core: fix tokens using wrong lookup

2021-02-10 20:30:19 +01:00 · 2021-02-10 20:30:19 +01:00 · d2df426489
parent e6c75ed173
commit d2df426489
5 changed files with 16 additions and 14 deletions
--- a/authentik/core/api/providers.py
+++ b/authentik/core/api/providers.py
@ -6,10 +6,7 @@ from rest_framework.decorators import action
 from rest_framework.fields import ReadOnlyField
 from rest_framework.request import Request
 from rest_framework.response import Response
-from rest_framework.serializers import (
-    ModelSerializer,
-    SerializerMethodField,
-)
+from rest_framework.serializers import ModelSerializer, SerializerMethodField
 from rest_framework.viewsets import ModelViewSet

 from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer
--- a/authentik/core/api/sources.py
+++ b/authentik/core/api/sources.py
@ -1,17 +1,16 @@
 """Source API Views"""
-from authentik.lib.templatetags.authentik_utils import verbose_name
-from authentik.lib.utils.reflection import all_subclasses
+from django.shortcuts import reverse
 from drf_yasg2.utils import swagger_auto_schema
 from rest_framework.decorators import action
 from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework.serializers import ModelSerializer, SerializerMethodField
 from rest_framework.viewsets import ReadOnlyModelViewSet
-from django.shortcuts import reverse
-from django.utils.translation import gettext_lazy as _

 from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer
 from authentik.core.models import Source
+from authentik.lib.templatetags.authentik_utils import verbose_name
+from authentik.lib.utils.reflection import all_subclasses


 class SourceSerializer(ModelSerializer, MetaNameSerializer):
--- a/authentik/core/api/tokens.py
+++ b/authentik/core/api/tokens.py
@ -43,12 +43,12 @@ class TokenViewSet(ModelViewSet):

    @swagger_auto_schema(responses={200: TokenViewSerializer(many=False)})
    @action(detail=True)
+    # pylint: disable=unused-argument
    def view_key(self, request: Request, identifier: str) -> Response:
        """Return token key and log access"""
-        tokens = Token.filter_not_expired(identifier=identifier)
-        if not tokens.exists():
+        token: Token = self.get_object()
+        if token.is_expired:
            raise Http404
-        token = tokens.first()
        Event.new(EventAction.SECRET_VIEW, secret=token).from_http(  # noqa # nosec
            request
        )
--- a/authentik/core/api/utils.py
+++ b/authentik/core/api/utils.py
@ -31,3 +31,9 @@ class TypeCreateSerializer(Serializer):
    name = CharField(read_only=True)
    description = CharField(read_only=True)
    link = CharField(read_only=True)
+
+    def create(self, validated_data: dict) -> Model:
+        raise NotImplementedError
+
+    def update(self, instance: Model, validated_data: dict) -> Model:
+        raise NotImplementedError
--- a/swagger.yaml
+++ b/swagger.yaml
@ -4344,7 +4344,7 @@ paths:
          type: integer
      responses:
        '200':
-          description: ''
+          description: Types of an object that can be created
          schema:
            description: ''
            type: array
@ -4936,7 +4936,7 @@ paths:
          type: integer
      responses:
        '200':
-          description: ''
+          description: Types of an object that can be created
          schema:
            description: ''
            type: array
@ -9083,7 +9083,7 @@ definitions:
        type: string
        readOnly: true
  TypeCreate:
-    description: ''
+    description: Types of an object that can be created
    type: object
    properties:
      name: