fix mobile users/me auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-12-18 11:53:48 +01:00 · 2023-12-18 11:53:48 +01:00 · 2c71d5714b
parent c19e12d1e1
commit 2c71d5714b
2 changed files with 6 additions and 2 deletions
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -499,9 +499,9 @@ class UserViewSet(UsedByMixin, ModelViewSet):
        pagination_class=None,
        filter_backends=[],
        authentication_classes=[
+            MobileDeviceTokenAuthentication,
            TokenAuthentication,
            SessionAuthentication,
-            MobileDeviceTokenAuthentication,
        ],
    )
    def user_me(self, request: Request) -> Response:
--- a/authentik/stages/authenticator_mobile/api/auth.py
+++ b/authentik/stages/authenticator_mobile/api/auth.py
@ -3,6 +3,7 @@ from typing import Any

 from drf_spectacular.extensions import OpenApiAuthenticationExtension
 from rest_framework.authentication import BaseAuthentication, get_authorization_header
+from rest_framework.exceptions import AuthenticationFailed
 from rest_framework.request import Request

 from authentik.api.authentication import validate_auth
@ -17,7 +18,10 @@ class MobileDeviceTokenAuthentication(BaseAuthentication):
    def authenticate(self, request: Request) -> tuple[User, Any] | None:
        """Token-based authentication using HTTP Bearer authentication"""
        auth = get_authorization_header(request)
-        raw_token = validate_auth(auth)
+        try:
+            raw_token = validate_auth(auth)
+        except AuthenticationFailed:
+            return None
        device_token: MobileDeviceToken = MobileDeviceToken.filter_not_expired(
            token=raw_token
        ).first()