core: fix authentication error when no request is given

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-08-23 19:05:54 +02:00
parent b2f077645a
commit 27cc5d7138
2 changed files with 14 additions and 21 deletions

View file

@ -20,15 +20,22 @@ class InbuiltBackend(ModelBackend):
user = super().authenticate(request, username=username, password=password, **kwargs)
if not user:
return None
self.set_method("password", request)
return user
def set_method(self, method: str, request: Optional[HttpRequest], **kwargs):
"""Set method data on current flow, if possbiel"""
if not request:
return
# Since we can't directly pass other variables to signals, and we want to log the method
# and the token used, we assume we're running in a flow and set a variable in the context
flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN]
flow_plan.context[PLAN_CONTEXT_METHOD] = "password"
flow_plan.context[PLAN_CONTEXT_METHOD] = method
flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = kwargs
request.session[SESSION_KEY_PLAN] = flow_plan
return user
class TokenBackend(ModelBackend):
class TokenBackend(InbuiltBackend):
"""Authenticate with token"""
def authenticate(
@ -47,10 +54,5 @@ class TokenBackend(ModelBackend):
if not tokens.exists():
return None
token = tokens.first()
# Since we can't directly pass other variables to signals, and we want to log the method
# and the token used, we assume we're running in a flow and set a variable in the context
flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN]
flow_plan.context[PLAN_CONTEXT_METHOD] = "app_password"
flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = {"token": token}
request.session[SESSION_KEY_PLAN] = flow_plan
self.set_method("password", request, token=token)
return token.user

View file

@ -2,21 +2,18 @@
from typing import Optional
import ldap3
from django.contrib.auth.backends import ModelBackend
from django.http import HttpRequest
from structlog.stdlib import get_logger
from authentik.core.auth import InbuiltBackend
from authentik.core.models import User
from authentik.flows.planner import FlowPlan
from authentik.flows.views import SESSION_KEY_PLAN
from authentik.sources.ldap.models import LDAPSource
from authentik.stages.password.stage import PLAN_CONTEXT_METHOD, PLAN_CONTEXT_METHOD_ARGS
LOGGER = get_logger()
LDAP_DISTINGUISHED_NAME = "distinguishedName"
class LDAPBackend(ModelBackend):
class LDAPBackend(InbuiltBackend):
"""Authenticate users against LDAP Server"""
def authenticate(self, request: HttpRequest, **kwargs):
@ -27,13 +24,7 @@ class LDAPBackend(ModelBackend):
LOGGER.debug("LDAP Auth attempt", source=source)
user = self.auth_user(source, **kwargs)
if user:
# Since we can't directly pass other variables to signals, and we want to log
# the method and the token used, we assume we're running in a flow and
# set a variable in the context
flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN]
flow_plan.context[PLAN_CONTEXT_METHOD] = "ldap"
flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = {"source": source}
request.session[SESSION_KEY_PLAN] = flow_plan
self.set_method("ldap", request, source=source)
return user
return None