diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index 0f911bd30..4f42788c1 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -341,6 +341,7 @@ class UserViewSet(UsedByMixin, ModelViewSet): instance=request._request.session[SESSION_IMPERSONATE_ORIGINAL_USER], context=context, ).data + self.request.session.save() return Response(serializer.initial_data) @permission_required("authentik_core.reset_user_password") diff --git a/authentik/flows/planner.py b/authentik/flows/planner.py index 2f3442914..7fb9e6165 100644 --- a/authentik/flows/planner.py +++ b/authentik/flows/planner.py @@ -117,7 +117,7 @@ class FlowPlanner: self.use_cache = True self.allow_empty_flows = False self.flow = flow - self._logger = get_logger().bind(flow=flow) + self._logger = get_logger().bind(flow_slug=flow.slug) def plan( self, request: HttpRequest, default_context: Optional[dict[str, Any]] = None diff --git a/authentik/flows/stage.py b/authentik/flows/stage.py index 5a4e24bcc..8e33e3503 100644 --- a/authentik/flows/stage.py +++ b/authentik/flows/stage.py @@ -32,7 +32,7 @@ LOGGER = get_logger() class StageView(View): - """Abstract Stage, inherits TemplateView but can be combined with FormView""" + """Abstract Stage""" executor: "FlowExecutorView" diff --git a/authentik/flows/views/executor.py b/authentik/flows/views/executor.py index b6763ab39..f5881b5fc 100644 --- a/authentik/flows/views/executor.py +++ b/authentik/flows/views/executor.py @@ -421,6 +421,7 @@ class FlowExecutorView(APIView): # It's only deleted on a fresh executions # SESSION_KEY_HISTORY, ] + self._logger.debug("f(exec): cleaning up") for key in keys_to_delete: if key in self.request.session: del self.request.session[key] diff --git a/authentik/root/settings.py b/authentik/root/settings.py index 737edd8db..eb8d0d577 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -216,14 +216,13 @@ CACHES = { DJANGO_REDIS_SCAN_ITERSIZE = 1000 DJANGO_REDIS_IGNORE_EXCEPTIONS = True DJANGO_REDIS_LOG_IGNORED_EXCEPTIONS = True -SESSION_ENGINE = "django.contrib.sessions.backends.cached_db" +SESSION_ENGINE = "django.contrib.sessions.backends.cache" SESSION_SERIALIZER = "django.contrib.sessions.serializers.PickleSerializer" SESSION_CACHE_ALIAS = "default" # Configured via custom SessionMiddleware # SESSION_COOKIE_SAMESITE = "None" # SESSION_COOKIE_SECURE = True SESSION_EXPIRE_AT_BROWSER_CLOSE = True -SESSION_SAVE_EVERY_REQUEST = True MESSAGE_STORAGE = "authentik.root.messages.storage.ChannelsStorage" diff --git a/authentik/stages/prompt/stage.py b/authentik/stages/prompt/stage.py index d1968633e..665aec8bd 100644 --- a/authentik/stages/prompt/stage.py +++ b/authentik/stages/prompt/stage.py @@ -119,6 +119,7 @@ class PromptChallengeResponse(ChallengeResponse): engine = ListPolicyEngine(self.stage.validation_policies.all(), user, self.request) engine.mode = PolicyEngineMode.MODE_ALL engine.request.context[PLAN_CONTEXT_PROMPT] = attrs + engine.use_cache = False engine.build() result = engine.result if not result.passing: diff --git a/website/docs/releases/v2022.6.md b/website/docs/releases/v2022.6.md index 44b4d60ee..11120ce67 100644 --- a/website/docs/releases/v2022.6.md +++ b/website/docs/releases/v2022.6.md @@ -15,10 +15,6 @@ slug: "2022.6" Instead of creating a Notification with each transport, there is now a new Transport mode called "Local", which locally creates the Notifications. This also adds the ability to customize the notification using a mapping. -- Database-based sessions - - Sessions have been migrated from the database, where as they previously were stored in the cache. This has a slight performance hit, however fixes random issues cause by non-atomic session changes. - - MFA Validation threshold has been migrated to signed cookies Last MFA validation is now saved in a signed cookie, which changes the behavior so that only the current browser is affected by MFA validation, and an attacker cannot exploit the fact that a user has recently authenticated with MFA.