providers/oauth2: include application in login event

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-04-14 22:36:15 +02:00 · 2022-04-14 22:36:15 +02:00 · f4f9f525d7
parent 555525ea9d
commit f4f9f525d7
2 changed files with 8 additions and 7 deletions
--- a/2
+++ b/2
@ -63,7 +63,7 @@ gen-web:
 		--additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=@goauthentik/api,npmVersion=${NPM_VERSION}
 	mkdir -p web/node_modules/@goauthentik/api
 	\cp -fv scripts/web_api_readme.md web-api/README.md
-	cd web-api && npm ci
+	cd web-api && npm i
 	\cp -rfv web-api/* web/node_modules/@goauthentik/api

 gen-outpost:
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@ -241,6 +241,11 @@ class TokenParams:
        if not token or token.user.uid != user.uid:
            raise TokenError("invalid_grant")
        self.user = user
+        # Authorize user access
+        app = Application.objects.filter(provider=self.provider).first()
+        if not app or not app.provider:
+            raise TokenError("invalid_grant")
+        self.__check_policy_access(app, request)

        Event.new(
            action=EventAction.LOGIN,
@ -248,13 +253,8 @@ class TokenParams:
            PLAN_CONTEXT_METHOD_ARGS={
                "identifier": token.identifier,
            },
+            PLAN_CONTEXT_APPLICATION=app,
        ).from_http(request, user=user)
-
-        # Authorize user access
-        app = Application.objects.filter(provider=self.provider).first()
-        if not app or not app.provider:
-            raise TokenError("invalid_grant")
-        self.__check_policy_access(app, request)
        return None

    def __post_init_client_credentials_jwt(self, request: HttpRequest):
@ -320,6 +320,7 @@ class TokenParams:
            PLAN_CONTEXT_METHOD_ARGS={
                "jwt": token,
            },
+            PLAN_CONTEXT_APPLICATION=app,
        ).from_http(request, user=self.user)