sources/oauth: create configuration error event when profile can't be parsed as json

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-07-03 16:11:49 +02:00
parent 91f7b289cc
commit 7257108091
1 changed files with 12 additions and 2 deletions

View File

@ -1,4 +1,5 @@
"""OAuth Callback Views""" """OAuth Callback Views"""
from json import JSONDecodeError
from typing import Any, Optional from typing import Any, Optional
from django.conf import settings from django.conf import settings
@ -10,6 +11,7 @@ from django.views.generic import View
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.core.sources.flow_manager import SourceFlowManager from authentik.core.sources.flow_manager import SourceFlowManager
from authentik.events.models import Event, EventAction
from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
from authentik.sources.oauth.views.base import OAuthClientMixin from authentik.sources.oauth.views.base import OAuthClientMixin
@ -42,9 +44,17 @@ class OAuthCallback(OAuthClientMixin, View):
if "error" in token: if "error" in token:
return self.handle_login_failure(token["error"]) return self.handle_login_failure(token["error"])
# Fetch profile info # Fetch profile info
try:
raw_info = client.get_profile_info(token) raw_info = client.get_profile_info(token)
if raw_info is None: if raw_info is None:
return self.handle_login_failure("Could not retrieve profile.") return self.handle_login_failure("Could not retrieve profile.")
except JSONDecodeError as exc:
Event.new(
EventAction.CONFIGURATION_ERROR,
message=f"Failed to JSON-decode profile.",
raw_profile=exc.doc,
).from_http(self.request)
return self.handle_login_failure("Could not retrieve profile.")
identifier = self.get_user_id(raw_info) identifier = self.get_user_id(raw_info)
if identifier is None: if identifier is None:
return self.handle_login_failure("Could not determine id.") return self.handle_login_failure("Could not determine id.")