Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

events: fix missing model_* events when not directly authenticated (cherry-pick #7588) #7597

Merged
merged 1 commit into from
Nov 16, 2023
Merged

events: fix missing model_* events when not directly authenticated (cherry-pick #7588) #7597

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 16 additions & 7 deletions authentik/events/middleware.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,21 +93,30 @@ class AuditMiddleware:
of models"""

get_response: Callable[[HttpRequest], HttpResponse]
anonymous_user: User = None

def __init__(self, get_response: Callable[[HttpRequest], HttpResponse]):
self.get_response = get_response

def _ensure_fallback_user(self):
"""Defer fetching anonymous user until we have to"""
if self.anonymous_user:
return
from guardian.shortcuts import get_anonymous_user

self.anonymous_user = get_anonymous_user()

def connect(self, request: HttpRequest):
"""Connect signal for automatic logging"""
if not hasattr(request, "user"):
return
if not getattr(request.user, "is_authenticated", False):
return
self._ensure_fallback_user()
user = getattr(request, "user", self.anonymous_user)
if not user.is_authenticated:
user = self.anonymous_user
if not hasattr(request, "request_id"):
return
post_save_handler = partial(self.post_save_handler, user=request.user, request=request)
pre_delete_handler = partial(self.pre_delete_handler, user=request.user, request=request)
m2m_changed_handler = partial(self.m2m_changed_handler, user=request.user, request=request)
post_save_handler = partial(self.post_save_handler, user=user, request=request)
pre_delete_handler = partial(self.pre_delete_handler, user=user, request=request)
m2m_changed_handler = partial(self.m2m_changed_handler, user=user, request=request)
post_save.connect(
post_save_handler,
dispatch_uid=request.request_id,
Expand Down
31 changes: 27 additions & 4 deletions authentik/stages/user_write/tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from authentik.core.models import USER_ATTRIBUTE_SOURCES, Group, Source, User, UserSourceConnection
from authentik.core.sources.stage import PLAN_CONTEXT_SOURCES_CONNECTION
from authentik.core.tests.utils import create_test_admin_user, create_test_flow
from authentik.events.models import Event, EventAction

Check warning on line 9 in authentik/stages/user_write/tests.py

View check run for this annotation

Codecov / codecov/patch

authentik/stages/user_write/tests.py#L9 

Added line #L9 was not covered by tests
from authentik.flows.markers import StageMarker
from authentik.flows.models import FlowStageBinding
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
Expand Down Expand Up @@ -58,11 +59,33 @@
self.assertStageRedirects(response, reverse("authentik_core:root-redirect"))
user_qs = User.objects.filter(username=plan.context[PLAN_CONTEXT_PROMPT]["username"])
self.assertTrue(user_qs.exists())
self.assertTrue(user_qs.first().check_password(password))
self.assertEqual(
list(user_qs.first().ak_groups.order_by("name")), [self.other_group, self.group]
user = user_qs.first()
self.assertTrue(user.check_password(password))
self.assertEqual(list(user.ak_groups.order_by("name")), [self.other_group, self.group])
self.assertEqual(user.attributes, {USER_ATTRIBUTE_SOURCES: [self.source.name]})

Check warning on line 65 in authentik/stages/user_write/tests.py

View check run for this annotation

Codecov / codecov/patch

authentik/stages/user_write/tests.py#L62-L65 

Added lines #L62 - L65 were not covered by tests

self.assertTrue(

Check warning on line 67 in authentik/stages/user_write/tests.py

View check run for this annotation

Codecov / codecov/patch

authentik/stages/user_write/tests.py#L67 

Added line #L67 was not covered by tests
Event.objects.filter(
action=EventAction.MODEL_CREATED,
context__model={
"app": "authentik_core",
"model_name": "user",
"pk": user.pk,
"name": "name",
},
)
)
self.assertTrue(

Check warning on line 78 in authentik/stages/user_write/tests.py

View check run for this annotation

Codecov / codecov/patch

authentik/stages/user_write/tests.py#L78 

Added line #L78 was not covered by tests
Event.objects.filter(
action=EventAction.MODEL_UPDATED,
context__model={
"app": "authentik_core",
"model_name": "user",
"pk": user.pk,
"name": "name",
},
)
)
self.assertEqual(user_qs.first().attributes, {USER_ATTRIBUTE_SOURCES: [self.source.name]})

def test_user_update(self):
"""Test update of existing user"""
Expand Down
Loading