diff --git a/authentik/stages/authenticator_mobile/models.py b/authentik/stages/authenticator_mobile/models.py index 262641d7f..a568aed41 100644 --- a/authentik/stages/authenticator_mobile/models.py +++ b/authentik/stages/authenticator_mobile/models.py @@ -24,7 +24,7 @@ from firebase_admin.messaging import ( from rest_framework.serializers import BaseSerializer, Serializer from structlog.stdlib import get_logger -from authentik.core.models import ExpiringModel +from authentik.core.models import ExpiringModel, User from authentik.core.types import UserSettingSerializer from authentik.flows.models import ConfigurableStage, FriendlyNamedStage, Stage from authentik.lib.generators import generate_id @@ -112,9 +112,9 @@ class MobileDevice(SerializerModel, Device): class TransactionStates(models.TextChoices): """States a transaction can be in""" - wait = "wait" - accept = "accept" - deny = "deny" + WAIT = "wait" + ACCEPT = "accept" + DENY = "deny" class MobileTransaction(ExpiringModel): @@ -123,7 +123,7 @@ class MobileTransaction(ExpiringModel): tx_id = models.UUIDField(default=uuid4, primary_key=True) device = models.ForeignKey(MobileDevice, on_delete=models.CASCADE) - status = models.TextField(choices=TransactionStates.choices, default=TransactionStates.wait) + status = models.TextField(choices=TransactionStates.choices, default=TransactionStates.WAIT) def send_message(self, request: Optional[HttpRequest], **context): """Send mobile message""" @@ -133,13 +133,14 @@ class MobileTransaction(ExpiringModel): if request: branding = request.tenant.branding_title domain = request.get_host() + user: User = self.device.user message = Message( notification=Notification( title=__("%(brand)s authentication request" % {"brand": branding}), body=__( "%(user)s is attempting to log in to %(domain)s" % { - "user": self.device.user.username, + "user": user.username, # pylint: disable=no-member "domain": domain, } ), @@ -175,7 +176,7 @@ class MobileTransaction(ExpiringModel): checks = 0 while True: self.refresh_from_db() - if self.status in [TransactionStates.accept, TransactionStates.deny]: + if self.status in [TransactionStates.ACCEPT, TransactionStates.DENY]: self.delete() return self.status checks += 1 diff --git a/authentik/stages/authenticator_mobile/stage.py b/authentik/stages/authenticator_mobile/stage.py index b2e1ef7ca..22cb21b94 100644 --- a/authentik/stages/authenticator_mobile/stage.py +++ b/authentik/stages/authenticator_mobile/stage.py @@ -12,7 +12,7 @@ from authentik.flows.challenge import ( from authentik.flows.stage import ChallengeStageView from authentik.stages.authenticator_mobile.models import MobileDevice, MobileDeviceToken -FLOW_PLAN_MOBILE_ENROLL_TOKEN = "authentik/stages/authenticator_mobile/enroll/token" +FLOW_PLAN_MOBILE_ENROLL_TOKEN = "authentik/stages/authenticator_mobile/enroll/token" # nosec FLOW_PLAN_MOBILE_ENROLL_DEVICE = "authentik/stages/authenticator_mobile/enroll/device" diff --git a/authentik/stages/authenticator_validate/challenge.py b/authentik/stages/authenticator_validate/challenge.py index 4b23860d4..802abefc5 100644 --- a/authentik/stages/authenticator_validate/challenge.py +++ b/authentik/stages/authenticator_validate/challenge.py @@ -182,6 +182,7 @@ def validate_challenge_webauthn(data: dict, stage_view: StageView, user: User) - def validate_challenge_mobile(device_pk: str, stage_view: StageView, user: User) -> Device: + """Validate mobile authenticator""" device: MobileDevice = get_object_or_404(MobileDevice, pk=device_pk) if device.user != user: LOGGER.warning("device mismatch") @@ -197,10 +198,10 @@ def validate_challenge_mobile(device_pk: str, stage_view: StageView, user: User) ).name try: - tx = MobileTransaction.objects.create(device=device) - tx.send_message(stage_view.request, **push_context) - status = tx.wait_for_response() - if status == TransactionStates.deny: + transaction = MobileTransaction.objects.create(device=device) + transaction.send_message(stage_view.request, **push_context) + status = transaction.wait_for_response() + if status == TransactionStates.DENY: LOGGER.debug("mobile push response", result=status) login_failed.send( sender=__name__,