providers/oauth2: include application in login event
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
555525ea9d
commit
f4f9f525d7
2
Makefile
2
Makefile
|
@ -63,7 +63,7 @@ gen-web:
|
||||||
--additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=@goauthentik/api,npmVersion=${NPM_VERSION}
|
--additional-properties=typescriptThreePlus=true,supportsES6=true,npmName=@goauthentik/api,npmVersion=${NPM_VERSION}
|
||||||
mkdir -p web/node_modules/@goauthentik/api
|
mkdir -p web/node_modules/@goauthentik/api
|
||||||
\cp -fv scripts/web_api_readme.md web-api/README.md
|
\cp -fv scripts/web_api_readme.md web-api/README.md
|
||||||
cd web-api && npm ci
|
cd web-api && npm i
|
||||||
\cp -rfv web-api/* web/node_modules/@goauthentik/api
|
\cp -rfv web-api/* web/node_modules/@goauthentik/api
|
||||||
|
|
||||||
gen-outpost:
|
gen-outpost:
|
||||||
|
|
|
@ -241,6 +241,11 @@ class TokenParams:
|
||||||
if not token or token.user.uid != user.uid:
|
if not token or token.user.uid != user.uid:
|
||||||
raise TokenError("invalid_grant")
|
raise TokenError("invalid_grant")
|
||||||
self.user = user
|
self.user = user
|
||||||
|
# Authorize user access
|
||||||
|
app = Application.objects.filter(provider=self.provider).first()
|
||||||
|
if not app or not app.provider:
|
||||||
|
raise TokenError("invalid_grant")
|
||||||
|
self.__check_policy_access(app, request)
|
||||||
|
|
||||||
Event.new(
|
Event.new(
|
||||||
action=EventAction.LOGIN,
|
action=EventAction.LOGIN,
|
||||||
|
@ -248,13 +253,8 @@ class TokenParams:
|
||||||
PLAN_CONTEXT_METHOD_ARGS={
|
PLAN_CONTEXT_METHOD_ARGS={
|
||||||
"identifier": token.identifier,
|
"identifier": token.identifier,
|
||||||
},
|
},
|
||||||
|
PLAN_CONTEXT_APPLICATION=app,
|
||||||
).from_http(request, user=user)
|
).from_http(request, user=user)
|
||||||
|
|
||||||
# Authorize user access
|
|
||||||
app = Application.objects.filter(provider=self.provider).first()
|
|
||||||
if not app or not app.provider:
|
|
||||||
raise TokenError("invalid_grant")
|
|
||||||
self.__check_policy_access(app, request)
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def __post_init_client_credentials_jwt(self, request: HttpRequest):
|
def __post_init_client_credentials_jwt(self, request: HttpRequest):
|
||||||
|
@ -320,6 +320,7 @@ class TokenParams:
|
||||||
PLAN_CONTEXT_METHOD_ARGS={
|
PLAN_CONTEXT_METHOD_ARGS={
|
||||||
"jwt": token,
|
"jwt": token,
|
||||||
},
|
},
|
||||||
|
PLAN_CONTEXT_APPLICATION=app,
|
||||||
).from_http(request, user=self.user)
|
).from_http(request, user=self.user)
|
||||||
|
|
||||||
|
|
||||||
|
|
Reference in a new issue