outposts: ensure outpost SAs always have permissions to fake IP

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-22 10:02:20 +02:00 · 2021-07-22 10:02:20 +02:00 · 7370dd5f3f
parent 477c8b099e
commit 7370dd5f3f
1 changed files with 3 additions and 2 deletions
--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@ -344,12 +344,13 @@ class Outpost(ManagedModel):
        users = User.objects.filter(username=self.user_identifier)
        if not users.exists():
            user: User = User.objects.create(username=self.user_identifier)
-            user.attributes[USER_ATTRIBUTE_SA] = True
-            user.attributes[USER_ATTRIBUTE_CAN_OVERRIDE_IP] = True
            user.set_unusable_password()
            user.save()
        else:
            user = users.first()
+        user.attributes[USER_ATTRIBUTE_SA] = True
+        user.attributes[USER_ATTRIBUTE_CAN_OVERRIDE_IP] = True
+        user.save()
        # To ensure the user only has the correct permissions, we delete all of them and re-add
        # the ones the user needs
        with transaction.atomic():