From 34189439491e2dc9552a0b48d1ca6e23dac4e376 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Thu, 15 Dec 2022 10:49:51 +0100
Subject: [PATCH] root: allow custom settings via python module

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 .gitignore                                 |  4 +--
 authentik/root/settings.py                 | 37 +++++++++++++---------
 tests/e2e/utils.py                         |  9 ++----
 website/docs/installation/configuration.md |  8 +++++
 4 files changed, 33 insertions(+), 25 deletions(-)

diff --git a/.gitignore b/.gitignore
index e283157b5..02a23f08d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -194,11 +194,9 @@ pip-selfcheck.json
 /static/
 local.env.yml
 
-# Selenium Screenshots
-selenium_screenshots/
-backups/
 media/
 *mmdb
 
 .idea/
 /gen-*/
+data/
diff --git a/authentik/root/settings.py b/authentik/root/settings.py
index d99585d23..04442f53d 100644
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@@ -452,22 +452,29 @@ _DISALLOWED_ITEMS = [
     "AUTHENTICATION_BACKENDS",
     "CELERY_BEAT_SCHEDULE",
 ]
-# Load subapps's INSTALLED_APPS
+
+
+def _update_settings(app_path: str):
+    try:
+        settings_module = importlib.import_module(app_path)
+        CONFIG.log("debug", "Loaded app settings", path=app_path)
+        INSTALLED_APPS.extend(getattr(settings_module, "INSTALLED_APPS", []))
+        MIDDLEWARE.extend(getattr(settings_module, "MIDDLEWARE", []))
+        AUTHENTICATION_BACKENDS.extend(getattr(settings_module, "AUTHENTICATION_BACKENDS", []))
+        CELERY_BEAT_SCHEDULE.update(getattr(settings_module, "CELERY_BEAT_SCHEDULE", {}))
+        for _attr in dir(settings_module):
+            if not _attr.startswith("__") and _attr not in _DISALLOWED_ITEMS:
+                globals()[_attr] = getattr(settings_module, _attr)
+    except ImportError:
+        pass
+
+
+# Load subapps's settings
 for _app in INSTALLED_APPS:
-    if _app.startswith("authentik"):
-        if "apps" in _app:
-            _app = ".".join(_app.split(".")[:-2])
-        try:
-            app_settings = importlib.import_module(f"{_app}.settings")
-            INSTALLED_APPS.extend(getattr(app_settings, "INSTALLED_APPS", []))
-            MIDDLEWARE.extend(getattr(app_settings, "MIDDLEWARE", []))
-            AUTHENTICATION_BACKENDS.extend(getattr(app_settings, "AUTHENTICATION_BACKENDS", []))
-            CELERY_BEAT_SCHEDULE.update(getattr(app_settings, "CELERY_BEAT_SCHEDULE", {}))
-            for _attr in dir(app_settings):
-                if not _attr.startswith("__") and _attr not in _DISALLOWED_ITEMS:
-                    globals()[_attr] = getattr(app_settings, _attr)
-        except ImportError:
-            pass
+    if not _app.startswith("authentik"):
+        continue
+    _update_settings(f"{_app}.settings")
+_update_settings("data.user_settings")
 
 if DEBUG:
     CELERY_TASK_ALWAYS_EAGER = True
diff --git a/tests/e2e/utils.py b/tests/e2e/utils.py
index 8ee66f959..ad1a14f35 100644
--- a/tests/e2e/utils.py
+++ b/tests/e2e/utils.py
@@ -2,8 +2,8 @@
 import json
 import os
 from functools import lru_cache, wraps
-from os import environ, makedirs
-from time import sleep, time
+from os import environ
+from time import sleep
 from typing import Any, Callable, Optional
 
 from django.contrib.staticfiles.testing import StaticLiveServerTestCase
@@ -111,11 +111,6 @@ class SeleniumTestCase(StaticLiveServerTestCase):
         raise ValueError(f"Webdriver failed after {RETRIES}.")
 
     def tearDown(self):
-        if "TF_BUILD" in environ:
-            makedirs("selenium_screenshots/", exist_ok=True)
-            screenshot_file = f"selenium_screenshots/{self.__class__.__name__}_{time()}.png"
-            self.driver.save_screenshot(screenshot_file)
-            self.logger.warning("Saved screenshot", file=screenshot_file)
         self.logger.debug("--------browser logs")
         for line in self.driver.get_log("browser"):
             self.logger.debug(line["message"], source=line["source"], level=line["level"])
diff --git a/website/docs/installation/configuration.md b/website/docs/installation/configuration.md
index 586fbdca5..dc0fe9da4 100644
--- a/website/docs/installation/configuration.md
+++ b/website/docs/installation/configuration.md
@@ -278,3 +278,11 @@ Requires authentik 2022.9
 Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html).
 
 Defaults to 4.
+
+## Custom python settings
+
+To modify additional settings further than the options above allow, you can create a custom python file and mount it to `/data/user_settings.py`. This file will be loaded on startup by both the server and the worker. All default settings are [here](https://github.com/goauthentik/authentik/blob/main/authentik/root/settings.py)
+
+:::warning
+Using these custom settings is not supported and can prevent your authentik instance from starting. Use with caution.
+:::