trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/*: pass policy result objects when access denied

This commit is contained in:
Jens Langhammer 2020-09-14 21:52:25 +02:00
parent 812cc0d2f1
commit 3cf558d594
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
passbook/providers/oauth2/views/authorize.py
View File

@ -323,7 +323,7 @@ class AuthorizationFlowInitView(PolicyAccessMixin, View):
try: try:
application = self.provider_to_application(provider) application = self.provider_to_application(provider)
except Application.DoesNotExist: except Application.DoesNotExist:
return self.handle_no_permission_authorized() return self.handle_no_permission_authenticated()
# Check if user is unauthenticated, so we pass the application # Check if user is unauthenticated, so we pass the application
# for the identification stage # for the identification stage
if not request.user.is_authenticated: if not request.user.is_authenticated:
@ -331,7 +331,7 @@ class AuthorizationFlowInitView(PolicyAccessMixin, View):
# Check permissions # Check permissions
result = self.user_has_access(application) result = self.user_has_access(application)
if not result.passing: if not result.passing:
return self.handle_no_permission_authorized() return self.handle_no_permission_authenticated(result)
# TODO: End block # TODO: End block
# Extract params so we can save them in the plan context # Extract params so we can save them in the plan context
try: try:

5
passbook/providers/saml/views.py
View File

@ -62,8 +62,9 @@ class SAMLSSOView(PolicyAccessMixin, View):
) )
if not request.user.is_authenticated: if not request.user.is_authenticated:
return self.handle_no_permission(self.application) return self.handle_no_permission(self.application)
if not self.user_has_access(self.application).passing: has_access = self.user_has_access(self.application)
return self.handle_no_permission_authorized() if not has_access.passing:
return self.handle_no_permission_authenticated(has_access)
# Call the method handler, which checks the SAML Request # Call the method handler, which checks the SAML Request
method_response = super().dispatch(request, *args, application_slug, **kwargs) method_response = super().dispatch(request, *args, application_slug, **kwargs)
if method_response: if method_response: