stages/authenticator_duo: fix bad request being sent to duo when calling enrollment_status outside a flow

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#2666
This commit is contained in:
Jens Langhammer 2022-04-11 21:02:32 +02:00
parent 957bb1c5ef
commit 9da439623b
1 changed files with 12 additions and 8 deletions

View File

@ -68,6 +68,8 @@ class AuthenticatorDuoStageViewSet(UsedByMixin, ModelViewSet):
client = stage.client client = stage.client
user_id = self.request.session.get(SESSION_KEY_DUO_USER_ID) user_id = self.request.session.get(SESSION_KEY_DUO_USER_ID)
activation_code = self.request.session.get(SESSION_KEY_DUO_ACTIVATION_CODE) activation_code = self.request.session.get(SESSION_KEY_DUO_ACTIVATION_CODE)
if not user_id or not activation_code:
return Response(status=420)
status = client.enroll_status(user_id, activation_code) status = client.enroll_status(user_id, activation_code)
if status == "success": if status == "success":
return Response(status=204) return Response(status=204)
@ -95,18 +97,20 @@ class AuthenticatorDuoStageViewSet(UsedByMixin, ModelViewSet):
def import_devices(self, request: Request, pk: str) -> Response: def import_devices(self, request: Request, pk: str) -> Response:
"""Import duo devices into authentik""" """Import duo devices into authentik"""
stage: AuthenticatorDuoStage = self.get_object() stage: AuthenticatorDuoStage = self.get_object()
users = get_objects_for_user(request.user, "authentik_core.view_user").filter( user = (
username=request.query_params.get("username", "") get_objects_for_user(request.user, "authentik_core.view_user")
.filter(username=request.query_params.get("username", ""))
.first()
) )
if not users.exists(): if not user:
return Response(data={"non_field_errors": ["user does not exist"]}, status=400) return Response(data={"non_field_errors": ["user does not exist"]}, status=400)
devices = DuoDevice.objects.filter( device = DuoDevice.objects.filter(
duo_user_id=request.query_params.get("duo_user_id"), user=users.first(), stage=stage duo_user_id=request.query_params.get("duo_user_id"), user=user, stage=stage
) ).first()
if devices.exists(): if device:
return Response(data={"non_field_errors": ["device exists already"]}, status=400) return Response(data={"non_field_errors": ["device exists already"]}, status=400)
DuoDevice.objects.create( DuoDevice.objects.create(
duo_user_id=request.query_params.get("duo_user_id"), user=users.first(), stage=stage duo_user_id=request.query_params.get("duo_user_id"), user=user, stage=stage
) )
return Response(status=204) return Response(status=204)