audit: fix internal server error from passing models

This commit is contained in:
Jens Langhammer 2019-12-31 11:40:03 +01:00
parent 323b4b4a5d
commit 31ea2e7139
4 changed files with 7 additions and 6 deletions

View file

@ -78,7 +78,7 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
def form_valid(self, form):
# User has clicked on "Authorize"
Event.new(EventAction.AUTHORIZE_APPLICATION,
authorized_application=self._application).from_http(self.request)
authorized_application=self._application.pk).from_http(self.request)
LOGGER.debug('User authorized Application',
user=self.request.user, application=self._application)
return super().form_valid(form)

View file

@ -9,6 +9,7 @@ from passbook.policies.engine import PolicyEngine
LOGGER = get_logger()
def check_permissions(request, user, client):
"""Check permissions, used for
https://django-oidc-provider.readthedocs.io/en/latest/
@ -29,6 +30,6 @@ def check_permissions(request, user, client):
return redirect('passbook_providers_oauth:oauth2-permission-denied')
Event.new(EventAction.AUTHORIZE_APPLICATION,
authorized_application=application,
authorized_application=application.pk,
skipped_authorization=False).from_http(request)
return None

View file

@ -124,7 +124,7 @@ class LoginProcessView(AccessRequiredView):
ctx = self.provider.processor.generate_response()
# Log Application Authorization
Event.new(EventAction.AUTHORIZE_APPLICATION,
authorized_application=self.provider.application,
authorized_application=self.provider.application.pk,
skipped_authorization=True).from_http(request)
return RedirectToSPView.as_view()(
request=request,
@ -144,7 +144,7 @@ class LoginProcessView(AccessRequiredView):
if request.POST.get('ACSUrl', None):
# User accepted request
Event.new(EventAction.AUTHORIZE_APPLICATION,
authorized_application=self.provider.application,
authorized_application=self.provider.application.pk,
skipped_authorization=False).from_http(request)
return RedirectToSPView.as_view()(
request=request,

View file

@ -181,7 +181,7 @@ class OAuthCallback(OAuthClientMixin, View):
access.save()
UserOAuthSourceConnection.objects.filter(pk=access.pk).update(user=user)
Event.new(EventAction.CUSTOM, message="Linked OAuth Source",
source=source).from_http(self.request)
source=source.pk).from_http(self.request)
if was_authenticated:
messages.success(self.request, _("Successfully linked %(source)s!" % {
'source': self.source.name