diff --git a/authentik/blueprints/v1/importer.py b/authentik/blueprints/v1/importer.py index 1ee14287a2..1983d87c1c 100644 --- a/authentik/blueprints/v1/importer.py +++ b/authentik/blueprints/v1/importer.py @@ -235,8 +235,7 @@ class Importer: raise IntegrityError except IntegrityError: return False - else: - self.logger.debug("Committing changes") + self.logger.debug("Committing changes") return True def _apply_models(self) -> bool: diff --git a/authentik/lib/utils/urls.py b/authentik/lib/utils/urls.py index b1f723f682..da724817f3 100644 --- a/authentik/lib/utils/urls.py +++ b/authentik/lib/utils/urls.py @@ -27,10 +27,9 @@ def redirect_with_qs( return redirect(view) LOGGER.warning("redirect target is not a valid view", view=view) raise - else: - if get_query_set: - target += "?" + urlencode(get_query_set.items()) - return redirect(target) + if get_query_set: + target += "?" + urlencode(get_query_set.items()) + return redirect(target) def reverse_with_qs(view: str, query: Optional[QueryDict] = None, **kwargs) -> str: diff --git a/authentik/outposts/controllers/k8s/base.py b/authentik/outposts/controllers/k8s/base.py index a1dd6a1c2b..607f0821b8 100644 --- a/authentik/outposts/controllers/k8s/base.py +++ b/authentik/outposts/controllers/k8s/base.py @@ -73,8 +73,7 @@ class KubernetesObjectReconciler(Generic[T]): raise NeedsRecreate from exc self.logger.debug("Other unhandled error", exc=exc) raise exc - else: - self.reconcile(current, reference) + self.reconcile(current, reference) except NeedsUpdate: try: self.update(current, reference) diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py index a14e2140f5..fac748f7c6 100644 --- a/authentik/providers/oauth2/models.py +++ b/authentik/providers/oauth2/models.py @@ -260,7 +260,7 @@ class OAuth2Provider(Provider): return private_key, JWTAlgorithms.RS256 if isinstance(private_key, EllipticCurvePrivateKey): return private_key, JWTAlgorithms.ES256 - raise Exception(f"Invalid private key type: {type(private_key)}") + raise ValueError(f"Invalid private key type: {type(private_key)}") def get_issuer(self, request: HttpRequest) -> Optional[str]: """Get issuer, based on request""" diff --git a/authentik/sources/oauth/clients/base.py b/authentik/sources/oauth/clients/base.py index 6c991e8978..af2269fd47 100644 --- a/authentik/sources/oauth/clients/base.py +++ b/authentik/sources/oauth/clients/base.py @@ -45,8 +45,7 @@ class BaseOAuthClient: except RequestException as exc: self.logger.warning("Unable to fetch user profile", exc=exc, body=response.text) return None - else: - return response.json() + return response.json() def get_redirect_args(self) -> dict[str, str]: """Get request parameters for redirect url.""" diff --git a/authentik/sources/oauth/clients/oauth1.py b/authentik/sources/oauth/clients/oauth1.py index ee205f8e7d..07d3da1fb7 100644 --- a/authentik/sources/oauth/clients/oauth1.py +++ b/authentik/sources/oauth/clients/oauth1.py @@ -43,8 +43,7 @@ class OAuthClient(BaseOAuthClient): except RequestException as exc: LOGGER.warning("Unable to fetch access token", exc=exc) return None - else: - return self.parse_raw_token(response.text) + return self.parse_raw_token(response.text) return None def get_request_token(self) -> str: @@ -63,8 +62,7 @@ class OAuthClient(BaseOAuthClient): response.raise_for_status() except RequestException as exc: raise OAuthSourceException from exc - else: - return response.text + return response.text def get_redirect_args(self) -> dict[str, Any]: """Get request parameters for redirect url.""" diff --git a/authentik/sources/oauth/clients/oauth2.py b/authentik/sources/oauth/clients/oauth2.py index 25ce14a1d1..30293da546 100644 --- a/authentik/sources/oauth/clients/oauth2.py +++ b/authentik/sources/oauth/clients/oauth2.py @@ -86,8 +86,7 @@ class OAuth2Client(BaseOAuthClient): except RequestException as exc: LOGGER.warning("Unable to fetch access token", exc=exc) return None - else: - return response.json() + return response.json() def get_redirect_args(self) -> dict[str, str]: """Get request parameters for redirect url.""" @@ -111,8 +110,7 @@ class OAuth2Client(BaseOAuthClient): token_data = loads(raw_token) except ValueError: return dict(parse_qsl(raw_token)) - else: - return token_data + return token_data def do_request(self, method: str, url: str, **kwargs) -> Response: """Build remote url request. Constructs necessary auth.""" @@ -151,5 +149,4 @@ class UserprofileHeaderAuthClient(OAuth2Client): except RequestException as exc: LOGGER.warning("Unable to fetch user profile", exc=exc, body=response.text) return None - else: - return response.json() + return response.json() diff --git a/authentik/sources/oauth/types/github.py b/authentik/sources/oauth/types/github.py index 109bbc49df..262414180a 100644 --- a/authentik/sources/oauth/types/github.py +++ b/authentik/sources/oauth/types/github.py @@ -33,8 +33,7 @@ class GitHubOAuth2Client(OAuth2Client): except RequestException as exc: self.logger.warning("Unable to fetch github emails", exc=exc) return [] - else: - return response.json() + return response.json() class GitHubOAuth2Callback(OAuthCallback): diff --git a/authentik/sources/oauth/types/mailcow.py b/authentik/sources/oauth/types/mailcow.py index 38d24a7159..18df02f06b 100644 --- a/authentik/sources/oauth/types/mailcow.py +++ b/authentik/sources/oauth/types/mailcow.py @@ -38,8 +38,7 @@ class MailcowOAuth2Client(OAuth2Client): except RequestException as exc: LOGGER.warning("Unable to fetch user profile", exc=exc, body=response.text) return None - else: - return response.json() + return response.json() class MailcowOAuth2Callback(OAuthCallback): diff --git a/authentik/sources/oauth/views/redirect.py b/authentik/sources/oauth/views/redirect.py index 224b10a8be..d5d38050d3 100644 --- a/authentik/sources/oauth/views/redirect.py +++ b/authentik/sources/oauth/views/redirect.py @@ -36,15 +36,14 @@ class OAuthRedirect(OAuthClientMixin, RedirectView): source: OAuthSource = OAuthSource.objects.get(slug=slug) except OAuthSource.DoesNotExist: raise Http404(f"Unknown OAuth source '{slug}'.") - else: - if not source.enabled: - raise Http404(f"source {slug} is not enabled.") - client = self.get_client(source, callback=self.get_callback_url(source)) - params = self.get_additional_parameters(source) - params.setdefault("scope", []) - if source.additional_scopes != "": - if source.additional_scopes.startswith("*"): - params["scope"] = source.additional_scopes[1:].split(" ") - else: - params["scope"] += source.additional_scopes.split(" ") - return client.get_redirect_url(params) + if not source.enabled: + raise Http404(f"source {slug} is not enabled.") + client = self.get_client(source, callback=self.get_callback_url(source)) + params = self.get_additional_parameters(source) + params.setdefault("scope", []) + if source.additional_scopes != "": + if source.additional_scopes.startswith("*"): + params["scope"] = source.additional_scopes[1:].split(" ") + else: + params["scope"] += source.additional_scopes.split(" ") + return client.get_redirect_url(params) diff --git a/authentik/sources/plex/plex.py b/authentik/sources/plex/plex.py index 69f50aaf4b..1c30db551d 100644 --- a/authentik/sources/plex/plex.py +++ b/authentik/sources/plex/plex.py @@ -85,13 +85,12 @@ class PlexAuth: except RequestException as exc: LOGGER.warning("Unable to fetch user resources", exc=exc) raise Http404 - else: - for resource in resources: - if resource["provides"] != "server": - continue - if resource["clientIdentifier"] in self._source.allowed_servers: - LOGGER.info("Plex allowed access from server", name=resource["name"]) - return True + for resource in resources: + if resource["provides"] != "server": + continue + if resource["clientIdentifier"] in self._source.allowed_servers: + LOGGER.info("Plex allowed access from server", name=resource["name"]) + return True return False def check_friends_overlap(self, user_ident: int) -> bool: diff --git a/authentik/stages/password/stage.py b/authentik/stages/password/stage.py index 266c0fde84..9b87a6691c 100644 --- a/authentik/stages/password/stage.py +++ b/authentik/stages/password/stage.py @@ -151,15 +151,14 @@ class PasswordStageView(ChallengeStageView): # (most likely LDAP) self.logger.debug("Validation error from signal", exc=exc, **auth_kwargs) return self.executor.stage_invalid() - else: - if not user: - # No user was found -> invalid credentials - self.logger.info("Invalid credentials") - # Manually inject error into form - response._errors.setdefault("password", []) - response._errors["password"].append(ErrorDetail(_("Invalid password"), "invalid")) - return self.challenge_invalid(response) - # User instance returned from authenticate() has .backend property set - self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = user - self.executor.plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = user.backend - return self.executor.stage_ok() + if not user: + # No user was found -> invalid credentials + self.logger.info("Invalid credentials") + # Manually inject error into form + response._errors.setdefault("password", []) + response._errors["password"].append(ErrorDetail(_("Invalid password"), "invalid")) + return self.challenge_invalid(response) + # User instance returned from authenticate() has .backend property set + self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = user + self.executor.plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = user.backend + return self.executor.stage_ok() diff --git a/poetry.lock b/poetry.lock index d925ffa0b1..962c4c83db 100644 --- a/poetry.lock +++ b/poetry.lock @@ -189,14 +189,14 @@ files = [ [[package]] name = "astroid" -version = "2.12.13" +version = "2.14.1" description = "An abstract syntax tree for Python with inference support." category = "dev" optional = false python-versions = ">=3.7.2" files = [ - {file = "astroid-2.12.13-py3-none-any.whl", hash = "sha256:10e0ad5f7b79c435179d0d0f0df69998c4eef4597534aae44910db060baeb907"}, - {file = "astroid-2.12.13.tar.gz", hash = "sha256:1493fe8bd3dfd73dc35bd53c9d5b6e49ead98497c47b2307662556a5692d29d7"}, + {file = "astroid-2.14.1-py3-none-any.whl", hash = "sha256:23c718921acab5f08cbbbe9293967f1f8fec40c336d19cd75dc12a9ea31d2eb2"}, + {file = "astroid-2.14.1.tar.gz", hash = "sha256:bd1aa4f9915c98e8aaebcd4e71930154d4e8c9aaf05d35ac0a63d1956091ae3f"}, ] [package.dependencies] @@ -2452,18 +2452,18 @@ tests = ["coverage[toml] (==5.0.4)", "pytest (>=6.0.0,<7.0.0)"] [[package]] name = "pylint" -version = "2.15.10" +version = "2.16.0" description = "python code static checker" category = "dev" optional = false python-versions = ">=3.7.2" files = [ - {file = "pylint-2.15.10-py3-none-any.whl", hash = "sha256:9df0d07e8948a1c3ffa3b6e2d7e6e63d9fb457c5da5b961ed63106594780cc7e"}, - {file = "pylint-2.15.10.tar.gz", hash = "sha256:b3dc5ef7d33858f297ac0d06cc73862f01e4f2e74025ec3eff347ce0bc60baf5"}, + {file = "pylint-2.16.0-py3-none-any.whl", hash = "sha256:55e5cf00601c4cfe2e9404355c743a14e63be85df7409da7e482ebde5f9f14a1"}, + {file = "pylint-2.16.0.tar.gz", hash = "sha256:43ee36c9b690507ef9429ce1802bdc4dcde49454c3d665e39c23791567019c0a"}, ] [package.dependencies] -astroid = ">=2.12.13,<=2.14.0-dev0" +astroid = ">=2.14.1,<=2.16.0-dev0" colorama = {version = ">=0.4.5", markers = "sys_platform == \"win32\""} dill = {version = ">=0.3.6", markers = "python_version >= \"3.11\""} isort = ">=4.2.5,<6"