trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

enterprise/providers/rac: create authorize_application event when creating token (#8050) 

* events: don't log creation of creation token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enterprise/providers/rac: create authorize_application event when creating token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2024-01-03 14:47:17 +01:00 committed by GitHub
parent d54b410429
commit b93ad8615c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
authentik/enterprise/providers/rac/views.py
View File

@ -10,6 +10,7 @@ from authentik.core.models import Application, AuthenticatedSession
from authentik.core.views.interface import InterfaceView from authentik.core.views.interface import InterfaceView
from authentik.enterprise.policy import EnterprisePolicyAccessView from authentik.enterprise.policy import EnterprisePolicyAccessView
from authentik.enterprise.providers.rac.models import ConnectionToken, Endpoint, RACProvider from authentik.enterprise.providers.rac.models import ConnectionToken, Endpoint, RACProvider
from authentik.events.models import Event, EventAction
from authentik.flows.challenge import RedirectChallenge from authentik.flows.challenge import RedirectChallenge
from authentik.flows.exceptions import FlowNonApplicableException from authentik.flows.exceptions import FlowNonApplicableException
from authentik.flows.models import in_memory_stage from authentik.flows.models import in_memory_stage
@ -43,6 +44,7 @@ class RACStartView(EnterprisePolicyAccessView):
plan.insert_stage( plan.insert_stage(
in_memory_stage( in_memory_stage(
RACFinalStage, RACFinalStage,
application=self.application,
endpoint=self.endpoint, endpoint=self.endpoint,
provider=self.provider, provider=self.provider,
) )
@ -90,6 +92,7 @@ class RACFinalStage(RedirectStage):
def get_challenge(self, *args, **kwargs) -> RedirectChallenge: def get_challenge(self, *args, **kwargs) -> RedirectChallenge:
endpoint: Endpoint = self.executor.current_stage.endpoint endpoint: Endpoint = self.executor.current_stage.endpoint
provider: RACProvider = self.executor.current_stage.provider provider: RACProvider = self.executor.current_stage.provider
application: Application = self.executor.current_stage.application
token = ConnectionToken.objects.create( token = ConnectionToken.objects.create(
provider=provider, provider=provider,
endpoint=endpoint, endpoint=endpoint,
@ -100,6 +103,12 @@ class RACFinalStage(RedirectStage):
expires=now() + timedelta_from_string(provider.connection_expiry), expires=now() + timedelta_from_string(provider.connection_expiry),
expiring=True, expiring=True,
) )
Event.new(
EventAction.AUTHORIZE_APPLICATION,
authorized_application=application,
flow=self.executor.plan.flow_pk,
endpoint=endpoint.name,
).from_http(self.request)
setattr( setattr(
self.executor.current_stage, self.executor.current_stage,
"destination", "destination",

2
authentik/events/middleware.py
View File

@ -20,6 +20,7 @@ from authentik.core.models import (
User, User,
UserSourceConnection, UserSourceConnection,
) )
from authentik.enterprise.providers.rac.models import ConnectionToken
from authentik.events.models import Event, EventAction, Notification from authentik.events.models import Event, EventAction, Notification
from authentik.events.utils import model_to_dict from authentik.events.utils import model_to_dict
from authentik.flows.models import FlowToken, Stage from authentik.flows.models import FlowToken, Stage
@ -54,6 +55,7 @@ IGNORED_MODELS = (
SCIMUser, SCIMUser,
SCIMGroup, SCIMGroup,
Reputation, Reputation,
ConnectionToken,
) )