diff --git a/authentik/outposts/channels.py b/authentik/outposts/channels.py index 918b79881..f084b4a3d 100644 --- a/authentik/outposts/channels.py +++ b/authentik/outposts/channels.py @@ -82,6 +82,7 @@ class OutpostConsumer(AuthJsonConsumer): ) if msg.instruction == WebsocketMessageInstruction.HELLO: state.version = msg.args.get("version", None) + state.build_hash = msg.args.get("buildHash", "") elif msg.instruction == WebsocketMessageInstruction.ACK: return state.save(timeout=OUTPOST_HELLO_INTERVAL * 1.5) diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py index ed21eca3d..c7de05794 100644 --- a/authentik/outposts/models.py +++ b/authentik/outposts/models.py @@ -1,6 +1,7 @@ """Outpost models""" from dataclasses import asdict, dataclass, field from datetime import datetime +from os import environ from typing import Iterable, Optional, Union from uuid import uuid4 @@ -26,7 +27,7 @@ from packaging.version import LegacyVersion, Version, parse from structlog.stdlib import get_logger from urllib3.exceptions import HTTPError -from authentik import __version__ +from authentik import ENV_GIT_HASH_KEY, __version__ from authentik.core.models import USER_ATTRIBUTE_SA, Provider, Token, TokenIntents, User from authentik.crypto.models import CertificateKeyPair from authentik.lib.config import CONFIG @@ -411,6 +412,7 @@ class OutpostState: last_seen: Optional[datetime] = field(default=None) version: Optional[str] = field(default=None) version_should: Union[Version, LegacyVersion] = field(default=OUR_VERSION) + build_hash: str = field(default="") _outpost: Optional[Outpost] = field(default=None) @@ -419,6 +421,8 @@ class OutpostState: """Check if outpost version matches our version""" if not self.version: return False + if self.build_hash != environ.get(ENV_GIT_HASH_KEY, ""): + return False return parse(self.version) < OUR_VERSION @staticmethod