core: improve messaging on flow_manager, authenticate user when they linked their account after not having been authenticateed
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
4
Makefile
4
Makefile
@ -1,4 +1,4 @@
|
|||||||
all: lint-fix lint coverage gen
|
all: lint-fix lint test gen
|
||||||
|
|
||||||
test-integration:
|
test-integration:
|
||||||
k3d cluster create || exit 0
|
k3d cluster create || exit 0
|
||||||
@ -8,7 +8,7 @@ test-integration:
|
|||||||
test-e2e:
|
test-e2e:
|
||||||
coverage run manage.py test --failfast -v 3 tests/e2e
|
coverage run manage.py test --failfast -v 3 tests/e2e
|
||||||
|
|
||||||
coverage:
|
test:
|
||||||
coverage run manage.py test -v 3 authentik
|
coverage run manage.py test -v 3 authentik
|
||||||
coverage html
|
coverage html
|
||||||
coverage report
|
coverage report
|
||||||
|
|||||||
@ -134,7 +134,9 @@ class SourceFlowManager:
|
|||||||
SourceUserMatchingModes.EMAIL_DENY,
|
SourceUserMatchingModes.EMAIL_DENY,
|
||||||
SourceUserMatchingModes.USERNAME_DENY,
|
SourceUserMatchingModes.USERNAME_DENY,
|
||||||
]:
|
]:
|
||||||
|
self._logger.info("denying source because user exists", user=user)
|
||||||
return Action.DENY, None
|
return Action.DENY, None
|
||||||
|
# Should never get here as default enroll case is returned above.
|
||||||
return Action.DENY, None
|
return Action.DENY, None
|
||||||
|
|
||||||
def update_connection(
|
def update_connection(
|
||||||
@ -146,17 +148,25 @@ class SourceFlowManager:
|
|||||||
def get_flow(self, **kwargs) -> HttpResponse:
|
def get_flow(self, **kwargs) -> HttpResponse:
|
||||||
"""Get the flow response based on user_matching_mode"""
|
"""Get the flow response based on user_matching_mode"""
|
||||||
action, connection = self.get_action()
|
action, connection = self.get_action()
|
||||||
if action == Action.LINK:
|
|
||||||
self._logger.debug("Linking existing user")
|
|
||||||
return self.handle_existing_user_link()
|
|
||||||
if not connection:
|
if not connection:
|
||||||
return redirect("/")
|
return redirect("/")
|
||||||
|
if action == Action.LINK:
|
||||||
|
self._logger.debug("Linking existing user")
|
||||||
|
return self.handle_existing_user_link(connection)
|
||||||
if action == Action.AUTH:
|
if action == Action.AUTH:
|
||||||
self._logger.debug("Handling auth user")
|
self._logger.debug("Handling auth user")
|
||||||
return self.handle_auth_user(connection)
|
return self.handle_auth_user(connection)
|
||||||
if action == Action.ENROLL:
|
if action == Action.ENROLL:
|
||||||
self._logger.debug("Handling enrollment of new user")
|
self._logger.debug("Handling enrollment of new user")
|
||||||
return self.handle_enroll(connection)
|
return self.handle_enroll(connection)
|
||||||
|
# Default case, assume deny
|
||||||
|
messages.error(
|
||||||
|
self.request,
|
||||||
|
_(
|
||||||
|
"Request to authenticate with %(source)s has been denied!"
|
||||||
|
% {"source": self.source.name}
|
||||||
|
),
|
||||||
|
)
|
||||||
return redirect("/")
|
return redirect("/")
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
@ -216,9 +226,11 @@ class SourceFlowManager:
|
|||||||
|
|
||||||
def handle_existing_user_link(
|
def handle_existing_user_link(
|
||||||
self,
|
self,
|
||||||
|
connection: UserSourceConnection,
|
||||||
) -> HttpResponse:
|
) -> HttpResponse:
|
||||||
"""Handler when the user was already authenticated and linked an external source
|
"""Handler when the user was already authenticated and linked an external source
|
||||||
to their account."""
|
to their account."""
|
||||||
|
# Connection has already been saved
|
||||||
Event.new(
|
Event.new(
|
||||||
EventAction.SOURCE_LINKED,
|
EventAction.SOURCE_LINKED,
|
||||||
message="Linked Source",
|
message="Linked Source",
|
||||||
@ -228,6 +240,9 @@ class SourceFlowManager:
|
|||||||
self.request,
|
self.request,
|
||||||
_("Successfully linked %(source)s!" % {"source": self.source.name}),
|
_("Successfully linked %(source)s!" % {"source": self.source.name}),
|
||||||
)
|
)
|
||||||
|
# When request isn't authenticated we jump straight to auth
|
||||||
|
if not self.request.user.is_authenticated:
|
||||||
|
return self.handle_auth_user(connection)
|
||||||
return redirect(
|
return redirect(
|
||||||
reverse(
|
reverse(
|
||||||
"authentik_core:if-admin",
|
"authentik_core:if-admin",
|
||||||
|
|||||||
@ -201,7 +201,7 @@ stages:
|
|||||||
displayName: Run full test suite
|
displayName: Run full test suite
|
||||||
inputs:
|
inputs:
|
||||||
script: |
|
script: |
|
||||||
pipenv run make coverage
|
pipenv run make test
|
||||||
- task: CmdLine@2
|
- task: CmdLine@2
|
||||||
inputs:
|
inputs:
|
||||||
script: |
|
script: |
|
||||||
|
|||||||
@ -11,6 +11,7 @@ func (ws *WebServer) configureProxy() {
|
|||||||
u, _ := url.Parse("http://localhost:8000")
|
u, _ := url.Parse("http://localhost:8000")
|
||||||
rp := httputil.NewSingleHostReverseProxy(u)
|
rp := httputil.NewSingleHostReverseProxy(u)
|
||||||
rp.ErrorHandler = ws.proxyErrorHandler
|
rp.ErrorHandler = ws.proxyErrorHandler
|
||||||
|
rp.ModifyResponse = ws.proxyModifyResponse
|
||||||
ws.m.PathPrefix("/").Handler(rp)
|
ws.m.PathPrefix("/").Handler(rp)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -18,3 +19,8 @@ func (ws *WebServer) proxyErrorHandler(rw http.ResponseWriter, req *http.Request
|
|||||||
ws.log.WithError(err).Warning("proxy error")
|
ws.log.WithError(err).Warning("proxy error")
|
||||||
rw.WriteHeader(http.StatusBadGateway)
|
rw.WriteHeader(http.StatusBadGateway)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (ws *WebServer) proxyModifyResponse(r *http.Response) error {
|
||||||
|
r.Header.Set("X-authentik-from", "authentik")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
@ -40,7 +40,6 @@ slug: "2021.4"
|
|||||||
|
|
||||||
- You can now specify the amount of processes started in docker-compose using the `WORKERS` environment variable.
|
- You can now specify the amount of processes started in docker-compose using the `WORKERS` environment variable.
|
||||||
|
|
||||||
|
|
||||||
## Fixed in 2021.4.2
|
## Fixed in 2021.4.2
|
||||||
|
|
||||||
- core: fix propertymapping API returning invalid value for components (https://github.com/goauthentik/authentik/issues/746)
|
- core: fix propertymapping API returning invalid value for components (https://github.com/goauthentik/authentik/issues/746)
|
||||||
@ -134,8 +133,8 @@ This release does not introduce any new requirements.
|
|||||||
|
|
||||||
### docker-compose
|
### docker-compose
|
||||||
|
|
||||||
Download the latest docker-compose file from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`.
|
Download the latest docker-compose file from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
|
||||||
|
|
||||||
### Kubernetes
|
### Kubernetes
|
||||||
|
|
||||||
Run `helm repo update` and then upgrade your release with `helm upgrade authentik authentik/authentik --devel -f values.yaml`.
|
Run `helm repo update` and then upgrade your release with `helm upgrade authentik authentik/authentik -f values.yaml`.
|
||||||
|
|||||||
Reference in New Issue
Block a user