stages/user_write: if any connection is being sent in the plan context, save it to the user

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-06 22:08:06 +02:00
parent 83e08f12ae
commit 241d790e69
3 changed files with 13 additions and 9 deletions

View file

@ -11,7 +11,6 @@ from django.utils.translation import gettext as _
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.core.models import ( from authentik.core.models import (
USER_ATTRIBUTE_SOURCES,
Source, Source,
SourceUserMatchingModes, SourceUserMatchingModes,
User, User,
@ -271,11 +270,6 @@ class SourceFlowManager:
if not self.source.enrollment_flow: if not self.source.enrollment_flow:
self._logger.warning("source has no enrollment flow") self._logger.warning("source has no enrollment flow")
return HttpResponseBadRequest() return HttpResponseBadRequest()
if USER_ATTRIBUTE_SOURCES not in self.enroll_info or not isinstance(
self.enroll_info[USER_ATTRIBUTE_SOURCES], list
):
self.enroll_info[USER_ATTRIBUTE_SOURCES] = []
self.enroll_info[USER_ATTRIBUTE_SOURCES].append(self.source.name)
return self._handle_login_flow( return self._handle_login_flow(
self.source.enrollment_flow, self.source.enrollment_flow,
**{ **{

View file

@ -1,5 +1,4 @@
"""Plex Source Serializer""" """Plex Source Serializer"""
from django.http import Http404
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from drf_yasg import openapi from drf_yasg import openapi
from drf_yasg.utils import swagger_auto_schema from drf_yasg.utils import swagger_auto_schema

View file

@ -7,7 +7,8 @@ from django.utils.translation import gettext as _
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.core.middleware import SESSION_IMPERSONATE_USER from authentik.core.middleware import SESSION_IMPERSONATE_USER
from authentik.core.models import User from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection
from authentik.core.sources.stage import PLAN_CONTEXT_SOURCES_CONNECTION
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
from authentik.flows.stage import StageView from authentik.flows.stage import StageView
from authentik.lib.utils.reflection import class_to_path from authentik.lib.utils.reflection import class_to_path
@ -41,7 +42,7 @@ class UserWriteStageView(StageView):
flow_slug=self.executor.flow.slug, flow_slug=self.executor.flow.slug,
) )
user_created = True user_created = True
user = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
# Before we change anything, check if the user is the same as in the request # Before we change anything, check if the user is the same as in the request
# and we're updating a password. In that case we need to update the session hash # and we're updating a password. In that case we need to update the session hash
# Also check that we're not currently impersonating, so we don't update the session # Also check that we're not currently impersonating, so we don't update the session
@ -73,6 +74,16 @@ class UserWriteStageView(StageView):
if user.username == "": if user.username == "":
LOGGER.warning("Aborting write to empty username", user=user) LOGGER.warning("Aborting write to empty username", user=user)
return self.executor.stage_invalid() return self.executor.stage_invalid()
# Check if we're writing from a source, and save the source to the attributes
if PLAN_CONTEXT_SOURCES_CONNECTION in self.executor.plan.context:
if USER_ATTRIBUTE_SOURCES not in user.attributes or not isinstance(
user.attributes.get(USER_ATTRIBUTE_SOURCES), list
):
user.attributes[USER_ATTRIBUTE_SOURCES] = []
connection: UserSourceConnection = self.executor.plan.context[
PLAN_CONTEXT_SOURCES_CONNECTION
]
user.attributes[USER_ATTRIBUTE_SOURCES].append(connection.source.name)
user.save() user.save()
user_write.send( user_write.send(
sender=self, request=request, user=user, data=data, created=user_created sender=self, request=request, user=user, data=data, created=user_created