From 26daaeb57d9fb097dba2e4f67528d34668c0cec9 Mon Sep 17 00:00:00 2001 From: Jens L Date: Sun, 5 May 2024 16:15:21 +0200 Subject: [PATCH] core: fix source_flow_manager saving user-source connection too early (#9559) * core: fix source_flow_manager saving user-source connection too early Signed-off-by: Jens Langhammer * ci: fix branch name Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- .github/actions/docker-push-variables/push_vars.py | 2 +- authentik/core/sources/flow_manager.py | 3 --- authentik/core/tests/test_source_flow_manager.py | 14 ++++++++++---- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/actions/docker-push-variables/push_vars.py b/.github/actions/docker-push-variables/push_vars.py index 5c30b258b2..28572b8ca4 100644 --- a/.github/actions/docker-push-variables/push_vars.py +++ b/.github/actions/docker-push-variables/push_vars.py @@ -12,7 +12,7 @@ should_build = str(os.environ.get("DOCKER_USERNAME", None) is not None).lower() branch_name = os.environ["GITHUB_REF"] if os.environ.get("GITHUB_HEAD_REF", "") != "": branch_name = os.environ["GITHUB_HEAD_REF"] -safe_branch_name = branch_name.replace("refs/heads/", "").replace("/", "-") +safe_branch_name = branch_name.replace("refs/heads/", "").replace("/", "-").replace("'", "-") image_names = os.getenv("IMAGE_NAME").split(",") image_arch = os.getenv("IMAGE_ARCH") or None diff --git a/authentik/core/sources/flow_manager.py b/authentik/core/sources/flow_manager.py index 18b126ad21..183ca1491a 100644 --- a/authentik/core/sources/flow_manager.py +++ b/authentik/core/sources/flow_manager.py @@ -100,8 +100,6 @@ class SourceFlowManager: if self.request.user.is_authenticated: new_connection.user = self.request.user new_connection = self.update_connection(new_connection, **kwargs) - - new_connection.save() return Action.LINK, new_connection existing_connections = self.connection_type.objects.filter( @@ -148,7 +146,6 @@ class SourceFlowManager: ]: new_connection.user = user new_connection = self.update_connection(new_connection, **kwargs) - new_connection.save() return Action.LINK, new_connection if self.source.user_matching_mode in [ SourceUserMatchingModes.EMAIL_DENY, diff --git a/authentik/core/tests/test_source_flow_manager.py b/authentik/core/tests/test_source_flow_manager.py index f4fa71a4be..e6614933d4 100644 --- a/authentik/core/tests/test_source_flow_manager.py +++ b/authentik/core/tests/test_source_flow_manager.py @@ -48,15 +48,21 @@ class TestSourceFlowManager(TestCase): def test_authenticated_link(self): """Test authenticated user linking""" - UserOAuthSourceConnection.objects.create( - user=get_anonymous_user(), source=self.source, identifier=self.identifier - ) user = User.objects.create(username="foo", email="foo@bar.baz") flow_manager = OAuthSourceFlowManager( self.source, get_request("/", user=user), self.identifier, {} ) - action, _ = flow_manager.get_action() + action, connection = flow_manager.get_action() self.assertEqual(action, Action.LINK) + self.assertIsNone(connection.pk) + flow_manager.get_flow() + + def test_unauthenticated_link(self): + """Test un-authenticated user linking""" + flow_manager = OAuthSourceFlowManager(self.source, get_request("/"), self.identifier, {}) + action, connection = flow_manager.get_action() + self.assertEqual(action, Action.LINK) + self.assertIsNone(connection.pk) flow_manager.get_flow() def test_unauthenticated_enroll_email(self):