enterprise/providers/rac: fix maximum_connections set to -1 not being effective (#8456)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-02-08 17:22:27 +01:00
parent 20996e994e
commit aa8dc94a97
1 changed files with 9 additions and 8 deletions
--- a/authentik/enterprise/providers/rac/views.py
+++ b/authentik/enterprise/providers/rac/views.py
@ -104,14 +104,15 @@ class RACFinalStage(RedirectStage):
        # Check if we're already at the maximum connection limit
        all_tokens = ConnectionToken.filter_not_expired(
            endpoint=self.endpoint,
-        ).exclude(endpoint__maximum_connections__lte=-1)
-        if all_tokens.count() >= self.endpoint.maximum_connections:
-            msg = [_("Maximum connection limit reached.")]
-            # Check if any other tokens exist for the current user, and inform them
-            # they are already connected
-            if all_tokens.filter(session__user=self.request.user).exists():
-                msg.append(_("(You are already connected in another tab/window)"))
-            return self.executor.stage_invalid(" ".join(msg))
+        )
+        if self.endpoint.maximum_connections > -1:
+            if all_tokens.count() >= self.endpoint.maximum_connections:
+                msg = [_("Maximum connection limit reached.")]
+                # Check if any other tokens exist for the current user, and inform them
+                # they are already connected
+                if all_tokens.filter(session__user=self.request.user).exists():
+                    msg.append(_("(You are already connected in another tab/window)"))
+                return self.executor.stage_invalid(" ".join(msg))
        return super().dispatch(request, *args, **kwargs)

    def get_challenge(self, *args, **kwargs) -> RedirectChallenge: