From 00612f921d89bebf983f6ab4401cd11e7e5ce5ba Mon Sep 17 00:00:00 2001
From: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Date: Thu, 19 Jun 2025 15:36:21 +0200
Subject: [PATCH] root: extract custom setup code

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---
 authentik/root/asgi.py     |  5 +++--
 authentik/root/setup.py    | 26 ++++++++++++++++++++++++++
 lifecycle/gunicorn.conf.py |  8 ++------
 manage.py                  | 23 +++--------------------
 4 files changed, 34 insertions(+), 28 deletions(-)
 create mode 100644 authentik/root/setup.py

diff --git a/authentik/root/asgi.py b/authentik/root/asgi.py
index 4aaddf83d6..613add4adb 100644
--- a/authentik/root/asgi.py
+++ b/authentik/root/asgi.py
@@ -9,13 +9,14 @@ https://docs.djangoproject.com/en/3.0/howto/deployment/asgi/
 
 import django
 from channels.routing import ProtocolTypeRouter, URLRouter
-from defusedxml import defuse_stdlib
 from django.core.asgi import get_asgi_application
 from sentry_sdk.integrations.asgi import SentryAsgiMiddleware
 
+from authentik.root.setup import setup
+
 # DJANGO_SETTINGS_MODULE is set in gunicorn.conf.py
 
-defuse_stdlib()
+setup()
 django.setup()
 
 
diff --git a/authentik/root/setup.py b/authentik/root/setup.py
new file mode 100644
index 0000000000..fdb5f162f9
--- /dev/null
+++ b/authentik/root/setup.py
@@ -0,0 +1,26 @@
+import os
+import warnings
+
+from cryptography.hazmat.backends.openssl.backend import backend
+from defusedxml import defuse_stdlib
+
+from authentik.lib.config import CONFIG
+
+
+def setup():
+    warnings.filterwarnings("ignore", "SelectableGroups dict interface")
+    warnings.filterwarnings(
+        "ignore",
+        "defusedxml.lxml is no longer supported and will be removed in a future release.",
+    )
+    warnings.filterwarnings(
+        "ignore",
+        "defusedxml.cElementTree is deprecated, import from defusedxml.ElementTree instead.",
+    )
+
+    defuse_stdlib()
+
+    if CONFIG.get_bool("compliance.fips.enabled", False):
+        backend._enable_fips()
+
+    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "authentik.root.settings")
diff --git a/lifecycle/gunicorn.conf.py b/lifecycle/gunicorn.conf.py
index 07d226ea6c..58b6643807 100644
--- a/lifecycle/gunicorn.conf.py
+++ b/lifecycle/gunicorn.conf.py
@@ -7,8 +7,6 @@ from pathlib import Path
 from tempfile import gettempdir
 from typing import TYPE_CHECKING
 
-from cryptography.hazmat.backends.openssl.backend import backend
-from defusedxml import defuse_stdlib
 from prometheus_client.values import MultiProcessValue
 
 from authentik import get_full_version
@@ -18,6 +16,7 @@ from authentik.lib.logging import get_logger_config
 from authentik.lib.utils.http import get_http_session
 from authentik.lib.utils.reflection import get_env
 from authentik.root.install_id import get_install_id_raw
+from authentik.root.setup import setup
 from lifecycle.migrate import run_migrations
 from lifecycle.wait_for_db import wait_for_db
 from lifecycle.worker import DjangoUvicornWorker
@@ -28,10 +27,7 @@ if TYPE_CHECKING:
 
     from authentik.root.asgi import AuthentikAsgi
 
-defuse_stdlib()
-
-if CONFIG.get_bool("compliance.fips.enabled", False):
-    backend._enable_fips()
+setup()
 
 wait_for_db()
 
diff --git a/manage.py b/manage.py
index 09d065e919..1cfca76534 100755
--- a/manage.py
+++ b/manage.py
@@ -1,35 +1,18 @@
 #!/usr/bin/env python
 """Django manage.py"""
+
 import os
 import sys
-import warnings
 
-from authentik.lib.config import CONFIG
-from cryptography.hazmat.backends.openssl.backend import backend
-from defusedxml import defuse_stdlib
 from django.utils.autoreload import DJANGO_AUTORELOAD_ENV
 
+from authentik.root.setup import setup
 from lifecycle.migrate import run_migrations
 from lifecycle.wait_for_db import wait_for_db
 
-warnings.filterwarnings("ignore", "SelectableGroups dict interface")
-warnings.filterwarnings(
-    "ignore",
-    "defusedxml.lxml is no longer supported and will be removed in a future release.",
-)
-warnings.filterwarnings(
-    "ignore",
-    "defusedxml.cElementTree is deprecated, import from defusedxml.ElementTree instead.",
-)
-
-defuse_stdlib()
-
-if CONFIG.get_bool("compliance.fips.enabled", False):
-    backend._enable_fips()
-
+setup()
 
 if __name__ == "__main__":
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "authentik.root.settings")
     wait_for_db()
     if (
         len(sys.argv) > 1