core: fix token identifier not being slugified when created with user-controller input

closes #1390

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-09-20 13:43:25 +02:00
parent b5c857aff4
commit 3f84abec2f
2 changed files with 4 additions and 2 deletions

View file

@ -8,6 +8,7 @@ from django.db.transaction import atomic
from django.db.utils import IntegrityError from django.db.utils import IntegrityError
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.utils.http import urlencode from django.utils.http import urlencode
from django.utils.text import slugify
from django.utils.timezone import now from django.utils.timezone import now
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from django_filters.filters import BooleanFilter, CharFilter, ModelMultipleChoiceFilter from django_filters.filters import BooleanFilter, CharFilter, ModelMultipleChoiceFilter
@ -273,7 +274,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
) )
group.users.add(user) group.users.add(user)
token = Token.objects.create( token = Token.objects.create(
identifier=f"service-account-{username}-password", identifier=slugify(f"service-account-{username}-password"),
intent=TokenIntents.INTENT_APP_PASSWORD, intent=TokenIntents.INTENT_APP_PASSWORD,
user=user, user=user,
expires=now() + timedelta(days=360), expires=now() + timedelta(days=360),

View file

@ -4,6 +4,7 @@ from getpass import getuser
from django.core.management.base import BaseCommand from django.core.management.base import BaseCommand
from django.urls import reverse from django.urls import reverse
from django.utils.text import slugify
from django.utils.timezone import now from django.utils.timezone import now
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
@ -42,7 +43,7 @@ class Command(BaseCommand):
user=user, user=user,
intent=TokenIntents.INTENT_RECOVERY, intent=TokenIntents.INTENT_RECOVERY,
description=f"Recovery Token generated by {getuser()} on {_now}", description=f"Recovery Token generated by {getuser()} on {_now}",
identifier=f"ak-recovery-{user}-{_now}", identifier=slugify(f"ak-recovery-{user}-{_now}"),
) )
self.stdout.write( self.stdout.write(
(f"Store this link safely, as it will allow" f" anyone to access authentik as {user}.") (f"Store this link safely, as it will allow" f" anyone to access authentik as {user}.")