core: fix authentication error when no request is given

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/core/auth.py

@@ -20,15 +20,22 @@ class InbuiltBackend(ModelBackend):
         user = super().authenticate(request, username=username, password=password, **kwargs)
         if not user:
             return None
+        self.set_method("password", request)
+        return user
+
+    def set_method(self, method: str, request: Optional[HttpRequest], **kwargs):
+        """Set method data on current flow, if possbiel"""
+        if not request:
+            return
         # Since we can't directly pass other variables to signals, and we want to log the method
         # and the token used, we assume we're running in a flow and set a variable in the context
         flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN]
-        flow_plan.context[PLAN_CONTEXT_METHOD] = "password"
+        flow_plan.context[PLAN_CONTEXT_METHOD] = method
+        flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = kwargs
         request.session[SESSION_KEY_PLAN] = flow_plan
-        return user
 
 
-class TokenBackend(ModelBackend):
+class TokenBackend(InbuiltBackend):
     """Authenticate with token"""
 
     def authenticate(
@@ -47,10 +54,5 @@ class TokenBackend(ModelBackend):
         if not tokens.exists():
             return None
         token = tokens.first()
-        # Since we can't directly pass other variables to signals, and we want to log the method
+        self.set_method("password", request, token=token)
-        # and the token used, we assume we're running in a flow and set a variable in the context
-        flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN]
-        flow_plan.context[PLAN_CONTEXT_METHOD] = "app_password"
-        flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = {"token": token}
-        request.session[SESSION_KEY_PLAN] = flow_plan
         return token.user

authentik/sources/ldap/auth.py

@@ -2,21 +2,18 @@
 from typing import Optional
 
 import ldap3
-from django.contrib.auth.backends import ModelBackend
 from django.http import HttpRequest
 from structlog.stdlib import get_logger
 
+from authentik.core.auth import InbuiltBackend
 from authentik.core.models import User
-from authentik.flows.planner import FlowPlan
-from authentik.flows.views import SESSION_KEY_PLAN
 from authentik.sources.ldap.models import LDAPSource
-from authentik.stages.password.stage import PLAN_CONTEXT_METHOD, PLAN_CONTEXT_METHOD_ARGS
 
 LOGGER = get_logger()
 LDAP_DISTINGUISHED_NAME = "distinguishedName"
 
 
-class LDAPBackend(ModelBackend):
+class LDAPBackend(InbuiltBackend):
     """Authenticate users against LDAP Server"""
 
     def authenticate(self, request: HttpRequest, **kwargs):
@@ -27,13 +24,7 @@ class LDAPBackend(ModelBackend):
             LOGGER.debug("LDAP Auth attempt", source=source)
             user = self.auth_user(source, **kwargs)
             if user:
-                # Since we can't directly pass other variables to signals, and we want to log
+                self.set_method("ldap", request, source=source)
-                # the method and the token used, we assume we're running in a flow and
-                # set a variable in the context
-                flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN]
-                flow_plan.context[PLAN_CONTEXT_METHOD] = "ldap"
-                flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = {"source": source}
-                request.session[SESSION_KEY_PLAN] = flow_plan
                 return user
         return None