enterprise/providers/rac: create authorize_application event when creating token (#8050)

* events: don't log creation of creation token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* enterprise/providers/rac: create authorize_application event when creating token

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2024-01-03 14:47:17 +01:00 committed by GitHub
parent d54b410429
commit b93ad8615c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions

View file

@ -10,6 +10,7 @@ from authentik.core.models import Application, AuthenticatedSession
from authentik.core.views.interface import InterfaceView from authentik.core.views.interface import InterfaceView
from authentik.enterprise.policy import EnterprisePolicyAccessView from authentik.enterprise.policy import EnterprisePolicyAccessView
from authentik.enterprise.providers.rac.models import ConnectionToken, Endpoint, RACProvider from authentik.enterprise.providers.rac.models import ConnectionToken, Endpoint, RACProvider
from authentik.events.models import Event, EventAction
from authentik.flows.challenge import RedirectChallenge from authentik.flows.challenge import RedirectChallenge
from authentik.flows.exceptions import FlowNonApplicableException from authentik.flows.exceptions import FlowNonApplicableException
from authentik.flows.models import in_memory_stage from authentik.flows.models import in_memory_stage
@ -43,6 +44,7 @@ class RACStartView(EnterprisePolicyAccessView):
plan.insert_stage( plan.insert_stage(
in_memory_stage( in_memory_stage(
RACFinalStage, RACFinalStage,
application=self.application,
endpoint=self.endpoint, endpoint=self.endpoint,
provider=self.provider, provider=self.provider,
) )
@ -90,6 +92,7 @@ class RACFinalStage(RedirectStage):
def get_challenge(self, *args, **kwargs) -> RedirectChallenge: def get_challenge(self, *args, **kwargs) -> RedirectChallenge:
endpoint: Endpoint = self.executor.current_stage.endpoint endpoint: Endpoint = self.executor.current_stage.endpoint
provider: RACProvider = self.executor.current_stage.provider provider: RACProvider = self.executor.current_stage.provider
application: Application = self.executor.current_stage.application
token = ConnectionToken.objects.create( token = ConnectionToken.objects.create(
provider=provider, provider=provider,
endpoint=endpoint, endpoint=endpoint,
@ -100,6 +103,12 @@ class RACFinalStage(RedirectStage):
expires=now() + timedelta_from_string(provider.connection_expiry), expires=now() + timedelta_from_string(provider.connection_expiry),
expiring=True, expiring=True,
) )
Event.new(
EventAction.AUTHORIZE_APPLICATION,
authorized_application=application,
flow=self.executor.plan.flow_pk,
endpoint=endpoint.name,
).from_http(self.request)
setattr( setattr(
self.executor.current_stage, self.executor.current_stage,
"destination", "destination",

View file

@ -20,6 +20,7 @@ from authentik.core.models import (
User, User,
UserSourceConnection, UserSourceConnection,
) )
from authentik.enterprise.providers.rac.models import ConnectionToken
from authentik.events.models import Event, EventAction, Notification from authentik.events.models import Event, EventAction, Notification
from authentik.events.utils import model_to_dict from authentik.events.utils import model_to_dict
from authentik.flows.models import FlowToken, Stage from authentik.flows.models import FlowToken, Stage
@ -54,6 +55,7 @@ IGNORED_MODELS = (
SCIMUser, SCIMUser,
SCIMGroup, SCIMGroup,
Reputation, Reputation,
ConnectionToken,
) )