core: handle FlowNonApplicableException correctly in source flow_manager

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-03 22:00:39 +02:00 · 2022-07-03 22:00:39 +02:00 · 4cd629b5fc
parent 6020736430
commit 4cd629b5fc
3 changed files with 19 additions and 10 deletions
--- a/authentik/core/sources/flow_manager.py
+++ b/authentik/core/sources/flow_manager.py
@ -26,7 +26,6 @@ from authentik.flows.planner import (
 from authentik.flows.views.executor import NEXT_ARG_NAME, SESSION_KEY_GET, SESSION_KEY_PLAN
 from authentik.lib.utils.urls import redirect_with_qs
 from authentik.policies.denied import AccessDeniedResponse
-from authentik.policies.types import PolicyResult
 from authentik.policies.utils import delete_none_keys
 from authentik.stages.password import BACKEND_INBUILT
 from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND
@ -165,8 +164,8 @@ class SourceFlowManager:
                    self._logger.debug("Handling enrollment of new user")
                    return self.handle_enroll(connection)
        except FlowNonApplicableException as exc:
-            self._logger.warning("Flow non applicable", exc=exc, result=exc.policy_result)
-            return self.error_handler(exc, exc.policy_result)
+            self._logger.warning("Flow non applicable", exc=exc)
+            return self.error_handler(exc)
        # Default case, assume deny
        error = (
            _(
@ -179,14 +178,13 @@ class SourceFlowManager:
        )
        return self.error_handler(error)

-    def error_handler(
-        self, error: Exception, policy_result: Optional[PolicyResult] = None
-    ) -> HttpResponse:
+    def error_handler(self, error: Exception) -> HttpResponse:
        """Handle any errors by returning an access denied stage"""
        response = AccessDeniedResponse(self.request)
        response.error_message = str(error)
-        if policy_result:
-            response.policy_result = policy_result
+        if isinstance(error, FlowNonApplicableException):
+            response.policy_result = error.policy_result
+            response.error_message = error.messages
        return response

    # pylint: disable=unused-argument
--- a/authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py
+++ b/authentik/providers/oauth2/migrations/0012_remove_oauth2provider_verification_keys.py
@ -1,6 +1,6 @@
 # Generated by Django 4.0.5 on 2022-06-04 21:26

-from django.db import migrations
+from django.db import migrations, models


 class Migration(migrations.Migration):
@ -14,4 +14,15 @@ class Migration(migrations.Migration):
            model_name="oauth2provider",
            name="verification_keys",
        ),
+        migrations.AlterField(
+            model_name="oauth2provider",
+            name="client_type",
+            field=models.CharField(
+                choices=[("confidential", "Confidential"), ("public", "Public")],
+                default="confidential",
+                help_text="Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable",
+                max_length=30,
+                verbose_name="Client Type",
+            ),
+        ),
    ]
--- a/website/docs/releases/v2022.7.md
+++ b/website/docs/releases/v2022.7.md
@ -74,7 +74,7 @@ slug: "2022.7"
 -   web/elements: auto-switch themes for codemirror
 -   web/flows: add divider to identification stage for security key
 -   web/flows: fix error when webauthn operations failed and user retries
-   web/flows: remove autofocus from password field of identifications tage
+-   web/flows: remove autofocus from password field of identifications stage
 -   web/flows: statically import webauthn-related stages for safari issues

 ## Upgrading