core: handle FlowNonApplicableException correctly in source flow_manager

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-07-03 22:00:39 +02:00
parent 6020736430
commit 4cd629b5fc
3 changed files with 19 additions and 10 deletions

View file

@ -26,7 +26,6 @@ from authentik.flows.planner import (
from authentik.flows.views.executor import NEXT_ARG_NAME, SESSION_KEY_GET, SESSION_KEY_PLAN from authentik.flows.views.executor import NEXT_ARG_NAME, SESSION_KEY_GET, SESSION_KEY_PLAN
from authentik.lib.utils.urls import redirect_with_qs from authentik.lib.utils.urls import redirect_with_qs
from authentik.policies.denied import AccessDeniedResponse from authentik.policies.denied import AccessDeniedResponse
from authentik.policies.types import PolicyResult
from authentik.policies.utils import delete_none_keys from authentik.policies.utils import delete_none_keys
from authentik.stages.password import BACKEND_INBUILT from authentik.stages.password import BACKEND_INBUILT
from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
@ -165,8 +164,8 @@ class SourceFlowManager:
self._logger.debug("Handling enrollment of new user") self._logger.debug("Handling enrollment of new user")
return self.handle_enroll(connection) return self.handle_enroll(connection)
except FlowNonApplicableException as exc: except FlowNonApplicableException as exc:
self._logger.warning("Flow non applicable", exc=exc, result=exc.policy_result) self._logger.warning("Flow non applicable", exc=exc)
return self.error_handler(exc, exc.policy_result) return self.error_handler(exc)
# Default case, assume deny # Default case, assume deny
error = ( error = (
_( _(
@ -179,14 +178,13 @@ class SourceFlowManager:
) )
return self.error_handler(error) return self.error_handler(error)
def error_handler( def error_handler(self, error: Exception) -> HttpResponse:
self, error: Exception, policy_result: Optional[PolicyResult] = None
) -> HttpResponse:
"""Handle any errors by returning an access denied stage""" """Handle any errors by returning an access denied stage"""
response = AccessDeniedResponse(self.request) response = AccessDeniedResponse(self.request)
response.error_message = str(error) response.error_message = str(error)
if policy_result: if isinstance(error, FlowNonApplicableException):
response.policy_result = policy_result response.policy_result = error.policy_result
response.error_message = error.messages
return response return response
# pylint: disable=unused-argument # pylint: disable=unused-argument

View file

@ -1,6 +1,6 @@
# Generated by Django 4.0.5 on 2022-06-04 21:26 # Generated by Django 4.0.5 on 2022-06-04 21:26
from django.db import migrations from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
@ -14,4 +14,15 @@ class Migration(migrations.Migration):
model_name="oauth2provider", model_name="oauth2provider",
name="verification_keys", name="verification_keys",
), ),
migrations.AlterField(
model_name="oauth2provider",
name="client_type",
field=models.CharField(
choices=[("confidential", "Confidential"), ("public", "Public")],
default="confidential",
help_text="Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable",
max_length=30,
verbose_name="Client Type",
),
),
] ]

View file

@ -74,7 +74,7 @@ slug: "2022.7"
- web/elements: auto-switch themes for codemirror - web/elements: auto-switch themes for codemirror
- web/flows: add divider to identification stage for security key - web/flows: add divider to identification stage for security key
- web/flows: fix error when webauthn operations failed and user retries - web/flows: fix error when webauthn operations failed and user retries
- web/flows: remove autofocus from password field of identifications tage - web/flows: remove autofocus from password field of identifications stage
- web/flows: statically import webauthn-related stages for safari issues - web/flows: statically import webauthn-related stages for safari issues
## Upgrading ## Upgrading