fix mobile users/me auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-12-18 11:53:48 +01:00
parent c19e12d1e1
commit 2c71d5714b
No known key found for this signature in database
2 changed files with 6 additions and 2 deletions

View File

@ -499,9 +499,9 @@ class UserViewSet(UsedByMixin, ModelViewSet):
pagination_class=None, pagination_class=None,
filter_backends=[], filter_backends=[],
authentication_classes=[ authentication_classes=[
MobileDeviceTokenAuthentication,
TokenAuthentication, TokenAuthentication,
SessionAuthentication, SessionAuthentication,
MobileDeviceTokenAuthentication,
], ],
) )
def user_me(self, request: Request) -> Response: def user_me(self, request: Request) -> Response:

View File

@ -3,6 +3,7 @@ from typing import Any
from drf_spectacular.extensions import OpenApiAuthenticationExtension from drf_spectacular.extensions import OpenApiAuthenticationExtension
from rest_framework.authentication import BaseAuthentication, get_authorization_header from rest_framework.authentication import BaseAuthentication, get_authorization_header
from rest_framework.exceptions import AuthenticationFailed
from rest_framework.request import Request from rest_framework.request import Request
from authentik.api.authentication import validate_auth from authentik.api.authentication import validate_auth
@ -17,7 +18,10 @@ class MobileDeviceTokenAuthentication(BaseAuthentication):
def authenticate(self, request: Request) -> tuple[User, Any] | None: def authenticate(self, request: Request) -> tuple[User, Any] | None:
"""Token-based authentication using HTTP Bearer authentication""" """Token-based authentication using HTTP Bearer authentication"""
auth = get_authorization_header(request) auth = get_authorization_header(request)
try:
raw_token = validate_auth(auth) raw_token = validate_auth(auth)
except AuthenticationFailed:
return None
device_token: MobileDeviceToken = MobileDeviceToken.filter_not_expired( device_token: MobileDeviceToken = MobileDeviceToken.filter_not_expired(
token=raw_token token=raw_token
).first() ).first()