From 4cd629b5fc21a96f873745c4866d324b33bb7bda Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 3 Jul 2022 22:00:39 +0200 Subject: [PATCH] core: handle FlowNonApplicableException correctly in source flow_manager Signed-off-by: Jens Langhammer --- authentik/core/sources/flow_manager.py | 14 ++++++-------- ...0012_remove_oauth2provider_verification_keys.py | 13 ++++++++++++- website/docs/releases/v2022.7.md | 2 +- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/authentik/core/sources/flow_manager.py b/authentik/core/sources/flow_manager.py index d22ad533d..5133e4f0e 100644 --- a/authentik/core/sources/flow_manager.py +++ b/authentik/core/sources/flow_manager.py @@ -26,7 +26,6 @@ from authentik.flows.planner import ( from authentik.flows.views.executor import NEXT_ARG_NAME, SESSION_KEY_GET, SESSION_KEY_PLAN from authentik.lib.utils.urls import redirect_with_qs from authentik.policies.denied import AccessDeniedResponse -from authentik.policies.types import PolicyResult from authentik.policies.utils import delete_none_keys from authentik.stages.password import BACKEND_INBUILT from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND @@ -165,8 +164,8 @@ class SourceFlowManager: self._logger.debug("Handling enrollment of new user") return self.handle_enroll(connection) except FlowNonApplicableException as exc: - self._logger.warning("Flow non applicable", exc=exc, result=exc.policy_result) - return self.error_handler(exc, exc.policy_result) + self._logger.warning("Flow non applicable", exc=exc) + return self.error_handler(exc) # Default case, assume deny error = ( _( @@ -179,14 +178,13 @@ class SourceFlowManager: ) return self.error_handler(error) - def error_handler( - self, error: Exception, policy_result: Optional[PolicyResult] = None - ) -> HttpResponse: + def error_handler(self, error: Exception) -> HttpResponse: """Handle any errors by returning an access denied stage""" response = AccessDeniedResponse(self.request) response.error_message = str(error) - if policy_result: - response.policy_result = policy_result + if isinstance(error, FlowNonApplicableException): + response.policy_result = error.policy_result + response.error_message = error.messages return response # pylint: disable=unused-argument diff --git a/authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py b/authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py index 3a9168133..d75063ba1 100644 --- a/authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py +++ b/authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py @@ -1,6 +1,6 @@ # Generated by Django 4.0.5 on 2022-06-04 21:26 -from django.db import migrations +from django.db import migrations, models class Migration(migrations.Migration): @@ -14,4 +14,15 @@ class Migration(migrations.Migration): model_name="oauth2provider", name="verification_keys", ), + migrations.AlterField( + model_name="oauth2provider", + name="client_type", + field=models.CharField( + choices=[("confidential", "Confidential"), ("public", "Public")], + default="confidential", + help_text="Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable", + max_length=30, + verbose_name="Client Type", + ), + ), ] diff --git a/website/docs/releases/v2022.7.md b/website/docs/releases/v2022.7.md index acffbf9aa..7b9aa92e9 100644 --- a/website/docs/releases/v2022.7.md +++ b/website/docs/releases/v2022.7.md @@ -74,7 +74,7 @@ slug: "2022.7" - web/elements: auto-switch themes for codemirror - web/flows: add divider to identification stage for security key - web/flows: fix error when webauthn operations failed and user retries -- web/flows: remove autofocus from password field of identifications tage +- web/flows: remove autofocus from password field of identifications stage - web/flows: statically import webauthn-related stages for safari issues ## Upgrading