diff --git a/authentik/core/sources/flow_manager.py b/authentik/core/sources/flow_manager.py index 317e3062c6d..0339fee2f6c 100644 --- a/authentik/core/sources/flow_manager.py +++ b/authentik/core/sources/flow_manager.py @@ -28,7 +28,7 @@ from authentik.lib.utils.urls import redirect_with_qs from authentik.lib.views import bad_request_message from authentik.policies.denied import AccessDeniedResponse -from authentik.policies.utils import delete_none_keys +from authentik.policies.utils import delete_none_values from authentik.stages.password import BACKEND_INBUILT from authentik.stages.password.stage import PLAN_CONTEXT_AUTHENTICATION_BACKEND from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT @@ -329,7 +329,7 @@ def handle_enroll( ) ], **{ - PLAN_CONTEXT_PROMPT: delete_none_keys(self.enroll_info), + PLAN_CONTEXT_PROMPT: delete_none_values(self.enroll_info), PLAN_CONTEXT_USER_PATH: self.source.get_user_path(), }, ) diff --git a/authentik/policies/utils.py b/authentik/policies/utils.py index c9a1f56d69e..8ac49024e17 100644 --- a/authentik/policies/utils.py +++ b/authentik/policies/utils.py @@ -2,7 +2,7 @@ from typing import Any -def delete_none_keys(dict_: dict[Any, Any]) -> dict[Any, Any]: +def delete_none_values(dict_: dict[Any, Any]) -> dict[Any, Any]: """Remove any keys from `dict_` that are None.""" new_dict = {} for key, value in dict_.items(): diff --git a/authentik/providers/scim/clients/group.py b/authentik/providers/scim/clients/group.py index a2c0cad3b7b..9af35dd2285 100644 --- a/authentik/providers/scim/clients/group.py +++ b/authentik/providers/scim/clients/group.py @@ -8,7 +8,7 @@ from authentik.core.models import Group from authentik.events.models import Event, EventAction from authentik.lib.utils.errors import exception_to_string -from authentik.policies.utils import delete_none_keys +from authentik.policies.utils import delete_none_values from authentik.providers.scim.clients.base import SCIMClient from authentik.providers.scim.clients.exceptions import ( ResourceMissing, @@ -74,7 +74,7 @@ def to_scim(self, obj: Group) -> SCIMGroupSchema: if not raw_scim_group: raise StopSync(ValueError("No group mappings configured"), obj) try: - scim_group = SCIMGroupSchema.parse_obj(delete_none_keys(raw_scim_group)) + scim_group = SCIMGroupSchema.parse_obj(delete_none_values(raw_scim_group)) except ValidationError as exc: raise StopSync(exc, obj) from exc if not scim_group.externalId: diff --git a/authentik/providers/scim/clients/user.py b/authentik/providers/scim/clients/user.py index ad5f7552eb6..f68f2f91d6e 100644 --- a/authentik/providers/scim/clients/user.py +++ b/authentik/providers/scim/clients/user.py @@ -6,7 +6,7 @@ from authentik.core.models import User from authentik.events.models import Event, EventAction from authentik.lib.utils.errors import exception_to_string -from authentik.policies.utils import delete_none_keys +from authentik.policies.utils import delete_none_values from authentik.providers.scim.clients.base import SCIMClient from authentik.providers.scim.clients.exceptions import ResourceMissing, StopSync from authentik.providers.scim.clients.schema import User as SCIMUserSchema @@ -64,7 +64,7 @@ def to_scim(self, obj: User) -> SCIMUserSchema: if not raw_scim_user: raise StopSync(ValueError("No user mappings configured"), obj) try: - scim_user = SCIMUserSchema.parse_obj(delete_none_keys(raw_scim_user)) + scim_user = SCIMUserSchema.parse_obj(delete_none_values(raw_scim_user)) except ValidationError as exc: raise StopSync(exc, obj) from exc if not scim_user.externalId: diff --git a/authentik/providers/scim/tests/test_membership.py b/authentik/providers/scim/tests/test_membership.py index 184b9189212..18b3faa67ca 100644 --- a/authentik/providers/scim/tests/test_membership.py +++ b/authentik/providers/scim/tests/test_membership.py @@ -91,7 +91,6 @@ def test_member_add(self): "active": True, "externalId": user.uid, "name": {"familyName": "", "formatted": "", "givenName": ""}, - "photos": [], "displayName": "", "userName": user.username, }, @@ -177,7 +176,6 @@ def test_member_remove(self): "emails": [], "externalId": user.uid, "name": {"familyName": "", "formatted": "", "givenName": ""}, - "photos": [], "userName": user.username, }, ) diff --git a/authentik/providers/scim/tests/test_user.py b/authentik/providers/scim/tests/test_user.py index dae05f268d9..842674b1033 100644 --- a/authentik/providers/scim/tests/test_user.py +++ b/authentik/providers/scim/tests/test_user.py @@ -81,7 +81,6 @@ def test_user_create(self, mock: Mocker): "givenName": uid, }, "displayName": uid, - "photos": [], "userName": uid, }, ) @@ -137,7 +136,6 @@ def test_user_create_update(self, mock: Mocker): "formatted": uid, "givenName": uid, }, - "photos": [], "userName": uid, }, ) @@ -190,7 +188,6 @@ def test_user_create_delete(self, mock: Mocker): "givenName": uid, }, "displayName": uid, - "photos": [], "userName": uid, }, ) @@ -258,7 +255,6 @@ def test_sync_task(self, mock: Mocker): "givenName": uid, }, "displayName": uid, - "photos": [], "userName": uid, }, ) diff --git a/authentik/sources/saml/processors/response.py b/authentik/sources/saml/processors/response.py index 2c809858e2e..9ff460a38a6 100644 --- a/authentik/sources/saml/processors/response.py +++ b/authentik/sources/saml/processors/response.py @@ -21,7 +21,7 @@ from authentik.core.sources.flow_manager import SourceFlowManager from authentik.lib.expression.evaluator import BaseEvaluator from authentik.lib.utils.time import timedelta_from_string -from authentik.policies.utils import delete_none_keys +from authentik.policies.utils import delete_none_values from authentik.sources.saml.exceptions import ( InvalidSignature, MismatchedRequestID, @@ -160,7 +160,7 @@ def _handle_name_id_transient(self) -> SourceFlowManager: self._source, self._http_request, name_id, - delete_none_keys(self.get_attributes()), + delete_none_values(self.get_attributes()), ) def _get_name_id(self) -> "Element": @@ -237,7 +237,7 @@ def prepare_flow_manager(self) -> SourceFlowManager: self._source, self._http_request, name_id.text, - delete_none_keys(self.get_attributes()), + delete_none_values(self.get_attributes()), ) diff --git a/blueprints/system/providers-scim.yaml b/blueprints/system/providers-scim.yaml index 3c19145ac17..9fdac03764a 100644 --- a/blueprints/system/providers-scim.yaml +++ b/blueprints/system/providers-scim.yaml @@ -21,7 +21,7 @@ entries: # photos supports URLs to images, however authentik might return data URIs avatar = request.user.avatar - photos = [] + photos = None if "://" in avatar: photos = [{"value": avatar, "type": "photo"}] @@ -31,11 +31,11 @@ entries: emails = [] if request.user.email != "": - emails.append({ + emails = [{ "value": request.user.email, "type": "other", "primary": True, - }) + }] return { "userName": request.user.username, "name": {