer--lg) - var(--pf-global--spacer--lg)); height: calc(100vh - var(--pf-global--spacer--lg) - var(--pf-global--spacer--lg));

View file

@ -113,9 +113,6 @@ export class FlowExecutor extends LitElement implements StageHost {
.pf-c-drawer__content { .pf-c-drawer__content {
background-color: transparent; background-color: transparent;
} }
.pf-c-login__main {
width: 100%;
}
`); `);
} }