From 763c3fcfe0a9e022a3f0e86405bfd5c3c808cbad Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 24 May 2021 15:58:59 +0200
Subject: [PATCH] outposts/ldap: fix client usage

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 Makefile                            |  2 +-
 authentik/events/monitored_tasks.py |  5 ++++-
 authentik/flows/views.py            |  2 +-
 outpost/pkg/ldap/instance_bind.go   | 22 ++++++----------------
 4 files changed, 12 insertions(+), 19 deletions(-)

diff --git a/Makefile b/Makefile
index 8a060c8bd..1bc336bf8 100644
--- a/Makefile
+++ b/Makefile
@@ -56,7 +56,7 @@ gen-outpost:
 		-i /local/schema.yml \
 		-g go \
 		-o /local/outpost/api \
-		--additional-properties=packageName=api,enumClassPrefix=true
+		--additional-properties=packageName=api,enumClassPrefix=true,useOneOfDiscriminatorLookup=true
 	rm -f outpost/api/go.mod outpost/api/go.sum
 
 gen: gen-build gen-clean gen-web gen-outpost
diff --git a/authentik/events/monitored_tasks.py b/authentik/events/monitored_tasks.py
index d3a269aed..30da8bf44 100644
--- a/authentik/events/monitored_tasks.py
+++ b/authentik/events/monitored_tasks.py
@@ -88,7 +88,10 @@ class TaskInfo:
         start = default_timer()
         if hasattr(self, "start_timestamp"):
             start = self.start_timestamp
-        duration = max(self.finish_timestamp - start, 0)
+        try:
+            duration = max(self.finish_timestamp - start, 0)
+        except TypeError:
+            duration = 0
         GAUGE_TASKS.labels(
             task_name=self.task_name,
             task_uid=self.result.uid or "",
diff --git a/authentik/flows/views.py b/authentik/flows/views.py
index ee6143bb3..9d7f50ec1 100644
--- a/authentik/flows/views.py
+++ b/authentik/flows/views.py
@@ -277,7 +277,7 @@ class FlowExecutorView(APIView):
         if self.plan.stages:
             self._logger.debug(
                 "f(exec): Continuing with next stage",
-                reamining=len(self.plan.stages),
+                remaining=len(self.plan.stages),
             )
             kwargs = self.kwargs
             kwargs.update({"flow_slug": self.flow.slug})
diff --git a/outpost/pkg/ldap/instance_bind.go b/outpost/pkg/ldap/instance_bind.go
index 649e39a7f..c587b948c 100644
--- a/outpost/pkg/ldap/instance_bind.go
+++ b/outpost/pkg/ldap/instance_bind.go
@@ -152,17 +152,9 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
 	responseReq := client.FlowsApi.FlowsExecutorSolve(context.Background(), pi.flowSlug).Query(urlParams)
 	switch ch.GetComponent() {
 	case "ak-stage-identification":
-		responseReq.ChallengeResponseRequest(api.ChallengeResponseRequest{
-			IdentificationChallengeResponseRequest: &api.IdentificationChallengeResponseRequest{
-				UidField: bindDN,
-			},
-		})
+		responseReq = responseReq.ChallengeResponseRequest(api.IdentificationChallengeResponseRequestAsChallengeResponseRequest(api.NewIdentificationChallengeResponseRequest(bindDN)))
 	case "ak-stage-password":
-		responseReq.ChallengeResponseRequest(api.ChallengeResponseRequest{
-			PasswordChallengeResponseRequest: &api.PasswordChallengeResponseRequest{
-				Password: password,
-			},
-		})
+		responseReq = responseReq.ChallengeResponseRequest(api.PasswordChallengeResponseRequestAsChallengeResponseRequest(api.NewPasswordChallengeResponseRequest(password)))
 	case "ak-stage-authenticator-validate":
 		// We only support duo as authenticator, check if that's allowed
 		var deviceChallenge *api.DeviceChallenge
@@ -179,11 +171,9 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
 			return false, errors.New("failed to convert duo device id to int")
 		}
 		devId32 := int32(devId)
-		responseReq.ChallengeResponseRequest(api.ChallengeResponseRequest{
-			AuthenticatorValidationChallengeResponseRequest: &api.AuthenticatorValidationChallengeResponseRequest{
-				Duo: &devId32,
-			},
-		})
+		inner := api.NewAuthenticatorValidationChallengeResponseRequest()
+		inner.Duo = &devId32
+		responseReq = responseReq.ChallengeResponseRequest(api.AuthenticatorValidationChallengeResponseRequestAsChallengeResponseRequest(inner))
 	case "ak-stage-access-denied":
 		return false, errors.New("got ak-stage-access-denied")
 	default:
@@ -206,7 +196,7 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
 	if len(ch.GetResponseErrors()) > 0 {
 		for key, errs := range ch.GetResponseErrors() {
 			for _, err := range errs {
-				pi.log.WithField("key", key).WithField("code", err.Code).Debug(err.String)
+				pi.log.WithField("key", key).WithField("code", err.Code).WithField("msg", err.String).Warning("Flow error")
 				return false, nil
 			}
 		}