trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

core: fix view_token permission not being assigned on token creation for non-admin user 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-31 20:00:30 +01:00
parent a6baed9753
commit a5adc4f8ed
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
authentik/core/api/tokens.py
View File

@ -3,7 +3,7 @@ from typing import Any
from django_filters.rest_framework import DjangoFilterBackend from django_filters.rest_framework import DjangoFilterBackend
from drf_spectacular.utils import OpenApiResponse, extend_schema from drf_spectacular.utils import OpenApiResponse, extend_schema
from guardian.shortcuts import get_anonymous_user from guardian.shortcuts import assign_perm, get_anonymous_user
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField from rest_framework.fields import CharField
@ -95,10 +95,12 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
def perform_create(self, serializer: TokenSerializer): def perform_create(self, serializer: TokenSerializer):
if not self.request.user.is_superuser: if not self.request.user.is_superuser:
return serializer.save( instance = serializer.save(
user=self.request.user, user=self.request.user,
expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True), expiring=self.request.user.attributes.get(USER_ATTRIBUTE_TOKEN_EXPIRING, True),
) )
assign_perm("authentik_core.view_token_key", self.request.user, instance)
return instance
return super().perform_create(serializer) return super().perform_create(serializer)
@permission_required("authentik_core.view_token_key") @permission_required("authentik_core.view_token_key")

1
authentik/core/tests/test_token_api.py
View File

@ -30,6 +30,7 @@ class TestTokenAPI(APITestCase):
self.assertEqual(token.user, self.user) self.assertEqual(token.user, self.user)
self.assertEqual(token.intent, TokenIntents.INTENT_API) self.assertEqual(token.intent, TokenIntents.INTENT_API)
self.assertEqual(token.expiring, True) self.assertEqual(token.expiring, True)
self.assertTrue(self.user.has_perm("authentik_core.view_token_key", token))
def test_token_create_invalid(self): def test_token_create_invalid(self):
"""Test token creation endpoint (invalid data)""" """Test token creation endpoint (invalid data)"""