From 8a668af5f67995abbbf7f8f47a098fcd9b068271 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 16:38:23 +0100 Subject: [PATCH] providers/rac: fix signals and Endpoint caching (cherry-pick #13529) (#13531) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit providers/rac: fix signals and Endpoint caching (#13529) * fix RAC signals And possibly other things by not using `ManagedAppConfig`. This was broken by 2128e7f45f1d. * invalidate Endpoint cache on update or delete This will result in more invalidations, but it will also fix some invalid Endpoint instances from showing up in Endpoint lists. Since an Endpoint can be tied to a Policy, some invalid results can still show up if the result of the Policy changes (either because the Policy itself changes or because data checked by that Policy changes). Even with those potentially invalid results, I believe the caching itself is advantageous as long as the API provides an option for `superuser_full_list`. Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com> --- authentik/providers/rac/apps.py | 4 ++-- authentik/providers/rac/signals.py | 13 ++++--------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/authentik/providers/rac/apps.py b/authentik/providers/rac/apps.py index 7b11c1e540..893d7bac9e 100644 --- a/authentik/providers/rac/apps.py +++ b/authentik/providers/rac/apps.py @@ -1,9 +1,9 @@ """RAC app config""" -from django.apps import AppConfig +from authentik.blueprints.apps import ManagedAppConfig -class AuthentikProviderRAC(AppConfig): +class AuthentikProviderRAC(ManagedAppConfig): """authentik rac app config""" name = "authentik.providers.rac" diff --git a/authentik/providers/rac/signals.py b/authentik/providers/rac/signals.py index f36cb19898..d4e4a3877b 100644 --- a/authentik/providers/rac/signals.py +++ b/authentik/providers/rac/signals.py @@ -4,8 +4,7 @@ from asgiref.sync import async_to_sync from channels.layers import get_channel_layer from django.contrib.auth.signals import user_logged_out from django.core.cache import cache -from django.db.models import Model -from django.db.models.signals import post_save, pre_delete +from django.db.models.signals import post_delete, post_save, pre_delete from django.dispatch import receiver from django.http import HttpRequest @@ -46,12 +45,8 @@ def pre_delete_connection_token_disconnect(sender, instance: ConnectionToken, ** ) -@receiver(post_save, sender=Endpoint) -def post_save_endpoint(sender: type[Model], instance, created: bool, **_): - """Clear user's endpoint cache upon endpoint creation""" - if not created: # pragma: no cover - return - - # Delete user endpoint cache +@receiver([post_save, post_delete], sender=Endpoint) +def post_save_post_delete_endpoint(**_): + """Clear user's endpoint cache upon endpoint creation or deletion""" keys = cache.keys(user_endpoint_cache_key("*")) cache.delete_many(keys)