Merge branch 'master' into outpost-ldap

2021-05-04 23:34:31 +02:00 · 2021-05-04 23:34:31 +02:00 · d84d7c26ca
parent 0f8dbfcc9c 2f6e6a3123
commit d84d7c26ca
5 changed files with 21475 additions and 55 deletions
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -116,18 +116,18 @@
        },
        "boto3": {
            "hashes": [
-                "sha256:ac10d832ad716281da6ca77cea824d723af479f8611087dee4b0489c48c32fd9",
-                "sha256:e2ef25afc36a301199bfbd662aef46dd11ed0db9baf96fce111db4043928065b"
+                "sha256:3a763ccf872e21e99c2ee0dd9e03f8377dbd1408ac20467a2a967ac0a0344ee9",
+                "sha256:e27c005fdbc0871275d6a223d6797d819d7116c8c64f07ae51ea78cc10b08c19"
            ],
            "index": "pypi",
-            "version": "==1.17.64"
+            "version": "==1.17.65"
        },
        "botocore": {
            "hashes": [
-                "sha256:42dde7c699b3710e5c3a944cd8ce8b7a80b9f610d8857a0ad36bdc9743cc3375",
-                "sha256:ec418c273c37efd33d39bb4559f7df09de46df1f87fdbb064d8ebb281849a625"
+                "sha256:bf5ebe11a737fa29b530ba0b8d787e112b4637e28b8fd516e8718c917ed76c14",
+                "sha256:e31c3bc0e917ee8733055f3732b8cef9c5d4512f1e2e6c3bcc78a464c56aab49"
            ],
-            "version": "==1.20.64"
+            "version": "==1.20.65"
        },
        "cachetools": {
            "hashes": [
@ -312,11 +312,11 @@
        },
        "django": {
            "hashes": [
-                "sha256:0604e84c4fb698a5e53e5857b5aea945b2f19a18f25f10b8748dbdf935788927",
-                "sha256:21f0f9643722675976004eb683c55d33c05486f94506672df3d6a141546f389d"
+                "sha256:95c13c750f1f214abadec92b82c2768a5e795e6c2ebd0b4126f895ce9efffcdd",
+                "sha256:e2f73790c60188d3f94f08f644de249d956b3789161e7604509d128a13fb2fcc"
            ],
            "index": "pypi",
-            "version": "==3.2"
+            "version": "==3.2.1"
        },
        "django-dbbackup": {
            "hashes": [
@ -1683,11 +1683,11 @@
        },
        "pytest": {
            "hashes": [
-                "sha256:671238a46e4df0f3498d1c3270e5deb9b32d25134c99b7d75370a68cfbe9b634",
-                "sha256:6ad9c7bdf517a808242b998ac20063c41532a570d088d77eec1ee12b0b5574bc"
+                "sha256:50bcad0a0b9c5a72c8e4e7c9855a3ad496ca6a881a3641b4260605450772c54b",
+                "sha256:91ef2131a9bd6be8f76f1f08eac5c5317221d6ad1e143ae03894b862e8976890"
            ],
            "index": "pypi",
-            "version": "==6.2.3"
+            "version": "==6.2.4"
        },
        "pytest-django": {
            "hashes": [
--- a/authentik/core/sources/flow_manager.py
+++ b/authentik/core/sources/flow_manager.py
@ -148,22 +148,24 @@ class SourceFlowManager:
    def get_flow(self, **kwargs) -> HttpResponse:
        """Get the flow response based on user_matching_mode"""
        action, connection = self.get_action()
-        if not connection:
-            return redirect("/")
-        if action == Action.LINK:
-            self._logger.debug("Linking existing user")
-            return self.handle_existing_user_link(connection)
-        if action == Action.AUTH:
-            self._logger.debug("Handling auth user")
-            return self.handle_auth_user(connection)
-        if action == Action.ENROLL:
-            self._logger.debug("Handling enrollment of new user")
-            return self.handle_enroll(connection)
+        if connection:
+            if action == Action.LINK:
+                self._logger.debug("Linking existing user")
+                return self.handle_existing_user_link(connection)
+            if action == Action.AUTH:
+                self._logger.debug("Handling auth user")
+                return self.handle_auth_user(connection)
+            if action == Action.ENROLL:
+                self._logger.debug("Handling enrollment of new user")
+                return self.handle_enroll(connection)
        # Default case, assume deny
        messages.error(
            self.request,
            _(
-                "Request to authenticate with %(source)s has been denied!"
+                (
+                    "Request to authenticate with %(source)s has been denied. Please authenticate "
+                    "with the source you've previously signed up with."
+                )
                % {"source": self.source.name}
            ),
        )
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/website/docs/releases/next.md
+++ b/website/docs/releases/next.md
@ -29,11 +29,11 @@ title: Next

    Now you can configure how the matching should be done:

-        - Identifier: Keeps the old behaviour, can lead to duplicate user accounts
-        - Email (link): If a user with the same Email address exists, they are linked. Can have security implications when a source doesn't validate email addresses.
-        - Email (deny): Deny the flow if the Email address is already used.
-        - Username (link): If a user with the same username address exists, they are linked. Can have security implications when a username is used with another source.
-        - Username (deny): Deny the flow if the username address is already used.
+    - Identifier: Keeps the old behaviour, can lead to duplicate user accounts
+    - Email (link): If a user with the same Email address exists, they are linked. Can have security implications when a source doesn't validate email addresses.
+    - Email (deny): Deny the flow if the Email address is already used.
+    - Username (link): If a user with the same username address exists, they are linked. Can have security implications when a username is used with another source.
+    - Username (deny): Deny the flow if the username address is already used.

 ## Minor changes

--- a/website/package-lock.json
+++ b/website/package-lock.json