trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/oidc: fix error when using with app_gw

This commit is contained in:
Jens Langhammer 2020-01-02 16:38:01 +01:00
parent d24133d8a2
commit edeed18ae8
2 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
passbook/lib/views.py
View File

@ -20,6 +20,5 @@ class CreateAssignPermView(CreateView):
self.object._meta.app_label, self.object._meta.app_label,
self.object._meta.model_name, self.object._meta.model_name,
) )
print(full_permission)
assign_perm(full_permission, self.request.user, self.object) assign_perm(full_permission, self.request.user, self.object)
return response return response

23
passbook/providers/oidc/lib.py
View File

@ -1,21 +1,38 @@
"""OIDC Permission checking""" """OIDC Permission checking"""
from typing import Optional
from django.contrib import messages from django.contrib import messages
from django.http import HttpRequest, HttpResponse
from django.shortcuts import redirect from django.shortcuts import redirect
from oidc_provider.models import Client
from structlog import get_logger from structlog import get_logger
from django.db.models.deletion import Collector
from passbook.audit.models import Event, EventAction from passbook.audit.models import Event, EventAction
from passbook.core.models import Application from passbook.core.models import Application, User, Provider
from passbook.policies.engine import PolicyEngine from passbook.policies.engine import PolicyEngine
LOGGER = get_logger() LOGGER = get_logger()
def check_permissions(request, user, client): def check_permissions(
request: HttpRequest, user: User, client: Client
) -> Optional[HttpResponse]:
"""Check permissions, used for """Check permissions, used for
https://django-oidc-provider.readthedocs.io/en/latest/ https://django-oidc-provider.readthedocs.io/en/latest/
sections/settings.html#oidc-after-userlogin-hook""" sections/settings.html#oidc-after-userlogin-hook"""
try: try:
application = client.openidprovider.application # because oidc_provider is also used by app_gw, we can't be
# sure an OpenIDPRovider instance exists. hence we look through all related models
# and choose the one that inherits from Provider, which is guaranteed to
# have the application property
collector = Collector(using="default")
collector.collect([client])
for _, related in collector.data.items():
related_object = next(iter(related))
if isinstance(related_object, Provider):
application = related.application
break
except Application.DoesNotExist: except Application.DoesNotExist:
return redirect("passbook_providers_oauth:oauth2-permission-denied") return redirect("passbook_providers_oauth:oauth2-permission-denied")
LOGGER.debug( LOGGER.debug(