providers/oauth2: fix missing information for Revoked token access events

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-02-16 14:47:07 +01:00
parent e5dfe7dafe
commit 1a57d453ba
No known key found for this signature in database
2 changed files with 7 additions and 5 deletions

View file

@ -146,9 +146,10 @@ def protected_resource_view(scopes: list[str]):
LOGGER.warning("Revoked token was used", access_token=access_token)
Event.new(
action=EventAction.SUSPICIOUS_REQUEST,
message="Revoked refresh token was used",
token=access_token,
).from_http(request)
message="Revoked access token was used",
token=token,
provider=token.provider,
).from_http(request, user=token.user)
raise BearerTokenError("invalid_token")
if not set(scopes).issubset(set(token.scope)):

View file

@ -262,8 +262,9 @@ class TokenParams:
Event.new(
action=EventAction.SUSPICIOUS_REQUEST,
message="Revoked refresh token was used",
token=raw_token,
).from_http(request)
token=self.refresh_token,
provider=self.refresh_token.provider,
).from_http(request, user=self.refresh_token.user)
raise TokenError("invalid_grant")
def __post_init_client_credentials(self, request: HttpRequest):