stages/user_login: add default backend

closes #763

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/sources/saml/processors/response.py

@@ -39,13 +39,13 @@ from authentik.sources.saml.processors.constants import (
 from authentik.sources.saml.processors.request import SESSION_REQUEST_ID
 from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
 from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
+from authentik.stages.user_login.stage import DEFAULT_BACKEND
 
 LOGGER = get_logger()
 if TYPE_CHECKING:
     from xml.etree.ElementTree import Element  # nosec
 
 CACHE_SEEN_REQUEST_ID = "authentik_saml_seen_ids_%s"
-DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend"
 
 
 class ResponseProcessor:

authentik/stages/user_login/stage.py

@@ -11,6 +11,7 @@ from authentik.lib.utils.time import timedelta_from_string
 from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
 
 LOGGER = get_logger()
+DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend"
 
 
 class UserLoginStageView(StageView):
@@ -23,12 +24,9 @@ class UserLoginStageView(StageView):
             messages.error(request, message)
             LOGGER.debug(message)
             return self.executor.stage_invalid()
-        if PLAN_CONTEXT_AUTHENTICATION_BACKEND not in self.executor.plan.context:
-            message = _("Pending user has no backend.")
-            messages.error(request, message)
-            LOGGER.debug(message)
-            return self.executor.stage_invalid()
-        backend = self.executor.plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND]
+        backend = self.executor.plan.context.get(
+            PLAN_CONTEXT_AUTHENTICATION_BACKEND, DEFAULT_BACKEND
+        )
         login(
             self.request,
             self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],

authentik/stages/user_login/tests.py

@@ -12,7 +12,6 @@ from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding
 from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
 from authentik.flows.tests.test_views import TO_STAGE_RESPONSE_MOCK
 from authentik.flows.views import SESSION_KEY_PLAN
-from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
 from authentik.stages.user_login.models import UserLoginStage
 
 
@@ -38,9 +37,6 @@ class TestUserLoginStage(TestCase):
             flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
         )
         plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
-        plan.context[
-            PLAN_CONTEXT_AUTHENTICATION_BACKEND
-        ] = "django.contrib.auth.backends.ModelBackend"
         session = self.client.session
         session[SESSION_KEY_PLAN] = plan
         session.save()
@@ -82,32 +78,3 @@ class TestUserLoginStage(TestCase):
                 "type": ChallengeTypes.NATIVE.value,
             },
         )
-
-    @patch(
-        "authentik.flows.views.to_stage_response",
-        TO_STAGE_RESPONSE_MOCK,
-    )
-    def test_without_backend(self):
-        """Test a plan with pending user, without backend, resulting in a denied"""
-        plan = FlowPlan(
-            flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()]
-        )
-        plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
-        session = self.client.session
-        session[SESSION_KEY_PLAN] = plan
-        session.save()
-
-        response = self.client.get(
-            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
-        )
-
-        self.assertEqual(response.status_code, 200)
-        self.assertJSONEqual(
-            force_str(response.content),
-            {
-                "component": "ak-stage-access-denied",
-                "error_message": None,
-                "title": "",
-                "type": ChallengeTypes.NATIVE.value,
-            },
-        )