core: ensure all providers have correct priority (cherry-pick #11280) (#11281)

core: ensure all providers have correct priority (#11280) follow up to #11267 which broke SAML lookup Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>
2024-09-08 16:09:09 +02:00
parent c546451a73
commit 96e1636be3
2 changed files with 26 additions and 5 deletions
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@ -544,7 +544,8 @@ class Application(SerializerModel, PolicyBindingModel):
            return None

        candidates = []
-        for subclass in Provider.objects.get_queryset()._get_subclasses_recurse(Provider):
+        base_class = Provider
+        for subclass in base_class.objects.get_queryset()._get_subclasses_recurse(base_class):
            parent = self.provider
            for level in subclass.split(LOOKUP_SEP):
                try:
@ -553,7 +554,10 @@ class Application(SerializerModel, PolicyBindingModel):
                    break
            if parent in candidates:
                continue
-            candidates.insert(subclass.count(LOOKUP_SEP), parent)
+            idx = subclass.count(LOOKUP_SEP)
+            if type(parent) is not base_class:
+                idx += 1
+            candidates.insert(idx, parent)
        if not candidates:
            return None
        return candidates[-1]
--- a/authentik/core/tests/test_applications_api.py
+++ b/authentik/core/tests/test_applications_api.py
@ -14,6 +14,7 @@ from authentik.policies.dummy.models import DummyPolicy
 from authentik.policies.models import PolicyBinding
 from authentik.providers.oauth2.models import OAuth2Provider
 from authentik.providers.proxy.models import ProxyProvider
+from authentik.providers.saml.models import SAMLProvider


 class TestApplicationsAPI(APITestCase):
@ -229,10 +230,26 @@ class TestApplicationsAPI(APITestCase):
        """Ensure that proxy providers (at the time of writing that is the only provider
        that inherits from another proxy type (OAuth) instead of inheriting from the root
        provider class) is correctly looked up and selected from the database"""
+        slug = generate_id()
        provider = ProxyProvider.objects.create(name=generate_id())
-        app = Application.objects.create(
+        Application.objects.create(
            name=generate_id(),
-            slug=generate_id(),
+            slug=slug,
            provider=provider,
        )
-        self.assertEqual(app.get_provider(), provider)
+        self.assertEqual(Application.objects.get(slug=slug).get_provider(), provider)
+        self.assertEqual(
+            Application.objects.with_provider().get(slug=slug).get_provider(), provider
+        )
+
+        slug = generate_id()
+        provider = SAMLProvider.objects.create(name=generate_id())
+        Application.objects.create(
+            name=generate_id(),
+            slug=slug,
+            provider=provider,
+        )
+        self.assertEqual(Application.objects.get(slug=slug).get_provider(), provider)
+        self.assertEqual(
+            Application.objects.with_provider().get(slug=slug).get_provider(), provider
+        )