trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/oauth2: include application in login event 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-04-14 22:36:15 +02:00
parent 555525ea9d
commit f4f9f525d7
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -63,7 +63,7 @@ gen-web:
--additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=@goauthentik/api,npmVersion=${NPM_VERSION} --additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=@goauthentik/api,npmVersion=${NPM_VERSION}
mkdir -p web/node_modules/@goauthentik/api mkdir -p web/node_modules/@goauthentik/api
\cp -fv scripts/web_api_readme.md web-api/README.md \cp -fv scripts/web_api_readme.md web-api/README.md
cd web-api && npm ci cd web-api && npm i
\cp -rfv web-api/* web/node_modules/@goauthentik/api \cp -rfv web-api/* web/node_modules/@goauthentik/api
gen-outpost: gen-outpost:

13
authentik/providers/oauth2/views/token.py
View File

@ -241,6 +241,11 @@ class TokenParams:
if not token or token.user.uid != user.uid: if not token or token.user.uid != user.uid:
raise TokenError("invalid_grant") raise TokenError("invalid_grant")
self.user = user self.user = user
# Authorize user access
app = Application.objects.filter(provider=self.provider).first()
if not app or not app.provider:
raise TokenError("invalid_grant")
self.__check_policy_access(app, request)
Event.new( Event.new(
action=EventAction.LOGIN, action=EventAction.LOGIN,
@ -248,13 +253,8 @@ class TokenParams:
PLAN_CONTEXT_METHOD_ARGS={ PLAN_CONTEXT_METHOD_ARGS={
"identifier": token.identifier, "identifier": token.identifier,
}, },
PLAN_CONTEXT_APPLICATION=app,
).from_http(request, user=user) ).from_http(request, user=user)
# Authorize user access
app = Application.objects.filter(provider=self.provider).first()
if not app or not app.provider:
raise TokenError("invalid_grant")
self.__check_policy_access(app, request)
return None return None
def __post_init_client_credentials_jwt(self, request: HttpRequest): def __post_init_client_credentials_jwt(self, request: HttpRequest):
@ -320,6 +320,7 @@ class TokenParams:
PLAN_CONTEXT_METHOD_ARGS={ PLAN_CONTEXT_METHOD_ARGS={
"jwt": token, "jwt": token,
}, },
PLAN_CONTEXT_APPLICATION=app,
).from_http(request, user=self.user) ).from_http(request, user=self.user)