diff --git a/authentik/sources/saml/processors/response.py b/authentik/sources/saml/processors/response.py index 74793ba8d..8ecb62e95 100644 --- a/authentik/sources/saml/processors/response.py +++ b/authentik/sources/saml/processors/response.py @@ -39,13 +39,13 @@ from authentik.sources.saml.processors.constants import ( from authentik.sources.saml.processors.request import SESSION_REQUEST_ID from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT +from authentik.stages.user_login.stage import DEFAULT_BACKEND LOGGER = get_logger() if TYPE_CHECKING: from xml.etree.ElementTree import Element # nosec CACHE_SEEN_REQUEST_ID = "authentik_saml_seen_ids_%s" -DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend" class ResponseProcessor: diff --git a/authentik/stages/user_login/stage.py b/authentik/stages/user_login/stage.py index bc9601066..13881d073 100644 --- a/authentik/stages/user_login/stage.py +++ b/authentik/stages/user_login/stage.py @@ -11,6 +11,7 @@ from authentik.lib.utils.time import timedelta_from_string from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND LOGGER = get_logger() +DEFAULT_BACKEND = "django.contrib.auth.backends.ModelBackend" class UserLoginStageView(StageView): @@ -23,12 +24,9 @@ class UserLoginStageView(StageView): messages.error(request, message) LOGGER.debug(message) return self.executor.stage_invalid() - if PLAN_CONTEXT_AUTHENTICATION_BACKEND not in self.executor.plan.context: - message = _("Pending user has no backend.") - messages.error(request, message) - LOGGER.debug(message) - return self.executor.stage_invalid() - backend = self.executor.plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] + backend = self.executor.plan.context.get( + PLAN_CONTEXT_AUTHENTICATION_BACKEND, DEFAULT_BACKEND + ) login( self.request, self.executor.plan.context[PLAN_CONTEXT_PENDING_USER], diff --git a/authentik/stages/user_login/tests.py b/authentik/stages/user_login/tests.py index b2e636802..98da7ab45 100644 --- a/authentik/stages/user_login/tests.py +++ b/authentik/stages/user_login/tests.py @@ -12,7 +12,6 @@ from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan from authentik.flows.tests.test_views import TO_STAGE_RESPONSE_MOCK from authentik.flows.views import SESSION_KEY_PLAN -from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND from authentik.stages.user_login.models import UserLoginStage @@ -38,9 +37,6 @@ class TestUserLoginStage(TestCase): flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] ) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user - plan.context[ - PLAN_CONTEXT_AUTHENTICATION_BACKEND - ] = "django.contrib.auth.backends.ModelBackend" session = self.client.session session[SESSION_KEY_PLAN] = plan session.save() @@ -82,32 +78,3 @@ class TestUserLoginStage(TestCase): "type": ChallengeTypes.NATIVE.value, }, ) - - @patch( - "authentik.flows.views.to_stage_response", - TO_STAGE_RESPONSE_MOCK, - ) - def test_without_backend(self): - """Test a plan with pending user, without backend, resulting in a denied""" - plan = FlowPlan( - flow_pk=self.flow.pk.hex, stages=[self.stage], markers=[StageMarker()] - ) - plan.context[PLAN_CONTEXT_PENDING_USER] = self.user - session = self.client.session - session[SESSION_KEY_PLAN] = plan - session.save() - - response = self.client.get( - reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) - ) - - self.assertEqual(response.status_code, 200) - self.assertJSONEqual( - force_str(response.content), - { - "component": "ak-stage-access-denied", - "error_message": None, - "title": "", - "type": ChallengeTypes.NATIVE.value, - }, - )