From 1051dd19ea5ed1a6a07e005ed5960163645a9e40 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Tue, 3 Jun 2025 21:26:13 +0200 Subject: [PATCH] providers/rac: apply ConnectionToken scoped-settings last (cherry-pick #14838) (#14853) providers/rac: apply ConnectionToken scoped-settings last (#14838) * providers/rac: apply ConnectionToken scoped-settings last * fix tests --------- Signed-off-by: Jens Langhammer Co-authored-by: Jens L. --- authentik/providers/rac/models.py | 2 +- authentik/providers/rac/tests/test_models.py | 36 ++++++++++--------- .../add-secure-apps/providers/rac/index.md | 7 ++-- 3 files changed, 24 insertions(+), 21 deletions(-) diff --git a/authentik/providers/rac/models.py b/authentik/providers/rac/models.py index 26d7b60734..f9f28c7cb0 100644 --- a/authentik/providers/rac/models.py +++ b/authentik/providers/rac/models.py @@ -166,7 +166,6 @@ class ConnectionToken(ExpiringModel): always_merger.merge(settings, default_settings) always_merger.merge(settings, self.endpoint.provider.settings) always_merger.merge(settings, self.endpoint.settings) - always_merger.merge(settings, self.settings) def mapping_evaluator(mappings: QuerySet): for mapping in mappings: @@ -191,6 +190,7 @@ class ConnectionToken(ExpiringModel): mapping_evaluator( RACPropertyMapping.objects.filter(endpoint__in=[self.endpoint]).order_by("name") ) + always_merger.merge(settings, self.settings) settings["drive-path"] = f"/tmp/connection/{self.token}" # nosec settings["create-drive-path"] = "true" diff --git a/authentik/providers/rac/tests/test_models.py b/authentik/providers/rac/tests/test_models.py index 67a6678e55..f18f89e15d 100644 --- a/authentik/providers/rac/tests/test_models.py +++ b/authentik/providers/rac/tests/test_models.py @@ -90,23 +90,6 @@ class TestModels(TransactionTestCase): "resize-method": "display-update", }, ) - # Set settings in token - token.settings = { - "level": "token", - } - token.save() - self.assertEqual( - token.get_settings(), - { - "hostname": self.endpoint.host.split(":")[0], - "port": "1324", - "client-name": f"authentik - {self.user}", - "drive-path": path, - "create-drive-path": "true", - "level": "token", - "resize-method": "display-update", - }, - ) # Set settings in property mapping (provider) mapping = RACPropertyMapping.objects.create( name=generate_id(), @@ -151,3 +134,22 @@ class TestModels(TransactionTestCase): "resize-method": "display-update", }, ) + # Set settings in token + token.settings = { + "level": "token", + } + token.save() + self.assertEqual( + token.get_settings(), + { + "hostname": self.endpoint.host.split(":")[0], + "port": "1324", + "client-name": f"authentik - {self.user}", + "drive-path": path, + "create-drive-path": "true", + "foo": "true", + "bar": "6", + "resize-method": "display-update", + "level": "token", + }, + ) diff --git a/website/docs/add-secure-apps/providers/rac/index.md b/website/docs/add-secure-apps/providers/rac/index.md index c9388697f3..ad93731e6a 100644 --- a/website/docs/add-secure-apps/providers/rac/index.md +++ b/website/docs/add-secure-apps/providers/rac/index.md @@ -36,11 +36,12 @@ The _Endpoint_ object specifies the hostname/IP of the machine to connect to, as Configuration details such as credentials can be specified through _settings_, which can be specified on different levels and are all merged together when connecting: -1. Provider settings -2. Endpoint settings -3. Connection settings +1. Default settings +2. Provider settings +3. Endpoint settings 4. Provider property mapping settings 5. Endpoint property mapping settings +6. Connection settings ### Connection settings