From 60c244c31db335c0e69df32327edc303a64bb19c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 14 Feb 2021 18:25:50 +0100 Subject: [PATCH] core: add User.uid for globally unique user ID --- authentik/admin/views/flows.py | 12 +++--------- authentik/core/models.py | 7 +++++++ authentik/providers/saml/processors/assertion.py | 5 +---- .../templates/stages/identification/recovery.html | 1 - 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/authentik/admin/views/flows.py b/authentik/admin/views/flows.py index bc0dc530b..775316245 100644 --- a/authentik/admin/views/flows.py +++ b/authentik/admin/views/flows.py @@ -6,17 +6,11 @@ from django.contrib.auth.mixins import ( ) from django.contrib.messages.views import SuccessMessageMixin from django.http import HttpRequest, HttpResponse, JsonResponse -from django.urls import reverse_lazy from django.utils.translation import gettext as _ -from django.views.generic import DetailView, FormView, ListView, UpdateView -from guardian.mixins import PermissionListMixin, PermissionRequiredMixin +from django.views.generic import DetailView, FormView, UpdateView +from guardian.mixins import PermissionRequiredMixin -from authentik.admin.views.utils import ( - BackSuccessUrlMixin, - DeleteMessageView, - SearchListMixin, - UserPaginateListMixin, -) +from authentik.admin.views.utils import BackSuccessUrlMixin, DeleteMessageView from authentik.flows.exceptions import FlowNonApplicableException from authentik.flows.forms import FlowForm, FlowImportForm from authentik.flows.models import Flow diff --git a/authentik/core/models.py b/authentik/core/models.py index f32683eb4..eb0ee27d4 100644 --- a/authentik/core/models.py +++ b/authentik/core/models.py @@ -1,8 +1,10 @@ """authentik core models""" from datetime import timedelta +from hashlib import sha256 from typing import Any, Dict, Optional, Type from uuid import uuid4 +from django.conf import settings from django.contrib.auth.models import AbstractUser from django.contrib.auth.models import UserManager as DjangoUserManager from django.db import models @@ -119,6 +121,11 @@ class User(GuardianUserMixin, AbstractUser): self.password_change_date = now() return super().set_password(password) + @property + def uid(self) -> str: + """Generate a globall unique UID, based on the user ID and the hashed secret key""" + return sha256(f"{self.id}-{settings.SECRET_KEY}".encode("ascii")).hexdigest() + class Meta: permissions = ( diff --git a/authentik/providers/saml/processors/assertion.py b/authentik/providers/saml/processors/assertion.py index 428472519..ea273ab6b 100644 --- a/authentik/providers/saml/processors/assertion.py +++ b/authentik/providers/saml/processors/assertion.py @@ -3,7 +3,6 @@ from hashlib import sha256 from types import GeneratorType import xmlsec -from django.conf import settings from django.http import HttpRequest from lxml import etree # nosec from lxml.etree import Element, SubElement # nosec @@ -147,9 +146,7 @@ class AssertionProcessor: name_id = Element(f"{{{NS_SAML_ASSERTION}}}NameID") name_id.attrib["Format"] = self.auth_n_request.name_id_policy # persistent is used as a fallback, so always generate it - persistent = sha256( - f"{self.http_request.user.id}-{settings.SECRET_KEY}".encode("ascii") - ).hexdigest() + persistent = self.http_request.user.uid name_id.text = persistent # If name_id_mapping is set, we override the value, regardless of what the SP asks for if self.provider.name_id_mapping: diff --git a/authentik/stages/identification/templates/stages/identification/recovery.html b/authentik/stages/identification/templates/stages/identification/recovery.html index 4c9d07c18..5603b0414 100644 --- a/authentik/stages/identification/templates/stages/identification/recovery.html +++ b/authentik/stages/identification/templates/stages/identification/recovery.html @@ -1,5 +1,4 @@ {% load i18n %} -{% load static %}