habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create SSOLoginPolicy, which allows factors to be applied when user comes from SSO login

Browse Source 
implement SESSIION_IS_SSO_LOGIN for OAuth Client and core MFA
This commit is contained in:
Jens Langhammer
2019-04-29 23:19:37 +02:00
parent b46958d1f9
commit 5d1a3043b2
5 changed files with 76 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
passbook/core/auth/view.py
View File

@ -29,6 +29,7 @@ class AuthenticationView(UserPassesTestMixin, View):
SESSION_PENDING_FACTORS = 'passbook_pending_factors'
SESSION_PENDING_USER = 'passbook_pending_user'
SESSION_USER_BACKEND = 'passbook_user_backend'
SESSION_IS_SSO_LOGIN = 'passbook_sso_login'
pending_user = None
pending_factors = []
@ -79,6 +80,10 @@ class AuthenticationView(UserPassesTestMixin, View):
if AuthenticationView.SESSION_FACTOR not in request.session:
# Case when no factors apply to user, return error denied
if not self.pending_factors:
# Case when user logged in from SSO provider and no more factors apply
if AuthenticationView.SESSION_IS_SSO_LOGIN in request.session:
LOGGER.debug("User authenticated with SSO, logging in...")
return self._user_passed()
return self.user_invalid()
factor_uuid, factor_class = self.pending_factors[0]
else: