core: handle FlowNonApplicableException correctly in source flow_manager
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
6020736430
commit
4cd629b5fc
|
@ -26,7 +26,6 @@ from authentik.flows.planner import (
|
||||||
from authentik.flows.views.executor import NEXT_ARG_NAME, SESSION_KEY_GET, SESSION_KEY_PLAN
|
from authentik.flows.views.executor import NEXT_ARG_NAME, SESSION_KEY_GET, SESSION_KEY_PLAN
|
||||||
from authentik.lib.utils.urls import redirect_with_qs
|
from authentik.lib.utils.urls import redirect_with_qs
|
||||||
from authentik.policies.denied import AccessDeniedResponse
|
from authentik.policies.denied import AccessDeniedResponse
|
||||||
from authentik.policies.types import PolicyResult
|
|
||||||
from authentik.policies.utils import delete_none_keys
|
from authentik.policies.utils import delete_none_keys
|
||||||
from authentik.stages.password import BACKEND_INBUILT
|
from authentik.stages.password import BACKEND_INBUILT
|
||||||
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
||||||
|
@ -165,8 +164,8 @@ class SourceFlowManager:
|
||||||
self._logger.debug("Handling enrollment of new user")
|
self._logger.debug("Handling enrollment of new user")
|
||||||
return self.handle_enroll(connection)
|
return self.handle_enroll(connection)
|
||||||
except FlowNonApplicableException as exc:
|
except FlowNonApplicableException as exc:
|
||||||
self._logger.warning("Flow non applicable", exc=exc, result=exc.policy_result)
|
self._logger.warning("Flow non applicable", exc=exc)
|
||||||
return self.error_handler(exc, exc.policy_result)
|
return self.error_handler(exc)
|
||||||
# Default case, assume deny
|
# Default case, assume deny
|
||||||
error = (
|
error = (
|
||||||
_(
|
_(
|
||||||
|
@ -179,14 +178,13 @@ class SourceFlowManager:
|
||||||
)
|
)
|
||||||
return self.error_handler(error)
|
return self.error_handler(error)
|
||||||
|
|
||||||
def error_handler(
|
def error_handler(self, error: Exception) -> HttpResponse:
|
||||||
self, error: Exception, policy_result: Optional[PolicyResult] = None
|
|
||||||
) -> HttpResponse:
|
|
||||||
"""Handle any errors by returning an access denied stage"""
|
"""Handle any errors by returning an access denied stage"""
|
||||||
response = AccessDeniedResponse(self.request)
|
response = AccessDeniedResponse(self.request)
|
||||||
response.error_message = str(error)
|
response.error_message = str(error)
|
||||||
if policy_result:
|
if isinstance(error, FlowNonApplicableException):
|
||||||
response.policy_result = policy_result
|
response.policy_result = error.policy_result
|
||||||
|
response.error_message = error.messages
|
||||||
return response
|
return response
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Generated by Django 4.0.5 on 2022-06-04 21:26
|
# Generated by Django 4.0.5 on 2022-06-04 21:26
|
||||||
|
|
||||||
from django.db import migrations
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
class Migration(migrations.Migration):
|
class Migration(migrations.Migration):
|
||||||
|
@ -14,4 +14,15 @@ class Migration(migrations.Migration):
|
||||||
model_name="oauth2provider",
|
model_name="oauth2provider",
|
||||||
name="verification_keys",
|
name="verification_keys",
|
||||||
),
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="oauth2provider",
|
||||||
|
name="client_type",
|
||||||
|
field=models.CharField(
|
||||||
|
choices=[("confidential", "Confidential"), ("public", "Public")],
|
||||||
|
default="confidential",
|
||||||
|
help_text="Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable",
|
||||||
|
max_length=30,
|
||||||
|
verbose_name="Client Type",
|
||||||
|
),
|
||||||
|
),
|
||||||
]
|
]
|
||||||
|
|
|
@ -74,7 +74,7 @@ slug: "2022.7"
|
||||||
- web/elements: auto-switch themes for codemirror
|
- web/elements: auto-switch themes for codemirror
|
||||||
- web/flows: add divider to identification stage for security key
|
- web/flows: add divider to identification stage for security key
|
||||||
- web/flows: fix error when webauthn operations failed and user retries
|
- web/flows: fix error when webauthn operations failed and user retries
|
||||||
- web/flows: remove autofocus from password field of identifications tage
|
- web/flows: remove autofocus from password field of identifications stage
|
||||||
- web/flows: statically import webauthn-related stages for safari issues
|
- web/flows: statically import webauthn-related stages for safari issues
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
Reference in a new issue