core: bump django from 5.1.9 to 5.1.10 (cherry-pick #14951)

[gcp-cherry-pick-bot]

Cherry-picked core: bump django from 5.1.9 to 5.1.10 (#14951)

bump django to 5.1.10

[netlify]

❌ Deploy Preview for authentik-docs failed. Why did it fail? →

Name	Link
🔨 Latest commit	a0a69f8
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/68498d7072cb2b0008150384

[codecov]

❌ 4 Tests Failed:

Tests completed	Failed	Passed	Skipped
1821	4	1817	2

View the top 3 failed test(s) by shortest run time

authentik.rbac.tests.test_api_filters.TestAPIPerms::test_list_denied

Stack Traces | 0.899s run time

self = <unittest.case._Outcome object at 0x7ffa38ac1da0>
test_case = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_denied>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_denied>
result = <TestCaseFunction test_list_denied>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_denied>
method = <bound method TestAPIPerms.test_list_denied of <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_denied>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_denied>

    def test_list_denied(self):
        """Test list without adding permission"""
        self.client.force_login(self.user)
    
>       res = self.client.get(reverse("authentik_api:invitation-list"))

.../rbac/tests/test_api_filters.py:95: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa237314f0>
path = '.../stages/invitation/invitations/', data = None, follow = False
extra = {}

    def get(self, path, data=None, follow=False, **extra):
>       response = super().get(path, data=data, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:292: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa237314f0>
path = '.../stages/invitation/invitations/', data = None, extra = {}
r = {'QUERY_STRING': ''}

    def get(self, path, data=None, **extra):
        r = {
            'QUERY_STRING': urlencode(data or {}, doseq=True),
        }
        if not data and '?' in path:
            # Fix to support old behavior where you have the arguments in the
            # url. See #1461.
            query_string = force_bytes(path.split('?')[1])
            query_string = query_string.decode('iso-8859-1')
            r['QUERY_STRING'] = query_string
        r.update(extra)
>       return self.generic('GET', path, **r)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:209: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa237314f0>, method = 'GET'
path = '.../stages/invitation/invitations/', data = ''
content_type = 'application/octet-stream', secure = False
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': ''}

    def generic(self, method, path, data='',
                content_type='application/octet-stream', secure=False, **extra):
        # Include the CONTENT_TYPE, regardless of whether or not data is empty.
        if content_type is not None:
            extra['CONTENT_TYPE'] = str(content_type)
    
>       return super().generic(
            method, path, data, content_type, secure, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:237: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa237314f0>, method = 'GET'
path = '.../stages/invitation/invitations/', data = b''
content_type = 'application/octet-stream', secure = False, headers = None
query_params = None
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': ''}
parsed = ParseResult(scheme='', netloc='', path='.../stages/invitation/invitations/', params='', query='', fragment='')
r = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}
query_string = ''

    def generic(
        self,
        method,
        path,
        data="",
        content_type="application/octet-stream",
        secure=False,
        *,
        headers=None,
        query_params=None,
        **extra,
    ):
        """Construct an arbitrary HTTP request."""
        parsed = urlparse(str(path))  # path can be lazy
        data = force_bytes(data, settings.DEFAULT_CHARSET)
        r = {
            "PATH_INFO": self._get_path(parsed),
            "REQUEST_METHOD": method,
            "SERVER_PORT": "443" if secure else "80",
            "wsgi.url_scheme": "https" if secure else "http",
        }
        if data:
            r.update(
                {
                    "CONTENT_LENGTH": str(len(data)),
                    "CONTENT_TYPE": content_type,
                    "wsgi.input": FakePayload(data),
                }
            )
        if headers:
            extra.update(HttpHeaders.to_wsgi_names(headers))
        if query_params:
            extra["QUERY_STRING"] = urlencode(query_params, doseq=True)
        r.update(extra)
        # If QUERY_STRING is absent or empty, we want to extract it from the URL.
        if not r.get("QUERY_STRING"):
            # WSGI requires latin-1 encoded strings. See get_path_info().
            query_string = parsed[4].encode().decode("iso-8859-1")
            r["QUERY_STRING"] = query_string
>       return self.request(**r)

.venv/lib/python3.13.../django/test/client.py:676: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa237314f0>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
        # Ensure that any credentials set get added to every request.
        kwargs.update(self._credentials)
>       return super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:289: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa237314f0>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
>       request = super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa237314f0>
request = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}
environ = {'CONTENT_TYPE': 'application/octet-stream', 'HTTP_COOKIE': 'authentik_session=8ed1gxtufik1pby6gipip4bscuzbr3pf', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', ...}
data = {'context': [[{'True': True, 'False': False, 'None': None}, {'csrf_token': <SimpleLazyObject: <function csrf.<locals>....se/ske...">, <Template template_string="{% load static %}{%...">, <Template template_string="{% load i18n %}{% g...">]}
on_template_render = functools.partial(<function store_rendered_templates at 0x7ffa4067c680>, {'templates': [<Template template_string="{% ...<IncludeNode: template=<FilterExpression '"base/header_js.html"'>>, <TextNode: '\n'>]>}, {'LANGUAGE_CODE': 'en-us'}]]})
signal_uid = 'template-render-140712169985280'
exception_uid = 'request-exception-140712169985280'
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def request(self, **request):
        """
        Make a generic request. Compose the environment dictionary and pass
        to the handler, return the result of the handler. Assume defaults for
        the query environment, which can be overridden using the arguments to
        the request.
        """
        environ = self._base_environ(**request)
    
        # Curry a data dictionary into an instance of the template renderer
        # callback function.
        data = {}
        on_template_render = partial(store_rendered_templates, data)
        signal_uid = "template-render-%s" % id(request)
        signals.template_rendered.connect(on_template_render, dispatch_uid=signal_uid)
        # Capture exceptions created by the handler.
        exception_uid = "request-exception-%s" % id(request)
        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
        try:
            response = self.handler(environ)
        finally:
            signals.template_rendered.disconnect(dispatch_uid=signal_uid)
            got_request_exception.disconnect(dispatch_uid=exception_uid)
        # Check for signaled exceptions.
>       self.check_exception(response)

.venv/lib/python3.13.../django/test/client.py:1092: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa237314f0>
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def check_exception(self, response):
        """
        Look for a signaled exception, clear the current context exception
        data, re-raise the signaled exception, and clear the signaled exception
        from the local cache.
        """
        response.exc_info = self.exc_info
        if self.exc_info:
            _, exc_value, _ = self.exc_info
            self.exc_info = None
            if self.raise_request_exception:
>               raise exc_value

.venv/lib/python3.13.../django/test/client.py:805: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../stages/invitation/invitations/'>

    @wraps(get_response)
    def inner(request):
        try:
>           response = get_response(request)

.venv/lib/python3.13.../core/handlers/exception.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.ForceAuthClientHandler object at 0x7ffa23c85650>
request = <WSGIRequest: GET '.../stages/invitation/invitations/'>

    def _get_response(self, request):
        """
        Resolve and call the view, then apply view, exception, and
        template_response middleware. This method is everything that happens
        inside the request/response middleware.
        """
        response = None
        callback, callback_args, callback_kwargs = self.resolve_request(request)
    
        # Apply view middleware
        for middleware_method in self._view_middleware:
            response = middleware_method(
                request, callback, callback_args, callback_kwargs
            )
            if response:
                break
    
        if response is None:
            wrapped_callback = self.make_view_atomic(callback)
            # If it is an asynchronous view, run it in a subthread.
            if iscoroutinefunction(wrapped_callback):
                wrapped_callback = async_to_sync(wrapped_callback)
            try:
>               response = wrapped_callback(request, *callback_args, **callback_kwargs)

.venv/lib/python3.13.../core/handlers/base.py:197: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../stages/invitation/invitations/'>, args = ()
kwargs = {}
current_scope = <Scope id=0x7ffa45fb6ce0 name=None type=ScopeType.CURRENT>
sentry_scope = <Scope id=0x7ffa45fb7a00 name=None type=ScopeType.ISOLATION>

    @functools.wraps(callback)
    def sentry_wrapped_callback(request, *args, **kwargs):
        # type: (Any, *Any, **Any) -> Any
        current_scope = sentry_sdk.get_current_scope()
        if current_scope.transaction is not None:
            current_scope.transaction.update_active_thread()
    
        sentry_scope = sentry_sdk.get_isolation_scope()
        # set the active thread id to the handler thread for sync views
        # this isn't necessary for async views since that runs on main
        if sentry_scope.profile is not None:
            sentry_scope.profile.update_active_thread_id()
    
        with sentry_sdk.start_span(
            op=OP.VIEW_RENDER,
            name=request.resolver_match.view_name,
            origin=DjangoIntegration.origin,
        ):
>           return callback(request, *args, **kwargs)

.venv/lib/python3.13.../integrations/django/views.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../stages/invitation/invitations/'>, args = ()
kwargs = {}

    def _view_wrapper(request, *args, **kwargs):
>       return view_func(request, *args, **kwargs)

.venv/lib/python3.13.../views/decorators/csrf.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../stages/invitation/invitations/'>, args = ()
kwargs = {}
self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>
method = 'head', action = 'list'
handler = <bound method ListModelMixin.list of <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>>

    def view(request, *args, **kwargs):
        self = cls(**initkwargs)
    
        if 'get' in actions and 'head' not in actions:
            actions['head'] = actions['get']
    
        # We also store the mapping of request methods to actions,
        # so that we can later set the action attribute.
        # eg. `self.action = 'list'` on an incoming GET request.
        self.action_map = actions
    
        # Bind methods to actions
        # This is the bit that's different to a standard view
        for method, action in actions.items():
            handler = getattr(self, action)
            setattr(self, method, handler)
    
        self.request = request
        self.args = args
        self.kwargs = kwargs
    
        # And continue as usual
>       return self.dispatch(request, *args, **kwargs)

.venv/lib/python3.13.../site-packages/rest_framework/viewsets.py:125: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
args = (), kwargs = {}
handler = <bound method ListModelMixin.list of <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
            response = handler(request, *args, **kwargs)
    
        except Exception as exc:
>           response = self.handle_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:515: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
        or re-raising the error.
        """
        if isinstance(exc, (exceptions.NotAuthenticated,
                            exceptions.AuthenticationFailed)):
            # WWW-Authenticate header for 401 responses, else coerce to 403
            auth_header = self.get_authenticate_header(self.request)
    
            if auth_header:
                exc.auth_header = auth_header
            else:
                exc.status_code = status.HTTP_403_FORBIDDEN
    
        exception_handler = self.get_exception_handler()
    
        context = self.get_exception_handler_context()
        response = exception_handler(exc, context)
    
        if response is None:
>           self.raise_uncaught_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def raise_uncaught_exception(self, exc):
        if settings.DEBUG:
            request = self.request
            renderer_format = getattr(request.accepted_renderer, 'format')
            use_plaintext_traceback = renderer_format not in ('html', 'api', 'admin')
            request.force_plaintext_errors(use_plaintext_traceback)
>       raise exc

.venv/lib/python3.13............/site-packages/rest_framework/views.py:486: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
args = (), kwargs = {}
handler = <bound method ListModelMixin.list of <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
>           response = handler(request, *args, **kwargs)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:512: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
args = (), kwargs = {}

    def list(self, request, *args, **kwargs):
>       queryset = self.filter_queryset(self.get_queryset())

.venv/lib/python3.13.../site-packages/rest_framework/mixins.py:38: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>
queryset = <QuerySet []>

    def filter_queryset(self, queryset):
        """
        Given a queryset, filter it with whichever filter backend is in use.
    
        You are unlikely to want to override this method, although you may need
        to call it either from a list view, or from a custom `get_object`
        method if you want to apply the configured filtering backend to the
        default queryset.
        """
        for backend in list(self.filter_backends):
>           queryset = backend().filter_queryset(self.request, queryset, self)

.venv/lib/python3.13.../site-packages/rest_framework/generics.py:154: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7ffa22179090>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
queryset = <QuerySet []>
view = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>

    def filter_queryset(self, request: Request, queryset: QuerySet, view: APIView) -> QuerySet:
        permission = self.perm_format % {
            "app_label": queryset.model._meta.app_label,
            "model_name": queryset.model._meta.model_name,
        }
        # having the global permission set on a user has higher priority than
        # per-object permissions
        if request.user.has_perm(permission):
            return queryset
        # User does not have permissions, but we have an owner field defined, so filter by that
        if owner_field := getattr(view, "owner_field", None):
            return queryset.filter(**{owner_field: request.user})
>       queryset = super().filter_queryset(request, queryset, view)

authentik/rbac/filters.py:32: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7ffa22179090>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
queryset = <QuerySet []>
view = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b470150>

    def filter_queryset(self, request, queryset, view):
        # We want to defer this import until runtime, rather than import-time.
        # See https://github..../django-rest-framework/issues/4608
        # (Also see #1624 for why we need to make this import explicitly)
        from guardian.shortcuts import get_objects_for_user
    
        user = request.user
        permission = self.perm_format % {
            'app_label': queryset.model._meta.app_label,
            'model_name': queryset.model._meta.model_name,
        }
    
>       return get_objects_for_user(
            user, permission, queryset,
            **self.shortcut_kwargs)

.venv/lib/python3.13.../site-packages/rest_framework_guardian/filters.py:28: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

user = <SimpleLazyObject: <User: 0noJWRfGO7XaxFFpOMx0>>
perms = ['authentik_stages_invitation.view_invitation'], klass = <QuerySet []>
use_groups = True, any_perm = False, with_superuser = True
accept_global_perms = False

    def get_objects_for_user(
        user: Any,
        perms: Union[str, list[str]],
        klass: Union[Model, Manager, QuerySet, None] = None,
        use_groups: bool = True,
        any_perm: bool = False,
        with_superuser: bool = True,
        accept_global_perms: bool = True,
    ) -> list[Model]:
        """Get objects that a user has *all* the supplied permissions for.
    
        Parameters:
            user (User | AnonymousUser): user to check for permissions.
            perms (str | list[str]): permission(s) to be checked.
                If `klass` parameter is not given, those should be full permission
                names rather than only codenames (i.e. `auth.change_user`).
                If more than one permission is present within sequence, their content type **must** be
                the same or `MixedContentTypeError` exception would be raised.
            klass (Modal | Manager | QuerySet): If not provided, this parameter would be
                computed based on given `params`.
            use_groups (bool): Whether to check user's groups object permissions.
            any_perm (bool): Whether any of the provided permissions in sequence is accepted.
            with_superuser (bool): if `user.is_superuser`, whether to return the entire queryset.
                Otherwise will only return objects the user has explicit permissions.
                This must be `True` for the `accept_global_perms` parameter to have any affect.
            accept_global_perms (bool): Whether global permissions are taken into account.
                Object based permissions are taken into account if more than one permission is
                provided in in perms and at least one of these perms is not globally set.
                If `any_perm` is `False` then the intersection of matching object is returned.
                Note, that if `with_superuser` is `False`, `accept_global_perms` will be ignored,
                which means that only object permissions will be checked!
    
        Raises:
            MixedContentTypeError: when computed content type for `perms` and/or `klass` clashes.
            WrongAppError: if cannot compute app label for given `perms` or `klass`.
    
        Example:
            ```shell
            >>> from django.contrib.auth.models import User
            >>> from guardian.shortcuts import get_objects_for_user
            >>> joe = User.objects.get(username='joe')
            >>> get_objects_for_user(joe, 'auth.change_group')
            []
            >>> from guardian.shortcuts import assign_perm
            >>> group = Group.objects.create('some group')
            >>> assign_perm('auth.change_group', joe, group)
            >>> get_objects_for_user(joe, 'auth.change_group')
            [<Group some group>]
    
            # The permission string can also be an iterable. Continuing with the previous example:
    
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            []
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'], any_perm=True)
            [<Group some group>]
            >>> assign_perm('auth.delete_group', joe, group)
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            [<Group some group>]
    
            # Take global permissions into account:
    
            >>> jack = User.objects.get(username='jack')
            >>> assign_perm('auth.change_group', jack) # this will set a global permission
            >>> get_objects_for_user(jack, 'auth.change_group')
            [<Group some group>]
            >>> group2 = Group.objects.create('other group')
            >>> assign_perm('auth.delete_group', jack, group2)
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
            [<Group other group>]
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
            [<Group some group>, <Group other group>]
            ```
    
        Note:
            If `accept_global_perms` is set to `True`, then all assigned global
            permissions will also be taken into account.
    
            - Scenario 1: a user has view permissions generally defined on the model
              'books' but no object-based permission on a single book instance:
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will be empty.
    
            - Scenario 2: a user has view permissions generally defined on the model
              'books' and also has an object-based permission to view book 'Whatever':
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 3: a user only has object-based permission on book 'Whatever':
    
                - If `accept_global_perms` is `True`: The list will only contain book 'Whatever'.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 4: a user does not have any permission:
    
                - If `accept_global_perms` is `True`: An empty list is returned.
                - If `accept_global_perms` is `False`: An empty list is returned.
        """
        if isinstance(perms, str):
            perms = [perms]
        ctype = None
        app_label = None
        codenames = set()
    
        # Compute codenames and set and ctype if possible
        for perm in perms:
            if "." in perm:
                new_app_label, codename = perm.split(".", 1)
                if app_label is not None and app_label != new_app_label:
                    raise MixedContentTypeError("Given perms must have same app "
                                                "label (%s != %s)" % (app_label, new_app_label))
                else:
                    app_label = new_app_label
            else:
                codename = perm
            codenames.add(codename)
            if app_label is not None:
                new_ctype = new_ctype = _get_ct_cached(app_label, codename)
                if ctype is not None and ctype != new_ctype:
                    raise MixedContentTypeError("ContentType was once computed "
                                                "to be %s and another one %s" % (ctype, new_ctype))
                else:
                    ctype = new_ctype
    
        # Compute queryset and ctype if still missing
        if ctype is None and klass is not None:
            queryset = _get_queryset(klass)
            ctype = get_content_type(queryset.model)
        elif ctype is not None and klass is None:
            queryset = _get_queryset(ctype.model_class())
        elif klass is None:
            raise WrongAppError("Cannot determine content type")
        else:
            queryset = _get_queryset(klass)
            if ctype != get_content_type(queryset.model):
>               raise MixedContentTypeError(
                    "Content type for given perms and " "klass differs"
                )
E               guardian.exceptions.MixedContentTypeError: Content type for given perms and klass differs

.venv/lib/python3.13.../site-packages/guardian/shortcuts.py:567: MixedContentTypeError

authentik.rbac.tests.test_api_filters.TestAPIPerms::test_update_simple_denied

Stack Traces | 0.91s run time

self = <unittest.case._Outcome object at 0x7ffa2215c130>
test_case = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_update_simple_denied>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_update_simple_denied>
result = <TestCaseFunction test_update_simple_denied>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_update_simple_denied>
method = <bound method TestAPIPerms.test_update_simple_denied of <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_update_simple_denied>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_update_simple_denied>

    def test_update_simple_denied(self):
        """Test update without assigning permission"""
        self.client.force_login(self.user)
        inv = Invitation.objects.create(name=generate_id(), created_by=self.superuser)
>       res = self.client.patch(
            reverse("authentik_api:invitation-detail", kwargs={"pk": inv.pk}),
            data={
                "name": generate_id(),
            },
        )

.../rbac/tests/test_api_filters.py:143: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa232beaf0>
path = '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'
data = {'name': 'UWaIuTF3FYQ74yeEhPROlLocLJ9wT71HjX0dbmRQ'}, format = None
content_type = None, follow = False, extra = {}

    def patch(self, path, data=None, format=None, content_type=None,
              follow=False, **extra):
>       response = super().patch(
            path, data=data, format=format, content_type=content_type, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:315: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa232beaf0>
path = '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'
data = b'{"name":"UWaIuTF3FYQ74yeEhPROlLocLJ9wT71HjX0dbmRQ"}', format = None
content_type = 'application/json', extra = {}

    def patch(self, path, data=None, format=None, content_type=None, **extra):
        data, content_type = self._encode_data(data, format, content_type)
>       return self.generic('PATCH', path, data, content_type, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:221: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa232beaf0>
method = 'PATCH'
path = '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'
data = b'{"name":"UWaIuTF3FYQ74yeEhPROlLocLJ9wT71HjX0dbmRQ"}'
content_type = 'application/json', secure = False
extra = {'CONTENT_TYPE': 'application/json'}

    def generic(self, method, path, data='',
                content_type='application/octet-stream', secure=False, **extra):
        # Include the CONTENT_TYPE, regardless of whether or not data is empty.
        if content_type is not None:
            extra['CONTENT_TYPE'] = str(content_type)
    
>       return super().generic(
            method, path, data, content_type, secure, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:237: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa232beaf0>
method = 'PATCH'
path = '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'
data = b'{"name":"UWaIuTF3FYQ74yeEhPROlLocLJ9wT71HjX0dbmRQ"}'
content_type = 'application/json', secure = False, headers = None
query_params = None, extra = {'CONTENT_TYPE': 'application/json'}
parsed = ParseResult(scheme='', netloc='', path='.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/', params='', query='', fragment='')
r = {'CONTENT_LENGTH': '51', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/', 'QUERY_STRING': '', ...}
query_string = ''

    def generic(
        self,
        method,
        path,
        data="",
        content_type="application/octet-stream",
        secure=False,
        *,
        headers=None,
        query_params=None,
        **extra,
    ):
        """Construct an arbitrary HTTP request."""
        parsed = urlparse(str(path))  # path can be lazy
        data = force_bytes(data, settings.DEFAULT_CHARSET)
        r = {
            "PATH_INFO": self._get_path(parsed),
            "REQUEST_METHOD": method,
            "SERVER_PORT": "443" if secure else "80",
            "wsgi.url_scheme": "https" if secure else "http",
        }
        if data:
            r.update(
                {
                    "CONTENT_LENGTH": str(len(data)),
                    "CONTENT_TYPE": content_type,
                    "wsgi.input": FakePayload(data),
                }
            )
        if headers:
            extra.update(HttpHeaders.to_wsgi_names(headers))
        if query_params:
            extra["QUERY_STRING"] = urlencode(query_params, doseq=True)
        r.update(extra)
        # If QUERY_STRING is absent or empty, we want to extract it from the URL.
        if not r.get("QUERY_STRING"):
            # WSGI requires latin-1 encoded strings. See get_path_info().
            query_string = parsed[4].encode().decode("iso-8859-1")
            r["QUERY_STRING"] = query_string
>       return self.request(**r)

.venv/lib/python3.13.../django/test/client.py:676: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa232beaf0>
kwargs = {'CONTENT_LENGTH': '51', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/', 'QUERY_STRING': '', ...}

    def request(self, **kwargs):
        # Ensure that any credentials set get added to every request.
        kwargs.update(self._credentials)
>       return super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:289: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa232beaf0>
kwargs = {'CONTENT_LENGTH': '51', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/', 'QUERY_STRING': '', ...}

    def request(self, **kwargs):
>       request = super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa232beaf0>
request = {'CONTENT_LENGTH': '51', 'CONTENT_TYPE': 'application/json', 'PATH_INFO': '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/', 'QUERY_STRING': '', ...}
environ = {'CONTENT_LENGTH': '51', 'CONTENT_TYPE': 'application/json', 'HTTP_COOKIE': 'authentik_session=g9umvtpbgii9arukjq0uc5kd0qak24yz', 'PATH_INFO': '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/', ...}
data = {}
on_template_render = functools.partial(<function store_rendered_templates at 0x7ffa4067c680>, {})
signal_uid = 'template-render-140712167732928'
exception_uid = 'request-exception-140712167732928'
response = <HttpResponseNotAllowed [GET, HEAD, OPTIONS] status_code=405, "text/html; charset=utf-8">

    def request(self, **request):
        """
        Make a generic request. Compose the environment dictionary and pass
        to the handler, return the result of the handler. Assume defaults for
        the query environment, which can be overridden using the arguments to
        the request.
        """
        environ = self._base_environ(**request)
    
        # Curry a data dictionary into an instance of the template renderer
        # callback function.
        data = {}
        on_template_render = partial(store_rendered_templates, data)
        signal_uid = "template-render-%s" % id(request)
        signals.template_rendered.connect(on_template_render, dispatch_uid=signal_uid)
        # Capture exceptions created by the handler.
        exception_uid = "request-exception-%s" % id(request)
        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
        try:
            response = self.handler(environ)
        finally:
            signals.template_rendered.disconnect(dispatch_uid=signal_uid)
            got_request_exception.disconnect(dispatch_uid=exception_uid)
        # Check for signaled exceptions.
>       self.check_exception(response)

.venv/lib/python3.13.../django/test/client.py:1092: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa232beaf0>
response = <HttpResponseNotAllowed [GET, HEAD, OPTIONS] status_code=405, "text/html; charset=utf-8">

    def check_exception(self, response):
        """
        Look for a signaled exception, clear the current context exception
        data, re-raise the signaled exception, and clear the signaled exception
        from the local cache.
        """
        response.exc_info = self.exc_info
        if self.exc_info:
            _, exc_value, _ = self.exc_info
            self.exc_info = None
            if self.raise_request_exception:
>               raise exc_value

.venv/lib/python3.13.../django/test/client.py:805: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>

    @wraps(get_response)
    def inner(request):
        try:
>           response = get_response(request)

.venv/lib/python3.13.../core/handlers/exception.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.ForceAuthClientHandler object at 0x7ffa301bab50>
request = <WSGIRequest: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>

    def _get_response(self, request):
        """
        Resolve and call the view, then apply view, exception, and
        template_response middleware. This method is everything that happens
        inside the request/response middleware.
        """
        response = None
        callback, callback_args, callback_kwargs = self.resolve_request(request)
    
        # Apply view middleware
        for middleware_method in self._view_middleware:
            response = middleware_method(
                request, callback, callback_args, callback_kwargs
            )
            if response:
                break
    
        if response is None:
            wrapped_callback = self.make_view_atomic(callback)
            # If it is an asynchronous view, run it in a subthread.
            if iscoroutinefunction(wrapped_callback):
                wrapped_callback = async_to_sync(wrapped_callback)
            try:
>               response = wrapped_callback(request, *callback_args, **callback_kwargs)

.venv/lib/python3.13.../core/handlers/base.py:197: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>
args = (), kwargs = {'pk': 'e974ec9a-79b9-4e65-ac09-63c802c67fbd'}
current_scope = <Scope id=0x7ffa45fb6ce0 name=None type=ScopeType.CURRENT>
sentry_scope = <Scope id=0x7ffa45fb7a00 name=None type=ScopeType.ISOLATION>

    @functools.wraps(callback)
    def sentry_wrapped_callback(request, *args, **kwargs):
        # type: (Any, *Any, **Any) -> Any
        current_scope = sentry_sdk.get_current_scope()
        if current_scope.transaction is not None:
            current_scope.transaction.update_active_thread()
    
        sentry_scope = sentry_sdk.get_isolation_scope()
        # set the active thread id to the handler thread for sync views
        # this isn't necessary for async views since that runs on main
        if sentry_scope.profile is not None:
            sentry_scope.profile.update_active_thread_id()
    
        with sentry_sdk.start_span(
            op=OP.VIEW_RENDER,
            name=request.resolver_match.view_name,
            origin=DjangoIntegration.origin,
        ):
>           return callback(request, *args, **kwargs)

.venv/lib/python3.13.../integrations/django/views.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>
args = (), kwargs = {'pk': 'e974ec9a-79b9-4e65-ac09-63c802c67fbd'}

    def _view_wrapper(request, *args, **kwargs):
>       return view_func(request, *args, **kwargs)

.venv/lib/python3.13.../views/decorators/csrf.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>
args = (), kwargs = {'pk': 'e974ec9a-79b9-4e65-ac09-63c802c67fbd'}
self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>
method = 'head', action = 'retrieve'
handler = <bound method RetrieveModelMixin.retrieve of <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>>

    def view(request, *args, **kwargs):
        self = cls(**initkwargs)
    
        if 'get' in actions and 'head' not in actions:
            actions['head'] = actions['get']
    
        # We also store the mapping of request methods to actions,
        # so that we can later set the action attribute.
        # eg. `self.action = 'list'` on an incoming GET request.
        self.action_map = actions
    
        # Bind methods to actions
        # This is the bit that's different to a standard view
        for method, action in actions.items():
            handler = getattr(self, action)
            setattr(self, method, handler)
    
        self.request = request
        self.args = args
        self.kwargs = kwargs
    
        # And continue as usual
>       return self.dispatch(request, *args, **kwargs)

.venv/lib/python3.13.../site-packages/rest_framework/viewsets.py:125: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>
request = <rest_framework.request.Request: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>
args = (), kwargs = {'pk': 'e974ec9a-79b9-4e65-ac09-63c802c67fbd'}
handler = <bound method UpdateModelMixin.partial_update of <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
            response = handler(request, *args, **kwargs)
    
        except Exception as exc:
>           response = self.handle_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:515: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
        or re-raising the error.
        """
        if isinstance(exc, (exceptions.NotAuthenticated,
                            exceptions.AuthenticationFailed)):
            # WWW-Authenticate header for 401 responses, else coerce to 403
            auth_header = self.get_authenticate_header(self.request)
    
            if auth_header:
                exc.auth_header = auth_header
            else:
                exc.status_code = status.HTTP_403_FORBIDDEN
    
        exception_handler = self.get_exception_handler()
    
        context = self.get_exception_handler_context()
        response = exception_handler(exc, context)
    
        if response is None:
>           self.raise_uncaught_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def raise_uncaught_exception(self, exc):
        if settings.DEBUG:
            request = self.request
            renderer_format = getattr(request.accepted_renderer, 'format')
            use_plaintext_traceback = renderer_format not in ('html', 'api', 'admin')
            request.force_plaintext_errors(use_plaintext_traceback)
>       raise exc

.venv/lib/python3.13............/site-packages/rest_framework/views.py:486: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>
request = <rest_framework.request.Request: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>
args = (), kwargs = {'pk': 'e974ec9a-79b9-4e65-ac09-63c802c67fbd'}
handler = <bound method UpdateModelMixin.partial_update of <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
>           response = handler(request, *args, **kwargs)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:512: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>
request = <rest_framework.request.Request: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>
args = ()
kwargs = {'partial': True, 'pk': 'e974ec9a-79b9-4e65-ac09-63c802c67fbd'}

    def partial_update(self, request, *args, **kwargs):
        kwargs['partial'] = True
>       return self.update(request, *args, **kwargs)

.venv/lib/python3.13....../site-packages/rest_framework/mixins.py:82: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>
request = <rest_framework.request.Request: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>
args = (), kwargs = {'pk': 'e974ec9a-79b9-4e65-ac09-63c802c67fbd'}
partial = True

    def update(self, request, *args, **kwargs):
        partial = kwargs.pop('partial', False)
>       instance = self.get_object()

.venv/lib/python3.13....../site-packages/rest_framework/mixins.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>

    def get_object(self):
        """
        Returns the object the view is displaying.
    
        You may want to override this if you need to provide non-standard
        queryset lookups.  Eg if objects are referenced using multiple
        keyword arguments in the url conf.
        """
>       queryset = self.filter_queryset(self.get_queryset())

.venv/lib/python3.13....../site-packages/rest_framework/generics.py:87: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>
queryset = <QuerySet []>

    def filter_queryset(self, queryset):
        """
        Given a queryset, filter it with whichever filter backend is in use.
    
        You are unlikely to want to override this method, although you may need
        to call it either from a list view, or from a custom `get_object`
        method if you want to apply the configured filtering backend to the
        default queryset.
        """
        for backend in list(self.filter_backends):
>           queryset = backend().filter_queryset(self.request, queryset, self)

.venv/lib/python3.13....../site-packages/rest_framework/generics.py:154: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7ffa1b515a90>
request = <rest_framework.request.Request: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>
queryset = <QuerySet []>
view = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>

    def filter_queryset(self, request: Request, queryset: QuerySet, view: APIView) -> QuerySet:
        permission = self.perm_format % {
            "app_label": queryset.model._meta.app_label,
            "model_name": queryset.model._meta.model_name,
        }
        # having the global permission set on a user has higher priority than
        # per-object permissions
        if request.user.has_perm(permission):
            return queryset
        # User does not have permissions, but we have an owner field defined, so filter by that
        if owner_field := getattr(view, "owner_field", None):
            return queryset.filter(**{owner_field: request.user})
>       queryset = super().filter_queryset(request, queryset, view)

authentik/rbac/filters.py:32: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7ffa1b515a90>
request = <rest_framework.request.Request: PATCH '.../invitation/invitations/e974ec9a-79b9-4e65-ac09-63c802c67fbd/'>
queryset = <QuerySet []>
view = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa2325e050>

    def filter_queryset(self, request, queryset, view):
        # We want to defer this import until runtime, rather than import-time.
        # See https://github..../django-rest-framework/issues/4608
        # (Also see #1624 for why we need to make this import explicitly)
        from guardian.shortcuts import get_objects_for_user
    
        user = request.user
        permission = self.perm_format % {
            'app_label': queryset.model._meta.app_label,
            'model_name': queryset.model._meta.model_name,
        }
    
>       return get_objects_for_user(
            user, permission, queryset,
            **self.shortcut_kwargs)

.venv/lib/python3.13.../site-packages/rest_framework_guardian/filters.py:28: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

user = <SimpleLazyObject: <User: 0m0nsxgzv2AdKTQbsVhC>>
perms = ['authentik_stages_invitation.view_invitation'], klass = <QuerySet []>
use_groups = True, any_perm = False, with_superuser = True
accept_global_perms = False

    def get_objects_for_user(
        user: Any,
        perms: Union[str, list[str]],
        klass: Union[Model, Manager, QuerySet, None] = None,
        use_groups: bool = True,
        any_perm: bool = False,
        with_superuser: bool = True,
        accept_global_perms: bool = True,
    ) -> list[Model]:
        """Get objects that a user has *all* the supplied permissions for.
    
        Parameters:
            user (User | AnonymousUser): user to check for permissions.
            perms (str | list[str]): permission(s) to be checked.
                If `klass` parameter is not given, those should be full permission
                names rather than only codenames (i.e. `auth.change_user`).
                If more than one permission is present within sequence, their content type **must** be
                the same or `MixedContentTypeError` exception would be raised.
            klass (Modal | Manager | QuerySet): If not provided, this parameter would be
                computed based on given `params`.
            use_groups (bool): Whether to check user's groups object permissions.
            any_perm (bool): Whether any of the provided permissions in sequence is accepted.
            with_superuser (bool): if `user.is_superuser`, whether to return the entire queryset.
                Otherwise will only return objects the user has explicit permissions.
                This must be `True` for the `accept_global_perms` parameter to have any affect.
            accept_global_perms (bool): Whether global permissions are taken into account.
                Object based permissions are taken into account if more than one permission is
                provided in in perms and at least one of these perms is not globally set.
                If `any_perm` is `False` then the intersection of matching object is returned.
                Note, that if `with_superuser` is `False`, `accept_global_perms` will be ignored,
                which means that only object permissions will be checked!
    
        Raises:
            MixedContentTypeError: when computed content type for `perms` and/or `klass` clashes.
            WrongAppError: if cannot compute app label for given `perms` or `klass`.
    
        Example:
            ```shell
            >>> from django.contrib.auth.models import User
            >>> from guardian.shortcuts import get_objects_for_user
            >>> joe = User.objects.get(username='joe')
            >>> get_objects_for_user(joe, 'auth.change_group')
            []
            >>> from guardian.shortcuts import assign_perm
            >>> group = Group.objects.create('some group')
            >>> assign_perm('auth.change_group', joe, group)
            >>> get_objects_for_user(joe, 'auth.change_group')
            [<Group some group>]
    
            # The permission string can also be an iterable. Continuing with the previous example:
    
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            []
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'], any_perm=True)
            [<Group some group>]
            >>> assign_perm('auth.delete_group', joe, group)
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            [<Group some group>]
    
            # Take global permissions into account:
    
            >>> jack = User.objects.get(username='jack')
            >>> assign_perm('auth.change_group', jack) # this will set a global permission
            >>> get_objects_for_user(jack, 'auth.change_group')
            [<Group some group>]
            >>> group2 = Group.objects.create('other group')
            >>> assign_perm('auth.delete_group', jack, group2)
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
            [<Group other group>]
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
            [<Group some group>, <Group other group>]
            ```
    
        Note:
            If `accept_global_perms` is set to `True`, then all assigned global
            permissions will also be taken into account.
    
            - Scenario 1: a user has view permissions generally defined on the model
              'books' but no object-based permission on a single book instance:
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will be empty.
    
            - Scenario 2: a user has view permissions generally defined on the model
              'books' and also has an object-based permission to view book 'Whatever':
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 3: a user only has object-based permission on book 'Whatever':
    
                - If `accept_global_perms` is `True`: The list will only contain book 'Whatever'.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 4: a user does not have any permission:
    
                - If `accept_global_perms` is `True`: An empty list is returned.
                - If `accept_global_perms` is `False`: An empty list is returned.
        """
        if isinstance(perms, str):
            perms = [perms]
        ctype = None
        app_label = None
        codenames = set()
    
        # Compute codenames and set and ctype if possible
        for perm in perms:
            if "." in perm:
                new_app_label, codename = perm.split(".", 1)
                if app_label is not None and app_label != new_app_label:
                    raise MixedContentTypeError("Given perms must have same app "
                                                "label (%s != %s)" % (app_label, new_app_label))
                else:
                    app_label = new_app_label
            else:
                codename = perm
            codenames.add(codename)
            if app_label is not None:
                new_ctype = new_ctype = _get_ct_cached(app_label, codename)
                if ctype is not None and ctype != new_ctype:
                    raise MixedContentTypeError("ContentType was once computed "
                                                "to be %s and another one %s" % (ctype, new_ctype))
                else:
                    ctype = new_ctype
    
        # Compute queryset and ctype if still missing
        if ctype is None and klass is not None:
            queryset = _get_queryset(klass)
            ctype = get_content_type(queryset.model)
        elif ctype is not None and klass is None:
            queryset = _get_queryset(ctype.model_class())
        elif klass is None:
            raise WrongAppError("Cannot determine content type")
        else:
            queryset = _get_queryset(klass)
            if ctype != get_content_type(queryset.model):
>               raise MixedContentTypeError(
                    "Content type for given perms and " "klass differs"
                )
E               guardian.exceptions.MixedContentTypeError: Content type for given perms and klass differs

.venv/lib/python3.13.../site-packages/guardian/shortcuts.py:567: MixedContentTypeError

authentik.rbac.tests.test_api_filters.TestAPIPerms::test_list_object_perm

Stack Traces | 0.912s run time

self = <unittest.case._Outcome object at 0x7ffa36edf0e0>
test_case = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_object_perm>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_object_perm>
result = <TestCaseFunction test_list_object_perm>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:651: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_object_perm>
method = <bound method TestAPIPerms.test_list_object_perm of <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_object_perm>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.13.4........./x64/lib/python3.13/unittest/case.py:606: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.tests.test_api_filters.TestAPIPerms testMethod=test_list_object_perm>

    def test_list_object_perm(self):
        """Test list"""
        self.client.force_login(self.user)
    
        Invitation.objects.all().delete()
        Invitation.objects.create(
            name=generate_id(),
            created_by=self.superuser,
        )
        inv2 = Invitation.objects.create(
            name=generate_id(),
            created_by=self.superuser,
        )
        self.role.assign_permission("authentik_stages_invitation.view_invitation", obj=inv2)
    
>       res = self.client.get(reverse("authentik_api:invitation-list"))

.../rbac/tests/test_api_filters.py:71: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa23732e60>
path = '.../stages/invitation/invitations/', data = None, follow = False
extra = {}

    def get(self, path, data=None, follow=False, **extra):
>       response = super().get(path, data=data, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:292: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa23732e60>
path = '.../stages/invitation/invitations/', data = None, extra = {}
r = {'QUERY_STRING': ''}

    def get(self, path, data=None, **extra):
        r = {
            'QUERY_STRING': urlencode(data or {}, doseq=True),
        }
        if not data and '?' in path:
            # Fix to support old behavior where you have the arguments in the
            # url. See #1461.
            query_string = force_bytes(path.split('?')[1])
            query_string = query_string.decode('iso-8859-1')
            r['QUERY_STRING'] = query_string
        r.update(extra)
>       return self.generic('GET', path, **r)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:209: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa23732e60>, method = 'GET'
path = '.../stages/invitation/invitations/', data = ''
content_type = 'application/octet-stream', secure = False
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': ''}

    def generic(self, method, path, data='',
                content_type='application/octet-stream', secure=False, **extra):
        # Include the CONTENT_TYPE, regardless of whether or not data is empty.
        if content_type is not None:
            extra['CONTENT_TYPE'] = str(content_type)
    
>       return super().generic(
            method, path, data, content_type, secure, **extra)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:237: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa23732e60>, method = 'GET'
path = '.../stages/invitation/invitations/', data = b''
content_type = 'application/octet-stream', secure = False, headers = None
query_params = None
extra = {'CONTENT_TYPE': 'application/octet-stream', 'QUERY_STRING': ''}
parsed = ParseResult(scheme='', netloc='', path='.../stages/invitation/invitations/', params='', query='', fragment='')
r = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}
query_string = ''

    def generic(
        self,
        method,
        path,
        data="",
        content_type="application/octet-stream",
        secure=False,
        *,
        headers=None,
        query_params=None,
        **extra,
    ):
        """Construct an arbitrary HTTP request."""
        parsed = urlparse(str(path))  # path can be lazy
        data = force_bytes(data, settings.DEFAULT_CHARSET)
        r = {
            "PATH_INFO": self._get_path(parsed),
            "REQUEST_METHOD": method,
            "SERVER_PORT": "443" if secure else "80",
            "wsgi.url_scheme": "https" if secure else "http",
        }
        if data:
            r.update(
                {
                    "CONTENT_LENGTH": str(len(data)),
                    "CONTENT_TYPE": content_type,
                    "wsgi.input": FakePayload(data),
                }
            )
        if headers:
            extra.update(HttpHeaders.to_wsgi_names(headers))
        if query_params:
            extra["QUERY_STRING"] = urlencode(query_params, doseq=True)
        r.update(extra)
        # If QUERY_STRING is absent or empty, we want to extract it from the URL.
        if not r.get("QUERY_STRING"):
            # WSGI requires latin-1 encoded strings. See get_path_info().
            query_string = parsed[4].encode().decode("iso-8859-1")
            r["QUERY_STRING"] = query_string
>       return self.request(**r)

.venv/lib/python3.13.../django/test/client.py:676: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa23732e60>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
        # Ensure that any credentials set get added to every request.
        kwargs.update(self._credentials)
>       return super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:289: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa23732e60>
kwargs = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}

    def request(self, **kwargs):
>       request = super().request(**kwargs)

.venv/lib/python3.13.............../site-packages/rest_framework/test.py:241: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa23732e60>
request = {'CONTENT_TYPE': 'application/octet-stream', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', 'REQUEST_METHOD': 'GET', ...}
environ = {'CONTENT_TYPE': 'application/octet-stream', 'HTTP_COOKIE': 'authentik_session=rdnhlrbh2iohvk6cs4kk442xnmg7lw7e', 'PATH_INFO': '.../stages/invitation/invitations/', 'QUERY_STRING': '', ...}
data = {'context': [[{'True': True, 'False': False, 'None': None}, {'csrf_token': <SimpleLazyObject: <function csrf.<locals>....se/ske...">, <Template template_string="{% load static %}{%...">, <Template template_string="{% load i18n %}{% g...">]}
on_template_render = functools.partial(<function store_rendered_templates at 0x7ffa4067c680>, {'templates': [<Template template_string="{% ...<IncludeNode: template=<FilterExpression '"base/header_js.html"'>>, <TextNode: '\n'>]>}, {'LANGUAGE_CODE': 'en-us'}]]})
signal_uid = 'template-render-140712290365952'
exception_uid = 'request-exception-140712290365952'
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def request(self, **request):
        """
        Make a generic request. Compose the environment dictionary and pass
        to the handler, return the result of the handler. Assume defaults for
        the query environment, which can be overridden using the arguments to
        the request.
        """
        environ = self._base_environ(**request)
    
        # Curry a data dictionary into an instance of the template renderer
        # callback function.
        data = {}
        on_template_render = partial(store_rendered_templates, data)
        signal_uid = "template-render-%s" % id(request)
        signals.template_rendered.connect(on_template_render, dispatch_uid=signal_uid)
        # Capture exceptions created by the handler.
        exception_uid = "request-exception-%s" % id(request)
        got_request_exception.connect(self.store_exc_info, dispatch_uid=exception_uid)
        try:
            response = self.handler(environ)
        finally:
            signals.template_rendered.disconnect(dispatch_uid=signal_uid)
            got_request_exception.disconnect(dispatch_uid=exception_uid)
        # Check for signaled exceptions.
>       self.check_exception(response)

.venv/lib/python3.13.../django/test/client.py:1092: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.APIClient object at 0x7ffa23732e60>
response = <ServerErrorTemplateResponse status_code=500, "text/html; charset=utf-8">

    def check_exception(self, response):
        """
        Look for a signaled exception, clear the current context exception
        data, re-raise the signaled exception, and clear the signaled exception
        from the local cache.
        """
        response.exc_info = self.exc_info
        if self.exc_info:
            _, exc_value, _ = self.exc_info
            self.exc_info = None
            if self.raise_request_exception:
>               raise exc_value

.venv/lib/python3.13.../django/test/client.py:805: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../stages/invitation/invitations/'>

    @wraps(get_response)
    def inner(request):
        try:
>           response = get_response(request)

.venv/lib/python3.13.../core/handlers/exception.py:55: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <rest_framework.test.ForceAuthClientHandler object at 0x7ffa23a72b50>
request = <WSGIRequest: GET '.../stages/invitation/invitations/'>

    def _get_response(self, request):
        """
        Resolve and call the view, then apply view, exception, and
        template_response middleware. This method is everything that happens
        inside the request/response middleware.
        """
        response = None
        callback, callback_args, callback_kwargs = self.resolve_request(request)
    
        # Apply view middleware
        for middleware_method in self._view_middleware:
            response = middleware_method(
                request, callback, callback_args, callback_kwargs
            )
            if response:
                break
    
        if response is None:
            wrapped_callback = self.make_view_atomic(callback)
            # If it is an asynchronous view, run it in a subthread.
            if iscoroutinefunction(wrapped_callback):
                wrapped_callback = async_to_sync(wrapped_callback)
            try:
>               response = wrapped_callback(request, *callback_args, **callback_kwargs)

.venv/lib/python3.13.../core/handlers/base.py:197: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../stages/invitation/invitations/'>, args = ()
kwargs = {}
current_scope = <Scope id=0x7ffa45fb6ce0 name=None type=ScopeType.CURRENT>
sentry_scope = <Scope id=0x7ffa45fb7a00 name=None type=ScopeType.ISOLATION>

    @functools.wraps(callback)
    def sentry_wrapped_callback(request, *args, **kwargs):
        # type: (Any, *Any, **Any) -> Any
        current_scope = sentry_sdk.get_current_scope()
        if current_scope.transaction is not None:
            current_scope.transaction.update_active_thread()
    
        sentry_scope = sentry_sdk.get_isolation_scope()
        # set the active thread id to the handler thread for sync views
        # this isn't necessary for async views since that runs on main
        if sentry_scope.profile is not None:
            sentry_scope.profile.update_active_thread_id()
    
        with sentry_sdk.start_span(
            op=OP.VIEW_RENDER,
            name=request.resolver_match.view_name,
            origin=DjangoIntegration.origin,
        ):
>           return callback(request, *args, **kwargs)

.venv/lib/python3.13.../integrations/django/views.py:94: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../stages/invitation/invitations/'>, args = ()
kwargs = {}

    def _view_wrapper(request, *args, **kwargs):
>       return view_func(request, *args, **kwargs)

.venv/lib/python3.13.../views/decorators/csrf.py:65: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

request = <WSGIRequest: GET '.../stages/invitation/invitations/'>, args = ()
kwargs = {}
self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>
method = 'head', action = 'list'
handler = <bound method ListModelMixin.list of <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>>

    def view(request, *args, **kwargs):
        self = cls(**initkwargs)
    
        if 'get' in actions and 'head' not in actions:
            actions['head'] = actions['get']
    
        # We also store the mapping of request methods to actions,
        # so that we can later set the action attribute.
        # eg. `self.action = 'list'` on an incoming GET request.
        self.action_map = actions
    
        # Bind methods to actions
        # This is the bit that's different to a standard view
        for method, action in actions.items():
            handler = getattr(self, action)
            setattr(self, method, handler)
    
        self.request = request
        self.args = args
        self.kwargs = kwargs
    
        # And continue as usual
>       return self.dispatch(request, *args, **kwargs)

.venv/lib/python3.13.../site-packages/rest_framework/viewsets.py:125: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
args = (), kwargs = {}
handler = <bound method ListModelMixin.list of <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
            response = handler(request, *args, **kwargs)
    
        except Exception as exc:
>           response = self.handle_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:515: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
        or re-raising the error.
        """
        if isinstance(exc, (exceptions.NotAuthenticated,
                            exceptions.AuthenticationFailed)):
            # WWW-Authenticate header for 401 responses, else coerce to 403
            auth_header = self.get_authenticate_header(self.request)
    
            if auth_header:
                exc.auth_header = auth_header
            else:
                exc.status_code = status.HTTP_403_FORBIDDEN
    
        exception_handler = self.get_exception_handler()
    
        context = self.get_exception_handler_context()
        response = exception_handler(exc, context)
    
        if response is None:
>           self.raise_uncaught_exception(exc)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:475: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>
exc = MixedContentTypeError('Content type for given perms and klass differs')

    def raise_uncaught_exception(self, exc):
        if settings.DEBUG:
            request = self.request
            renderer_format = getattr(request.accepted_renderer, 'format')
            use_plaintext_traceback = renderer_format not in ('html', 'api', 'admin')
            request.force_plaintext_errors(use_plaintext_traceback)
>       raise exc

.venv/lib/python3.13............/site-packages/rest_framework/views.py:486: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
args = (), kwargs = {}
handler = <bound method ListModelMixin.list of <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>>

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
    
        try:
            self.initial(request, *args, **kwargs)
    
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
    
>           response = handler(request, *args, **kwargs)

.venv/lib/python3.13............/site-packages/rest_framework/views.py:512: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
args = (), kwargs = {}

    def list(self, request, *args, **kwargs):
>       queryset = self.filter_queryset(self.get_queryset())

.venv/lib/python3.13.../site-packages/rest_framework/mixins.py:38: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>
queryset = <QuerySet []>

    def filter_queryset(self, queryset):
        """
        Given a queryset, filter it with whichever filter backend is in use.
    
        You are unlikely to want to override this method, although you may need
        to call it either from a list view, or from a custom `get_object`
        method if you want to apply the configured filtering backend to the
        default queryset.
        """
        for backend in list(self.filter_backends):
>           queryset = backend().filter_queryset(self.request, queryset, self)

.venv/lib/python3.13.../site-packages/rest_framework/generics.py:154: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7ffa2371caf0>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
queryset = <QuerySet []>
view = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>

    def filter_queryset(self, request: Request, queryset: QuerySet, view: APIView) -> QuerySet:
        permission = self.perm_format % {
            "app_label": queryset.model._meta.app_label,
            "model_name": queryset.model._meta.model_name,
        }
        # having the global permission set on a user has higher priority than
        # per-object permissions
        if request.user.has_perm(permission):
            return queryset
        # User does not have permissions, but we have an owner field defined, so filter by that
        if owner_field := getattr(view, "owner_field", None):
            return queryset.filter(**{owner_field: request.user})
>       queryset = super().filter_queryset(request, queryset, view)

authentik/rbac/filters.py:32: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.rbac.filters.ObjectFilter object at 0x7ffa2371caf0>
request = <rest_framework.request.Request: GET '.../stages/invitation/invitations/'>
queryset = <QuerySet []>
view = <authentik.stages.invitation.api.InvitationViewSet object at 0x7ffa1b472350>

    def filter_queryset(self, request, queryset, view):
        # We want to defer this import until runtime, rather than import-time.
        # See https://github..../django-rest-framework/issues/4608
        # (Also see #1624 for why we need to make this import explicitly)
        from guardian.shortcuts import get_objects_for_user
    
        user = request.user
        permission = self.perm_format % {
            'app_label': queryset.model._meta.app_label,
            'model_name': queryset.model._meta.model_name,
        }
    
>       return get_objects_for_user(
            user, permission, queryset,
            **self.shortcut_kwargs)

.venv/lib/python3.13.../site-packages/rest_framework_guardian/filters.py:28: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

user = <SimpleLazyObject: <User: WLWkj4zb7LCjbgizjtWn>>
perms = ['authentik_stages_invitation.view_invitation'], klass = <QuerySet []>
use_groups = True, any_perm = False, with_superuser = True
accept_global_perms = False

    def get_objects_for_user(
        user: Any,
        perms: Union[str, list[str]],
        klass: Union[Model, Manager, QuerySet, None] = None,
        use_groups: bool = True,
        any_perm: bool = False,
        with_superuser: bool = True,
        accept_global_perms: bool = True,
    ) -> list[Model]:
        """Get objects that a user has *all* the supplied permissions for.
    
        Parameters:
            user (User | AnonymousUser): user to check for permissions.
            perms (str | list[str]): permission(s) to be checked.
                If `klass` parameter is not given, those should be full permission
                names rather than only codenames (i.e. `auth.change_user`).
                If more than one permission is present within sequence, their content type **must** be
                the same or `MixedContentTypeError` exception would be raised.
            klass (Modal | Manager | QuerySet): If not provided, this parameter would be
                computed based on given `params`.
            use_groups (bool): Whether to check user's groups object permissions.
            any_perm (bool): Whether any of the provided permissions in sequence is accepted.
            with_superuser (bool): if `user.is_superuser`, whether to return the entire queryset.
                Otherwise will only return objects the user has explicit permissions.
                This must be `True` for the `accept_global_perms` parameter to have any affect.
            accept_global_perms (bool): Whether global permissions are taken into account.
                Object based permissions are taken into account if more than one permission is
                provided in in perms and at least one of these perms is not globally set.
                If `any_perm` is `False` then the intersection of matching object is returned.
                Note, that if `with_superuser` is `False`, `accept_global_perms` will be ignored,
                which means that only object permissions will be checked!
    
        Raises:
            MixedContentTypeError: when computed content type for `perms` and/or `klass` clashes.
            WrongAppError: if cannot compute app label for given `perms` or `klass`.
    
        Example:
            ```shell
            >>> from django.contrib.auth.models import User
            >>> from guardian.shortcuts import get_objects_for_user
            >>> joe = User.objects.get(username='joe')
            >>> get_objects_for_user(joe, 'auth.change_group')
            []
            >>> from guardian.shortcuts import assign_perm
            >>> group = Group.objects.create('some group')
            >>> assign_perm('auth.change_group', joe, group)
            >>> get_objects_for_user(joe, 'auth.change_group')
            [<Group some group>]
    
            # The permission string can also be an iterable. Continuing with the previous example:
    
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            []
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'], any_perm=True)
            [<Group some group>]
            >>> assign_perm('auth.delete_group', joe, group)
            >>> get_objects_for_user(joe, ['auth.change_group', 'auth.delete_group'])
            [<Group some group>]
    
            # Take global permissions into account:
    
            >>> jack = User.objects.get(username='jack')
            >>> assign_perm('auth.change_group', jack) # this will set a global permission
            >>> get_objects_for_user(jack, 'auth.change_group')
            [<Group some group>]
            >>> group2 = Group.objects.create('other group')
            >>> assign_perm('auth.delete_group', jack, group2)
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group']) # this retrieves intersection
            [<Group other group>]
            >>> get_objects_for_user(jack, ['auth.change_group', 'auth.delete_group'], any_perm) # this retrieves union
            [<Group some group>, <Group other group>]
            ```
    
        Note:
            If `accept_global_perms` is set to `True`, then all assigned global
            permissions will also be taken into account.
    
            - Scenario 1: a user has view permissions generally defined on the model
              'books' but no object-based permission on a single book instance:
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will be empty.
    
            - Scenario 2: a user has view permissions generally defined on the model
              'books' and also has an object-based permission to view book 'Whatever':
    
                - If `accept_global_perms` is `True`: A list of all books will be returned.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 3: a user only has object-based permission on book 'Whatever':
    
                - If `accept_global_perms` is `True`: The list will only contain book 'Whatever'.
                - If `accept_global_perms` is `False`: The list will only contain book 'Whatever'.
    
            - Scenario 4: a user does not have any permission:
    
                - If `accept_global_perms` is `True`: An empty list is returned.
                - If `accept_global_perms` is `False`: An empty list is returned.
        """
        if isinstance(perms, str):
            perms = [perms]
        ctype = None
        app_label = None
        codenames = set()
    
        # Compute codenames and set and ctype if possible
        for perm in perms:
            if "." in perm:
                new_app_label, codename = perm.split(".", 1)
                if app_label is not None and app_label != new_app_label:
                    raise MixedContentTypeError("Given perms must have same app "
                                                "label (%s != %s)" % (app_label, new_app_label))
                else:
                    app_label = new_app_label
            else:
                codename = perm
            codenames.add(codename)
            if app_label is not None:
                new_ctype = new_ctype = _get_ct_cached(app_label, codename)
                if ctype is not None and ctype != new_ctype:
                    raise MixedContentTypeError("ContentType was once computed "
                                                "to be %s and another one %s" % (ctype, new_ctype))
                else:
                    ctype = new_ctype
    
        # Compute queryset and ctype if still missing
        if ctype is None and klass is not None:
            queryset = _get_queryset(klass)
            ctype = get_content_type(queryset.model)
        elif ctype is not None and klass is None:
            queryset = _get_queryset(ctype.model_class())
        elif klass is None:
            raise WrongAppError("Cannot determine content type")
        else:
            queryset = _get_queryset(klass)
            if ctype != get_content_type(queryset.model):
>               raise MixedContentTypeError(
                    "Content type for given perms and " "klass differs"
                )
E               guardian.exceptions.MixedContentTypeError: Content type for given perms and klass differs

.venv/lib/python3.13.../site-packages/guardian/shortcuts.py:567: MixedContentTypeError

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}