From 0a0eee138a6d05e15c0651dd0ca7567b5cd59f5a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Nov 2021 23:44:48 +0100 Subject: [PATCH] stages/authenticator_validate: catch error when attempting to configure user without flow Signed-off-by: Jens Langhammer --- authentik/stages/authenticator_validate/stage.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/authentik/stages/authenticator_validate/stage.py b/authentik/stages/authenticator_validate/stage.py index 6b65fd5a3..b3384ca04 100644 --- a/authentik/stages/authenticator_validate/stage.py +++ b/authentik/stages/authenticator_validate/stage.py @@ -5,6 +5,7 @@ from rest_framework.fields import CharField, IntegerField, JSONField, ListField from rest_framework.serializers import ValidationError from structlog.stdlib import get_logger +from authentik.events.models import Event, EventAction from authentik.flows.challenge import ChallengeResponse, ChallengeTypes, WithUserInfoChallenge from authentik.flows.models import NotConfiguredAction, Stage from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER @@ -148,6 +149,16 @@ class AuthenticatorValidateStageView(ChallengeStageView): LOGGER.debug("Authenticator not configured, denying") return self.executor.stage_invalid() if stage.not_configured_action == NotConfiguredAction.CONFIGURE: + if not stage.configuration_stage: + Event.new( + EventAction.CONFIGURATION_ERROR, + message=( + "Authenticator validation stage is set to configure user " + "but no configuration flow is set." + ), + stage=self, + ).from_http(self.request).set_user(user).save() + return self.executor.stage_invalid() LOGGER.debug("Authenticator not configured, sending user to configure") # Because the foreign key to stage.configuration_stage points to # a base stage class, we need to do another lookup