enterprise/providers/rac: create authorize_application event when creating token (#8050)

* events: don't log creation of creation token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enterprise/providers/rac: create authorize_application event when creating token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2024-01-03 14:47:17 +01:00 committed by GitHub
parent d54b410429
commit b93ad8615c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions

View file

@ -10,6 +10,7 @@ from authentik.core.models import Application, AuthenticatedSession
from authentik.core.views.interface import InterfaceView
from authentik.enterprise.policy import EnterprisePolicyAccessView
from authentik.enterprise.providers.rac.models import ConnectionToken, Endpoint, RACProvider
from authentik.events.models import Event, EventAction
from authentik.flows.challenge import RedirectChallenge
from authentik.flows.exceptions import FlowNonApplicableException
from authentik.flows.models import in_memory_stage
@ -43,6 +44,7 @@ class RACStartView(EnterprisePolicyAccessView):
plan.insert_stage(
in_memory_stage(
RACFinalStage,
application=self.application,
endpoint=self.endpoint,
provider=self.provider,
)
@ -90,6 +92,7 @@ class RACFinalStage(RedirectStage):
def get_challenge(self, *args, **kwargs) -> RedirectChallenge:
endpoint: Endpoint = self.executor.current_stage.endpoint
provider: RACProvider = self.executor.current_stage.provider
application: Application = self.executor.current_stage.application
token = ConnectionToken.objects.create(
provider=provider,
endpoint=endpoint,
@ -100,6 +103,12 @@ class RACFinalStage(RedirectStage):
expires=now() + timedelta_from_string(provider.connection_expiry),
expiring=True,
)
Event.new(
EventAction.AUTHORIZE_APPLICATION,
authorized_application=application,
flow=self.executor.plan.flow_pk,
endpoint=endpoint.name,
).from_http(self.request)
setattr(
self.executor.current_stage,
"destination",

View file

@ -20,6 +20,7 @@ from authentik.core.models import (
User,
UserSourceConnection,
)
from authentik.enterprise.providers.rac.models import ConnectionToken
from authentik.events.models import Event, EventAction, Notification
from authentik.events.utils import model_to_dict
from authentik.flows.models import FlowToken, Stage
@ -54,6 +55,7 @@ IGNORED_MODELS = (
SCIMUser,
SCIMGroup,
Reputation,
ConnectionToken,
)