From 2c71d5714b27e4c35ebf710cd078a6f6484bf4f7 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 18 Dec 2023 11:53:48 +0100 Subject: [PATCH] fix mobile users/me auth Signed-off-by: Jens Langhammer --- authentik/core/api/users.py | 2 +- authentik/stages/authenticator_mobile/api/auth.py | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index e6a907bca..51d0bf56b 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -499,9 +499,9 @@ class UserViewSet(UsedByMixin, ModelViewSet): pagination_class=None, filter_backends=[], authentication_classes=[ + MobileDeviceTokenAuthentication, TokenAuthentication, SessionAuthentication, - MobileDeviceTokenAuthentication, ], ) def user_me(self, request: Request) -> Response: diff --git a/authentik/stages/authenticator_mobile/api/auth.py b/authentik/stages/authenticator_mobile/api/auth.py index f38b6ede3..16f9435ea 100644 --- a/authentik/stages/authenticator_mobile/api/auth.py +++ b/authentik/stages/authenticator_mobile/api/auth.py @@ -3,6 +3,7 @@ from typing import Any from drf_spectacular.extensions import OpenApiAuthenticationExtension from rest_framework.authentication import BaseAuthentication, get_authorization_header +from rest_framework.exceptions import AuthenticationFailed from rest_framework.request import Request from authentik.api.authentication import validate_auth @@ -17,7 +18,10 @@ class MobileDeviceTokenAuthentication(BaseAuthentication): def authenticate(self, request: Request) -> tuple[User, Any] | None: """Token-based authentication using HTTP Bearer authentication""" auth = get_authorization_header(request) - raw_token = validate_auth(auth) + try: + raw_token = validate_auth(auth) + except AuthenticationFailed: + return None device_token: MobileDeviceToken = MobileDeviceToken.filter_not_expired( token=raw_token ).first()