core: add User.uid for globally unique user ID

2021-02-14 18:25:50 +01:00 · 2021-02-14 18:25:50 +01:00 · 60c244c31d
parent d122bddae2
commit 60c244c31d
4 changed files with 11 additions and 14 deletions
--- a/authentik/admin/views/flows.py
+++ b/authentik/admin/views/flows.py
@ -6,17 +6,11 @@ from django.contrib.auth.mixins import (
 )
 from django.contrib.messages.views import SuccessMessageMixin
 from django.http import HttpRequest, HttpResponse, JsonResponse
-from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
-from django.views.generic import DetailView, FormView, ListView, UpdateView
-from guardian.mixins import PermissionListMixin, PermissionRequiredMixin
+from django.views.generic import DetailView, FormView, UpdateView
+from guardian.mixins import PermissionRequiredMixin

-from authentik.admin.views.utils import (
-    BackSuccessUrlMixin,
-    DeleteMessageView,
-    SearchListMixin,
-    UserPaginateListMixin,
-)
+from authentik.admin.views.utils import BackSuccessUrlMixin, DeleteMessageView
 from authentik.flows.exceptions import FlowNonApplicableException
 from authentik.flows.forms import FlowForm, FlowImportForm
 from authentik.flows.models import Flow
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@ -1,8 +1,10 @@
 """authentik core models"""
 from datetime import timedelta
+from hashlib import sha256
 from typing import Any, Dict, Optional, Type
 from uuid import uuid4

+from django.conf import settings
 from django.contrib.auth.models import AbstractUser
 from django.contrib.auth.models import UserManager as DjangoUserManager
 from django.db import models
@ -119,6 +121,11 @@ class User(GuardianUserMixin, AbstractUser):
        self.password_change_date = now()
        return super().set_password(password)

+    @property
+    def uid(self) -> str:
+        """Generate a globall unique UID, based on the user ID and the hashed secret key"""
+        return sha256(f"{self.id}-{settings.SECRET_KEY}".encode("ascii")).hexdigest()
+
    class Meta:

        permissions = (
--- a/authentik/providers/saml/processors/assertion.py
+++ b/authentik/providers/saml/processors/assertion.py
@ -3,7 +3,6 @@ from hashlib import sha256
 from types import GeneratorType

 import xmlsec
-from django.conf import settings
 from django.http import HttpRequest
 from lxml import etree  # nosec
 from lxml.etree import Element, SubElement  # nosec
@ -147,9 +146,7 @@ class AssertionProcessor:
        name_id = Element(f"{{{NS_SAML_ASSERTION}}}NameID")
        name_id.attrib["Format"] = self.auth_n_request.name_id_policy
        # persistent is used as a fallback, so always generate it
-        persistent = sha256(
-            f"{self.http_request.user.id}-{settings.SECRET_KEY}".encode("ascii")
-        ).hexdigest()
+        persistent = self.http_request.user.uid
        name_id.text = persistent
        # If name_id_mapping is set, we override the value, regardless of what the SP asks for
        if self.provider.name_id_mapping:
--- a/authentik/stages/identification/templates/stages/identification/recovery.html
+++ b/authentik/stages/identification/templates/stages/identification/recovery.html
@ -1,5 +1,4 @@
 {% load i18n %}
-{% load static %}

 <header class="pf-c-login__main-header">
    <h1 class="pf-c-title pf-m-3xl">