stages: always use get_pending_user instead of getting context user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/stages/authenticator_duo/stage.py

@@ -1,5 +1,5 @@
 """Duo stage"""
-from django.http import HttpRequest, HttpResponse
+from django.http import HttpResponse
 from django.utils.timezone import now
 from rest_framework.fields import CharField
 
@@ -10,7 +10,6 @@ from authentik.flows.challenge import (
     ChallengeTypes,
     WithUserInfoChallenge,
 )
-from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
 from authentik.flows.stage import ChallengeStageView
 from authentik.flows.views.executor import InvalidStageError
 from authentik.stages.authenticator_duo.models import AuthenticatorDuoStage, DuoDevice
@@ -68,13 +67,6 @@ class AuthenticatorDuoStageView(ChallengeStageView):
             }
         )
 
-    def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
-        user = self.executor.plan.context.get(PLAN_CONTEXT_PENDING_USER)
-        if not user:
-            self.logger.debug("No pending user, continuing")
-            return self.executor.stage_ok()
-        return super().get(request, *args, **kwargs)
-
     def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
         # Duo Challenge has already been validated
         stage: AuthenticatorDuoStage = self.executor.current_stage

authentik/stages/authenticator_sms/stage.py

@@ -14,7 +14,6 @@ from authentik.flows.challenge import (
     ChallengeTypes,
     WithUserInfoChallenge,
 )
-from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
 from authentik.flows.stage import ChallengeStageView
 from authentik.stages.authenticator_sms.models import (
     AuthenticatorSMSStage,
@@ -95,10 +94,7 @@ class AuthenticatorSMSStageView(ChallengeStageView):
         return response
 
     def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
-        user = self.executor.plan.context.get(PLAN_CONTEXT_PENDING_USER)
+        user = self.get_pending_user()
-        if not user:
-            self.logger.debug("No pending user, continuing")
-            return self.executor.stage_ok()
 
         # Currently, this stage only supports one device per user. If the user already
         # has a device, just skip to the next stage

authentik/stages/authenticator_validate/stage.py

@@ -376,7 +376,7 @@ class AuthenticatorValidateStageView(ChallengeStageView):
 
     def challenge_valid(self, response: AuthenticatorValidationChallengeResponse) -> HttpResponse:
         # All validation is done by the serializer
-        user = self.executor.plan.context.get(PLAN_CONTEXT_PENDING_USER)
+        user = self.get_pending_user()
         if not user:
             if "webauthn" not in response.data:
                 return self.executor.stage_invalid()

authentik/stages/authenticator_webauthn/stage.py

@@ -26,7 +26,6 @@ from authentik.flows.challenge import (
     ChallengeTypes,
     WithUserInfoChallenge,
 )
-from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
 from authentik.flows.stage import ChallengeStageView
 from authentik.stages.authenticator_webauthn.models import AuthenticateWebAuthnStage, WebAuthnDevice
 from authentik.stages.authenticator_webauthn.utils import get_origin, get_rp_id
@@ -113,13 +112,6 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
             }
         )
 
-    def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
-        user = self.executor.plan.context.get(PLAN_CONTEXT_PENDING_USER)
-        if not user:
-            self.logger.debug("No pending user, continuing")
-            return self.executor.stage_ok()
-        return super().get(request, *args, **kwargs)
-
     def get_response_instance(self, data: QueryDict) -> AuthenticatorWebAuthnChallengeResponse:
         response: AuthenticatorWebAuthnChallengeResponse = super().get_response_instance(data)
         response.request = self.request