flows: planner error handling (#4812)

* handle FlowNonApplicableException everywhere Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make flow planner check authentication when no pending user is in planning context Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add mailhog to e2e test services, remove local docker requirement Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-28 15:18:29 +01:00
parent 6f2f4f4aa3
commit 20e971f5ce
15 changed files with 109 additions and 108 deletions
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -68,6 +68,7 @@ from authentik.core.models import (
    User,
 )
 from authentik.events.models import EventAction
+from authentik.flows.exceptions import FlowNonApplicableException
 from authentik.flows.models import FlowToken
 from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner
 from authentik.flows.views.executor import QS_KEY_TOKEN
@ -326,12 +327,16 @@ class UserViewSet(UsedByMixin, ModelViewSet):
        user: User = self.get_object()
        planner = FlowPlanner(flow)
        planner.allow_empty_flows = True
-        plan = planner.plan(
-            self.request._request,
-            {
-                PLAN_CONTEXT_PENDING_USER: user,
-            },
-        )
+        try:
+            plan = planner.plan(
+                self.request._request,
+                {
+                    PLAN_CONTEXT_PENDING_USER: user,
+                },
+            )
+        except FlowNonApplicableException:
+            LOGGER.warning("Recovery flow not applicable to user")
+            return None, None
        token, __ = FlowToken.objects.update_or_create(
            identifier=f"{user.uid}-password-reset",
            defaults={
--- a/authentik/core/views/apps.py
+++ b/authentik/core/views/apps.py
@ -11,6 +11,7 @@ from authentik.flows.challenge import (
    HttpChallengeResponse,
    RedirectChallenge,
 )
+from authentik.flows.exceptions import FlowNonApplicableException
 from authentik.flows.models import in_memory_stage
 from authentik.flows.planner import PLAN_CONTEXT_APPLICATION, FlowPlanner
 from authentik.flows.stage import ChallengeStageView
@ -41,15 +42,18 @@ class RedirectToAppLaunch(View):
        flow = tenant.flow_authentication
        planner = FlowPlanner(flow)
        planner.allow_empty_flows = True
-        plan = planner.plan(
-            request,
-            {
-                PLAN_CONTEXT_APPLICATION: app,
-                PLAN_CONTEXT_CONSENT_HEADER: _("You're about to sign into %(application)s.")
-                % {"application": app.name},
-                PLAN_CONTEXT_CONSENT_PERMISSIONS: [],
-            },
-        )
+        try:
+            plan = planner.plan(
+                request,
+                {
+                    PLAN_CONTEXT_APPLICATION: app,
+                    PLAN_CONTEXT_CONSENT_HEADER: _("You're about to sign into %(application)s.")
+                    % {"application": app.name},
+                    PLAN_CONTEXT_CONSENT_PERMISSIONS: [],
+                },
+            )
+        except FlowNonApplicableException:
+            raise Http404
        plan.insert_stage(in_memory_stage(RedirectToAppStage))
        request.session[SESSION_KEY_PLAN] = plan
        return redirect_with_qs("authentik_core:if-flow", request.GET, flow_slug=flow.slug)