stages/user_delete: fix delete stage failing when pending user is not explicitly set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-05-01 13:59:33 +02:00
parent 75320bf579
commit ddbe0aaf13
4 changed files with 10 additions and 7 deletions

View file

@ -169,10 +169,11 @@ class FlowExecutorView(APIView):
self.request.session[SESSION_KEY_PLAN] = plan
# Early check if there's an active Plan for the current session
if SESSION_KEY_PLAN in self.request.session:
self.plan = self.request.session[SESSION_KEY_PLAN]
self.plan: FlowPlan = self.request.session[SESSION_KEY_PLAN]
if self.plan.flow_pk != self.flow.pk.hex:
self._logger.warning(
"f(exec): Found existing plan for other flow, deleting plan",
other_flow=self.plan.flow_pk,
)
# Existing plan is deleted from session and instance
self.plan = None

View file

@ -1,10 +1,10 @@
"""Delete stage logic"""
from django.contrib import messages
from django.contrib.auth import logout
from django.http import HttpRequest, HttpResponse
from django.utils.translation import gettext as _
from structlog.stdlib import get_logger
from authentik.core.models import User
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
from authentik.flows.stage import StageView
@ -20,13 +20,15 @@ class UserDeleteStageView(StageView):
def get(self, request: HttpRequest) -> HttpResponse:
"""Delete currently pending user"""
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
user = self.get_pending_user()
if not user.is_authenticated:
message = _("No Pending User.")
messages.error(request, message)
LOGGER.debug(message)
return self.executor.stage_invalid()
user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
logout(self.request)
user.delete()
LOGGER.debug("Deleted user", user=user)
if PLAN_CONTEXT_PENDING_USER in self.executor.plan.context:
del self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
return self.executor.stage_ok()

View file

@ -48,8 +48,8 @@ class TestUserDeleteStage(FlowTestCase):
def test_user_delete_get(self):
"""Test Form render"""
self.client.force_login(self.user)
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
session = self.client.session
session[SESSION_KEY_PLAN] = plan
session.save()

View file

@ -37,7 +37,7 @@ export class UserSettingsPromptStage extends PromptStage {
${this.host.tenant.flowUnenrollment
? html` <a
class="pf-c-button pf-m-danger"
href="/if/flow/${this.host.tenant.flowUnenrollment}"
href="/if/flow/${this.host.tenant.flowUnenrollment}/"
>
${t`Delete account`}
</a>`