From a87cc273661a9a323cf6b34ab6acc04050a3ca82 Mon Sep 17 00:00:00 2001
From: "gcp-cherry-pick-bot[bot]"
 <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com>
Date: Tue, 17 Sep 2024 18:44:06 +0200
Subject: [PATCH] events: always use expiry from current tenant for events, not
 only when creating from HTTP request (cherry-pick #11415) (#11416)

events: always use expiry from current tenant for events, not only when creating from HTTP request (#11415)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
---
 authentik/events/models.py            | 13 ++++++-------
 authentik/events/tests/test_models.py |  3 ++-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/authentik/events/models.py b/authentik/events/models.py
index 3289c957e5..2f6a5b9d7e 100644
--- a/authentik/events/models.py
+++ b/authentik/events/models.py
@@ -49,6 +49,7 @@ from authentik.policies.models import PolicyBindingModel
 from authentik.root.middleware import ClientIPMiddleware
 from authentik.stages.email.utils import TemplateEmailMessage
 from authentik.tenants.models import Tenant
+from authentik.tenants.utils import get_current_tenant
 
 LOGGER = get_logger()
 DISCORD_FIELD_LIMIT = 25
@@ -58,7 +59,11 @@ NOTIFICATION_SUMMARY_LENGTH = 75
 def default_event_duration():
     """Default duration an Event is saved.
     This is used as a fallback when no brand is available"""
-    return now() + timedelta(days=365)
+    try:
+        tenant = get_current_tenant()
+        return now() + timedelta_from_string(tenant.event_retention)
+    except Tenant.DoesNotExist:
+        return now() + timedelta(days=365)
 
 
 def default_brand():
@@ -245,12 +250,6 @@ class Event(SerializerModel, ExpiringModel):
             if QS_QUERY in self.context["http_request"]["args"]:
                 wrapped = self.context["http_request"]["args"][QS_QUERY]
                 self.context["http_request"]["args"] = cleanse_dict(QueryDict(wrapped))
-        if hasattr(request, "tenant"):
-            tenant: Tenant = request.tenant
-            # Because self.created only gets set on save, we can't use it's value here
-            # hence we set self.created to now and then use it
-            self.created = now()
-            self.expires = self.created + timedelta_from_string(tenant.event_retention)
         if hasattr(request, "brand"):
             brand: Brand = request.brand
             self.brand = sanitize_dict(model_to_dict(brand))
diff --git a/authentik/events/tests/test_models.py b/authentik/events/tests/test_models.py
index 9be7b8b392..98539a7fca 100644
--- a/authentik/events/tests/test_models.py
+++ b/authentik/events/tests/test_models.py
@@ -6,6 +6,7 @@ from django.db.models import Model
 from django.test import TestCase
 
 from authentik.core.models import default_token_key
+from authentik.events.models import default_event_duration
 from authentik.lib.utils.reflection import get_apps
 
 
@@ -20,7 +21,7 @@ def model_tester_factory(test_model: type[Model]) -> Callable:
         allowed = 0
         # Token-like objects need to lookup the current tenant to get the default token length
         for field in test_model._meta.fields:
-            if field.default == default_token_key:
+            if field.default in [default_token_key, default_event_duration]:
                 allowed += 1
         with self.assertNumQueries(allowed):
             str(test_model())