b225b0200e
* remove pyright Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove pylint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace pylint with ruff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ruff fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix UP038 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix DJ012 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix default arg Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix UP031 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename stage type to view Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix DJ008 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix remaining upgrade Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix PLR2004 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix B904 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix PLW2901 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix remaining issues Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prevent ruff from breaking the code Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stages/prompt: refactor field building Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fully remove isort Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
44 lines
1.3 KiB
Python
44 lines
1.3 KiB
Python
"""Channels base classes"""
|
|
|
|
from channels.db import database_sync_to_async
|
|
from channels.exceptions import DenyConnection
|
|
from rest_framework.exceptions import AuthenticationFailed
|
|
from structlog.stdlib import get_logger
|
|
|
|
from authentik.api.authentication import bearer_auth
|
|
|
|
LOGGER = get_logger()
|
|
|
|
|
|
class TokenOutpostMiddleware:
|
|
"""Authorize a client with a token"""
|
|
|
|
def __init__(self, inner):
|
|
self.inner = inner
|
|
|
|
async def __call__(self, scope, receive, send):
|
|
scope = dict(scope)
|
|
await self.auth(scope)
|
|
return await self.inner(scope, receive, send)
|
|
|
|
@database_sync_to_async
|
|
def auth(self, scope):
|
|
"""Authenticate request from header"""
|
|
headers = dict(scope["headers"])
|
|
if b"authorization" not in headers:
|
|
LOGGER.warning("WS Request without authorization header")
|
|
raise DenyConnection()
|
|
|
|
raw_header = headers[b"authorization"]
|
|
|
|
try:
|
|
user = bearer_auth(raw_header)
|
|
# user is only None when no header was given, in which case we deny too
|
|
if not user:
|
|
raise DenyConnection()
|
|
except AuthenticationFailed as exc:
|
|
LOGGER.warning("Failed to authenticate", exc=exc)
|
|
raise DenyConnection() from None
|
|
|
|
scope["user"] = user
|