outposts/ldap: fix client usage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-24 15:58:59 +02:00 · 2021-05-24 15:58:59 +02:00 · 763c3fcfe0
parent 1b346866da
commit 763c3fcfe0
4 changed files with 12 additions and 19 deletions
--- a/2
+++ b/2
@ -56,7 +56,7 @@ gen-outpost:
 		-i /local/schema.yml \
 		-g go \
 		-o /local/outpost/api \
-		--additional-properties=packageName=api,enumClassPrefix=true
+		--additional-properties=packageName=api,enumClassPrefix=true,useOneOfDiscriminatorLookup=true
 	rm -f outpost/api/go.mod outpost/api/go.sum

 gen: gen-build gen-clean gen-web gen-outpost
--- a/authentik/events/monitored_tasks.py
+++ b/authentik/events/monitored_tasks.py
@ -88,7 +88,10 @@ class TaskInfo:
        start = default_timer()
        if hasattr(self, "start_timestamp"):
            start = self.start_timestamp
-        duration = max(self.finish_timestamp - start, 0)
+        try:
+            duration = max(self.finish_timestamp - start, 0)
+        except TypeError:
+            duration = 0
        GAUGE_TASKS.labels(
            task_name=self.task_name,
            task_uid=self.result.uid or "",
--- a/authentik/flows/views.py
+++ b/authentik/flows/views.py
@ -277,7 +277,7 @@ class FlowExecutorView(APIView):
        if self.plan.stages:
            self._logger.debug(
                "f(exec): Continuing with next stage",
-                reamining=len(self.plan.stages),
+                remaining=len(self.plan.stages),
            )
            kwargs = self.kwargs
            kwargs.update({"flow_slug": self.flow.slug})
--- a/outpost/pkg/ldap/instance_bind.go
+++ b/outpost/pkg/ldap/instance_bind.go
@ -152,17 +152,9 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
 	responseReq := client.FlowsApi.FlowsExecutorSolve(context.Background(), pi.flowSlug).Query(urlParams)
 	switch ch.GetComponent() {
 	case "ak-stage-identification":
-		responseReq.ChallengeResponseRequest(api.ChallengeResponseRequest{
-			IdentificationChallengeResponseRequest: &api.IdentificationChallengeResponseRequest{
-				UidField: bindDN,
-			},
-		})
+		responseReq = responseReq.ChallengeResponseRequest(api.IdentificationChallengeResponseRequestAsChallengeResponseRequest(api.NewIdentificationChallengeResponseRequest(bindDN)))
 	case "ak-stage-password":
-		responseReq.ChallengeResponseRequest(api.ChallengeResponseRequest{
-			PasswordChallengeResponseRequest: &api.PasswordChallengeResponseRequest{
-				Password: password,
-			},
-		})
+		responseReq = responseReq.ChallengeResponseRequest(api.PasswordChallengeResponseRequestAsChallengeResponseRequest(api.NewPasswordChallengeResponseRequest(password)))
 	case "ak-stage-authenticator-validate":
 		// We only support duo as authenticator, check if that's allowed
 		var deviceChallenge *api.DeviceChallenge
@ -179,11 +171,9 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
 			return false, errors.New("failed to convert duo device id to int")
 		}
 		devId32 := int32(devId)
-		responseReq.ChallengeResponseRequest(api.ChallengeResponseRequest{
-			AuthenticatorValidationChallengeResponseRequest: &api.AuthenticatorValidationChallengeResponseRequest{
-				Duo: &devId32,
-			},
-		})
+		inner := api.NewAuthenticatorValidationChallengeResponseRequest()
+		inner.Duo = &devId32
+		responseReq = responseReq.ChallengeResponseRequest(api.AuthenticatorValidationChallengeResponseRequestAsChallengeResponseRequest(inner))
 	case "ak-stage-access-denied":
 		return false, errors.New("got ak-stage-access-denied")
 	default:
@ -206,7 +196,7 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
 	if len(ch.GetResponseErrors()) > 0 {
 		for key, errs := range ch.GetResponseErrors() {
 			for _, err := range errs {
-				pi.log.WithField("key", key).WithField("code", err.Code).Debug(err.String)
+				pi.log.WithField("key", key).WithField("code", err.Code).WithField("msg", err.String).Warning("Flow error")
 				return false, nil
 			}
 		}