core: improve messaging on flow_manager, authenticate user when they linked their account after not having been authenticateed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-04 18:45:28 +02:00
parent 83cfb5f8c2
commit 4acbda2b77
5 changed files with 29 additions and 9 deletions

View File

@ -1,4 +1,4 @@
all: lint-fix lint coverage gen all: lint-fix lint test gen
test-integration: test-integration:
k3d cluster create || exit 0 k3d cluster create || exit 0
@ -8,7 +8,7 @@ test-integration:
test-e2e: test-e2e:
coverage run manage.py test --failfast -v 3 tests/e2e coverage run manage.py test --failfast -v 3 tests/e2e
coverage: test:
coverage run manage.py test -v 3 authentik coverage run manage.py test -v 3 authentik
coverage html coverage html
coverage report coverage report

View File

@ -134,7 +134,9 @@ class SourceFlowManager:
SourceUserMatchingModes.EMAIL_DENY, SourceUserMatchingModes.EMAIL_DENY,
SourceUserMatchingModes.USERNAME_DENY, SourceUserMatchingModes.USERNAME_DENY,
]: ]:
self._logger.info("denying source because user exists", user=user)
return Action.DENY, None return Action.DENY, None
# Should never get here as default enroll case is returned above.
return Action.DENY, None return Action.DENY, None
def update_connection( def update_connection(
@ -146,17 +148,25 @@ class SourceFlowManager:
def get_flow(self, **kwargs) -> HttpResponse: def get_flow(self, **kwargs) -> HttpResponse:
"""Get the flow response based on user_matching_mode""" """Get the flow response based on user_matching_mode"""
action, connection = self.get_action() action, connection = self.get_action()
if action == Action.LINK:
self._logger.debug("Linking existing user")
return self.handle_existing_user_link()
if not connection: if not connection:
return redirect("/") return redirect("/")
if action == Action.LINK:
self._logger.debug("Linking existing user")
return self.handle_existing_user_link(connection)
if action == Action.AUTH: if action == Action.AUTH:
self._logger.debug("Handling auth user") self._logger.debug("Handling auth user")
return self.handle_auth_user(connection) return self.handle_auth_user(connection)
if action == Action.ENROLL: if action == Action.ENROLL:
self._logger.debug("Handling enrollment of new user") self._logger.debug("Handling enrollment of new user")
return self.handle_enroll(connection) return self.handle_enroll(connection)
# Default case, assume deny
messages.error(
self.request,
_(
"Request to authenticate with %(source)s has been denied!"
% {"source": self.source.name}
),
)
return redirect("/") return redirect("/")
# pylint: disable=unused-argument # pylint: disable=unused-argument
@ -216,9 +226,11 @@ class SourceFlowManager:
def handle_existing_user_link( def handle_existing_user_link(
self, self,
connection: UserSourceConnection,
) -> HttpResponse: ) -> HttpResponse:
"""Handler when the user was already authenticated and linked an external source """Handler when the user was already authenticated and linked an external source
to their account.""" to their account."""
# Connection has already been saved
Event.new( Event.new(
EventAction.SOURCE_LINKED, EventAction.SOURCE_LINKED,
message="Linked Source", message="Linked Source",
@ -228,6 +240,9 @@ class SourceFlowManager:
self.request, self.request,
_("Successfully linked %(source)s!" % {"source": self.source.name}), _("Successfully linked %(source)s!" % {"source": self.source.name}),
) )
# When request isn't authenticated we jump straight to auth
if not self.request.user.is_authenticated:
return self.handle_auth_user(connection)
return redirect( return redirect(
reverse( reverse(
"authentik_core:if-admin", "authentik_core:if-admin",

View File

@ -201,7 +201,7 @@ stages:
displayName: Run full test suite displayName: Run full test suite
inputs: inputs:
script: | script: |
pipenv run make coverage pipenv run make test
- task: CmdLine@2 - task: CmdLine@2
inputs: inputs:
script: | script: |

View File

@ -11,6 +11,7 @@ func (ws *WebServer) configureProxy() {
u, _ := url.Parse("http://localhost:8000") u, _ := url.Parse("http://localhost:8000")
rp := httputil.NewSingleHostReverseProxy(u) rp := httputil.NewSingleHostReverseProxy(u)
rp.ErrorHandler = ws.proxyErrorHandler rp.ErrorHandler = ws.proxyErrorHandler
rp.ModifyResponse = ws.proxyModifyResponse
ws.m.PathPrefix("/").Handler(rp) ws.m.PathPrefix("/").Handler(rp)
} }
@ -18,3 +19,8 @@ func (ws *WebServer) proxyErrorHandler(rw http.ResponseWriter, req *http.Request
ws.log.WithError(err).Warning("proxy error") ws.log.WithError(err).Warning("proxy error")
rw.WriteHeader(http.StatusBadGateway) rw.WriteHeader(http.StatusBadGateway)
} }
func (ws *WebServer) proxyModifyResponse(r *http.Response) error {
r.Header.Set("X-authentik-from", "authentik")
return nil
}

View File

@ -40,7 +40,6 @@ slug: "2021.4"
- You can now specify the amount of processes started in docker-compose using the `WORKERS` environment variable. - You can now specify the amount of processes started in docker-compose using the `WORKERS` environment variable.
## Fixed in 2021.4.2 ## Fixed in 2021.4.2
- core: fix propertymapping API returning invalid value for components (https://github.com/goauthentik/authentik/issues/746) - core: fix propertymapping API returning invalid value for components (https://github.com/goauthentik/authentik/issues/746)
@ -134,8 +133,8 @@ This release does not introduce any new requirements.
### docker-compose ### docker-compose
Download the latest docker-compose file from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`. Download the latest docker-compose file from [here](https://raw.githubusercontent.com/goauthentik/authentik/version-2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
### Kubernetes ### Kubernetes
Run `helm repo update` and then upgrade your release with `helm upgrade authentik authentik/authentik --devel -f values.yaml`. Run `helm repo update` and then upgrade your release with `helm upgrade authentik authentik/authentik -f values.yaml`.