From 27cc5d71386a6d03c2eea9cd4099333a07ddc39d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 23 Aug 2021 19:05:54 +0200 Subject: [PATCH] core: fix authentication error when no request is given Signed-off-by: Jens Langhammer --- authentik/core/auth.py | 20 +++++++++++--------- authentik/sources/ldap/auth.py | 15 +++------------ 2 files changed, 14 insertions(+), 21 deletions(-) diff --git a/authentik/core/auth.py b/authentik/core/auth.py index 42a84cf14..851177bec 100644 --- a/authentik/core/auth.py +++ b/authentik/core/auth.py @@ -20,15 +20,22 @@ class InbuiltBackend(ModelBackend): user = super().authenticate(request, username=username, password=password, **kwargs) if not user: return None + self.set_method("password", request) + return user + + def set_method(self, method: str, request: Optional[HttpRequest], **kwargs): + """Set method data on current flow, if possbiel""" + if not request: + return # Since we can't directly pass other variables to signals, and we want to log the method # and the token used, we assume we're running in a flow and set a variable in the context flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN] - flow_plan.context[PLAN_CONTEXT_METHOD] = "password" + flow_plan.context[PLAN_CONTEXT_METHOD] = method + flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = kwargs request.session[SESSION_KEY_PLAN] = flow_plan - return user -class TokenBackend(ModelBackend): +class TokenBackend(InbuiltBackend): """Authenticate with token""" def authenticate( @@ -47,10 +54,5 @@ class TokenBackend(ModelBackend): if not tokens.exists(): return None token = tokens.first() - # Since we can't directly pass other variables to signals, and we want to log the method - # and the token used, we assume we're running in a flow and set a variable in the context - flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN] - flow_plan.context[PLAN_CONTEXT_METHOD] = "app_password" - flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = {"token": token} - request.session[SESSION_KEY_PLAN] = flow_plan + self.set_method("password", request, token=token) return token.user diff --git a/authentik/sources/ldap/auth.py b/authentik/sources/ldap/auth.py index 10bd55b40..0d052a42a 100644 --- a/authentik/sources/ldap/auth.py +++ b/authentik/sources/ldap/auth.py @@ -2,21 +2,18 @@ from typing import Optional import ldap3 -from django.contrib.auth.backends import ModelBackend from django.http import HttpRequest from structlog.stdlib import get_logger +from authentik.core.auth import InbuiltBackend from authentik.core.models import User -from authentik.flows.planner import FlowPlan -from authentik.flows.views import SESSION_KEY_PLAN from authentik.sources.ldap.models import LDAPSource -from authentik.stages.password.stage import PLAN_CONTEXT_METHOD, PLAN_CONTEXT_METHOD_ARGS LOGGER = get_logger() LDAP_DISTINGUISHED_NAME = "distinguishedName" -class LDAPBackend(ModelBackend): +class LDAPBackend(InbuiltBackend): """Authenticate users against LDAP Server""" def authenticate(self, request: HttpRequest, **kwargs): @@ -27,13 +24,7 @@ class LDAPBackend(ModelBackend): LOGGER.debug("LDAP Auth attempt", source=source) user = self.auth_user(source, **kwargs) if user: - # Since we can't directly pass other variables to signals, and we want to log - # the method and the token used, we assume we're running in a flow and - # set a variable in the context - flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN] - flow_plan.context[PLAN_CONTEXT_METHOD] = "ldap" - flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = {"source": source} - request.session[SESSION_KEY_PLAN] = flow_plan + self.set_method("ldap", request, source=source) return user return None