From 02e852b192d174ab54277e977c4f3d9381283ba2 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Tue, 6 Aug 2024 15:16:45 +0200 Subject: [PATCH] blueprints: handle model referencing non-existent app/model (#10796) Signed-off-by: Jens Langhammer --- authentik/blueprints/v1/common.py | 5 ++++- authentik/blueprints/v1/importer.py | 12 ++++++------ authentik/providers/radius/models.py | 1 + 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/authentik/blueprints/v1/common.py b/authentik/blueprints/v1/common.py index 713bc32f35b5..424b085da256 100644 --- a/authentik/blueprints/v1/common.py +++ b/authentik/blueprints/v1/common.py @@ -328,7 +328,10 @@ def resolve(self, entry: BlueprintEntry, blueprint: Blueprint) -> Any: else: model_name = self.model_name - model_class = apps.get_model(*model_name.split(".")) + try: + model_class = apps.get_model(*model_name.split(".")) + except LookupError as exc: + raise EntryInvalidError.from_entry(exc, entry) from exc query = Q() for cond in self.conditions: diff --git a/authentik/blueprints/v1/importer.py b/authentik/blueprints/v1/importer.py index 79e8a288e899..a2377e630f3f 100644 --- a/authentik/blueprints/v1/importer.py +++ b/authentik/blueprints/v1/importer.py @@ -231,14 +231,17 @@ def __query_from_identifier(self, attrs: dict[str, Any]) -> Q: return main_query | sub_query - def _validate_single(self, entry: BlueprintEntry) -> BaseSerializer | None: + def _validate_single(self, entry: BlueprintEntry) -> BaseSerializer | None: # noqa: PLR0915 """Validate a single entry""" if not entry.check_all_conditions_match(self._import): self.logger.debug("One or more conditions of this entry are not fulfilled, skipping") return None model_app_label, model_name = entry.get_model(self._import).split(".") - model: type[SerializerModel] = registry.get_model(model_app_label, model_name) + try: + model: type[SerializerModel] = registry.get_model(model_app_label, model_name) + except LookupError as exc: + raise EntryInvalidError.from_entry(exc, entry) from exc # Don't use isinstance since we don't want to check for inheritance if not is_model_allowed(model): raise EntryInvalidError.from_entry(f"Model {model} not allowed", entry) @@ -313,10 +316,7 @@ def _validate_single(self, entry: BlueprintEntry) -> BaseSerializer | None: try: full_data = self.__update_pks_for_attrs(entry.get_attrs(self._import)) except ValueError as exc: - raise EntryInvalidError.from_entry( - exc, - entry, - ) from exc + raise EntryInvalidError.from_entry(exc, entry) from exc always_merger.merge(full_data, updated_identifiers) serializer_kwargs["data"] = full_data diff --git a/authentik/providers/radius/models.py b/authentik/providers/radius/models.py index 1efa1213ebb1..48c608f45e3a 100644 --- a/authentik/providers/radius/models.py +++ b/authentik/providers/radius/models.py @@ -66,6 +66,7 @@ class Meta: class RadiusProviderPropertyMapping(PropertyMapping): + """Add additional attributes to Radius authentication responses.""" @property def component(self) -> str: