trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/oauth2: fix missing information for Revoked token access events 

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-02-16 14:47:07 +01:00
parent e5dfe7dafe
commit 1a57d453ba
No known key found for this signature in database
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
authentik/providers/oauth2/utils.py
View File

@ -146,9 +146,10 @@ def protected_resource_view(scopes: list[str]):
LOGGER.warning("Revoked token was used", access_token=access_token) LOGGER.warning("Revoked token was used", access_token=access_token)
Event.new( Event.new(
action=EventAction.SUSPICIOUS_REQUEST, action=EventAction.SUSPICIOUS_REQUEST,
message="Revoked refresh token was used", message="Revoked access token was used",
token=access_token, token=token,
).from_http(request) provider=token.provider,
).from_http(request, user=token.user)
raise BearerTokenError("invalid_token") raise BearerTokenError("invalid_token")
if not set(scopes).issubset(set(token.scope)): if not set(scopes).issubset(set(token.scope)):

5
authentik/providers/oauth2/views/token.py
View File

@ -262,8 +262,9 @@ class TokenParams:
Event.new( Event.new(
action=EventAction.SUSPICIOUS_REQUEST, action=EventAction.SUSPICIOUS_REQUEST,
message="Revoked refresh token was used", message="Revoked refresh token was used",
token=raw_token, token=self.refresh_token,
).from_http(request) provider=self.refresh_token.provider,
).from_http(request, user=self.refresh_token.user)
raise TokenError("invalid_grant") raise TokenError("invalid_grant")
def __post_init_client_credentials(self, request: HttpRequest): def __post_init_client_credentials(self, request: HttpRequest):