From c60ba91feefcb19c6fc2cb6c9bbb37cd5ba06ecc Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 23 Aug 2021 23:59:43 +0200 Subject: [PATCH] core: fix auth saving entire models into session Signed-off-by: Jens Langhammer --- authentik/core/auth.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/authentik/core/auth.py b/authentik/core/auth.py index 851177bec..63f95433b 100644 --- a/authentik/core/auth.py +++ b/authentik/core/auth.py @@ -6,6 +6,7 @@ from django.contrib.auth.backends import ModelBackend from django.http.request import HttpRequest from authentik.core.models import Token, TokenIntents, User +from authentik.events.utils import cleanse_dict, sanitize_dict from authentik.flows.planner import FlowPlan from authentik.flows.views import SESSION_KEY_PLAN from authentik.stages.password.stage import PLAN_CONTEXT_METHOD, PLAN_CONTEXT_METHOD_ARGS @@ -31,7 +32,7 @@ class InbuiltBackend(ModelBackend): # and the token used, we assume we're running in a flow and set a variable in the context flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN] flow_plan.context[PLAN_CONTEXT_METHOD] = method - flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = kwargs + flow_plan.context[PLAN_CONTEXT_METHOD_ARGS] = cleanse_dict(sanitize_dict(kwargs)) request.session[SESSION_KEY_PLAN] = flow_plan