Skip to content

stages/user_login: log correct user when session binding is broken#20094

Merged
BeryJu merged 1 commit intomainfrom
stages/user_login/session-binding-broken-user
Feb 21, 2026
Merged

stages/user_login: log correct user when session binding is broken#20094
BeryJu merged 1 commit intomainfrom
stages/user_login/session-binding-broken-user

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Feb 7, 2026
edited
Loading

Currently we try to get the user from request.user, however that isn't populated yet since the BoundSessionMiddleware runs before the AuthenticationMiddleware which populates it.

ref https://github.com/goauthentik/internal-customer-ref/issues/2

@BeryJu
stages/user_login: log correct user when session binding is broken
71d6d01 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu requested a review from a team as a code owner February 7, 2026 14:32
@netlify
Copy link

netlify bot commented Feb 7, 2026

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 71d6d01
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/69874cf47a7dc7000894fc10
😎 Deploy Preview https://deploy-preview-20094--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov
Copy link

codecov bot commented Feb 7, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.18%. Comparing base (ab16661) to head (71d6d01).
⚠️ Report is 175 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #20094      +/-   ##
==========================================
- Coverage   93.23%   93.18%   -0.06%     
==========================================
  Files         968      968              
  Lines       53589    53595       +6     
==========================================
- Hits        49965    49941      -24     
- Misses       3624     3654      +30
Flag Coverage Δ
conformance 37.95% <14.28%> (-0.01%) ⬇️
e2e 43.94% <14.28%> (+<0.01%) ⬆️
integration 22.66% <14.28%> (-0.05%) ⬇️
unit 91.38% <100.00%> (+<0.01%) ⬆️
unit-migrate 91.39% <100.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 7, 2026

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-71d6d015592f56d8fe77dd993182435e00b8fb8c
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-71d6d015592f56d8fe77dd993182435e00b8fb8c

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu BeryJu added area:backend backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12 backport/version-2026.2 Add this label to PRs to backport changes to version-2026.2 labels Feb 20, 2026
@BeryJu BeryJu merged commit 1031b05 into main Feb 21, 2026
105 checks passed
@BeryJu BeryJu deleted the stages/user_login/session-binding-broken-user branch February 21, 2026 17:38
authentik-automation bot pushed a commit that referenced this pull request Feb 21, 2026
@BeryJu @authentik-automation
stages/user_login: log correct user when session binding is broken (#…
b4998a5 
…20094)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@authentik-automation authentik-automation bot mentioned this pull request Feb 21, 2026
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Feb 21, 2026

🍒 Cherry-pick to version-2025.12 created: #20452

authentik-automation bot pushed a commit that referenced this pull request Feb 21, 2026
@BeryJu @authentik-automation
stages/user_login: log correct user when session binding is broken (#…
9409909 
…20094)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@authentik-automation authentik-automation bot mentioned this pull request Feb 21, 2026
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Feb 21, 2026

🍒 Cherry-pick to version-2026.2 created: #20453

BeryJu pushed a commit that referenced this pull request Feb 21, 2026
@authentik-automation
stages/user_login: log correct user when session binding is broken (c…
e367525 
…herry-pick #20094 to version-2026.2) (#20453)
BeryJu added a commit that referenced this pull request Feb 22, 2026
@authentik-automation @BeryJu
stages/user_login: log correct user when session binding is broken (c…
0c6e7c0 
…herry-pick #20094 to version-2025.12) (#20452)

stages/user_login: log correct user when session binding is broken (#20094)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
kensternberg-authentik added a commit that referenced this pull request Feb 23, 2026
@kensternberg-authentik
Merge branch 'main' into web/flow/20063-extract-flow-inspector
894bf4a 
* main:
  enterprise: monkey patch pyjwt to accept mismatching key (#20402)
  enterprise/lifecycle: use datetime instead of date to track review cycles (#20283)
  root: run `npm i` with `npm@11.10.1` in all subdirectories (#20471)
  providers/oauth2: device code flow client id via auth header (#20457)
  core: bump goauthentik/fips-debian from `4419749` to `d6def0a` in /lifecycle/container (#20467)
  core: bump goauthentik/fips-python from `d973c46` to `bccefee` in /lifecycle/container (#20466)
  core, web: bump ajv from 6.12.6 to 6.14.0 in /packages/prettier-config (#20462)
  ci: bump and fix daily (#20461)
  website/integrations: fix Vaultwarden SSO_SCOPES syntax (#20459)
  stages/user_login: log correct user when session binding is broken (#20094)
kensternberg-authentik added a commit that referenced this pull request Feb 23, 2026
@kensternberg-authentik
Merge branch 'main' into web/maintenance/no-unknown-attributes-2
b390a12 
* main: (167 commits)
  enterprise: monkey patch pyjwt to accept mismatching key (#20402)
  enterprise/lifecycle: use datetime instead of date to track review cycles (#20283)
  root: run `npm i` with `npm@11.10.1` in all subdirectories (#20471)
  providers/oauth2: device code flow client id via auth header (#20457)
  core: bump goauthentik/fips-debian from `4419749` to `d6def0a` in /lifecycle/container (#20467)
  core: bump goauthentik/fips-python from `d973c46` to `bccefee` in /lifecycle/container (#20466)
  core, web: bump ajv from 6.12.6 to 6.14.0 in /packages/prettier-config (#20462)
  ci: bump and fix daily (#20461)
  website/integrations: fix Vaultwarden SSO_SCOPES syntax (#20459)
  stages/user_login: log correct user when session binding is broken (#20094)
  web/flow: generate a single API object for network transactions and use it for the lifetime of the FlowExecutor (#20030)
  web/flow: refactor flow executor so component selection is in an easy-to-maintain table (#19999)
  website/integrations: gatus: fix config block  (#20446)
  core: bump msgraph-sdk from 1.54.0 to 1.55.0 (#20432)
  core: bump aws-cdk-lib from 2.238.0 to 2.239.0 (#20434)
  core: bump constructs from 10.5.0 to 10.5.1 (#20433)
  core: bump goauthentik/fips-python from `c272691` to `d973c46` in /lifecycle/container (#20437)
  core: bump goauthentik/fips-debian from `b0917af` to `4419749` in /lifecycle/container (#20438)
  web/admin/bugfix: Edit Stage not working. Invoking IdentificationStageForm not working (#20429)
  core: bump ruff from 0.15.1 to 0.15.2 (#20435)
  ...
kensternberg-authentik added a commit that referenced this pull request Feb 24, 2026
@kensternberg-authentik
Merge branch 'main' into web/flow/tidy-identification-stage
7277872 
* main: (104 commits)
  sources/saml: improve exception handling for saml response parsing (#20125)
  web/flow: separate flow inspector lifecycle from flow executor lifecycle (#20063)
  web/maintenance: no unknown attributes part 2 (#19014)
  website/docs: add info about make install and recovery key (#20447)
  web: bump ajv from 6.12.6 to 6.14.0 in /web (#20479)
  providers/proxy: preserve URL-encoded path characters in redirect (#20476)
  policies: measure policy process from manager (#20477)
  enterprise: monkey patch pyjwt to accept mismatching key (#20402)
  enterprise/lifecycle: use datetime instead of date to track review cycles (#20283)
  root: run `npm i` with `npm@11.10.1` in all subdirectories (#20471)
  providers/oauth2: device code flow client id via auth header (#20457)
  core: bump goauthentik/fips-debian from `4419749` to `d6def0a` in /lifecycle/container (#20467)
  core: bump goauthentik/fips-python from `d973c46` to `bccefee` in /lifecycle/container (#20466)
  core, web: bump ajv from 6.12.6 to 6.14.0 in /packages/prettier-config (#20462)
  ci: bump and fix daily (#20461)
  website/integrations: fix Vaultwarden SSO_SCOPES syntax (#20459)
  stages/user_login: log correct user when session binding is broken (#20094)
  web/flow: generate a single API object for network transactions and use it for the lifetime of the FlowExecutor (#20030)
  web/flow: refactor flow executor so component selection is in an easy-to-maintain table (#19999)
  website/integrations: gatus: fix config block  (#20446)
  ...
kensternberg-authentik added a commit that referenced this pull request Feb 25, 2026
@kensternberg-authentik
Merge branch 'web/flow/20261-tidy-identification-stage' into web/flow…
1f35644 
…/soc-captchas-and-webauthn

* web/flow/20261-tidy-identification-stage: (107 commits)
  Added some visibility keys, as per @GirlBossRush
  sources/saml: improve exception handling for saml response parsing (#20125)
  web/flow: separate flow inspector lifecycle from flow executor lifecycle (#20063)
  web/maintenance: no unknown attributes part 2 (#19014)
  website/docs: add info about make install and recovery key (#20447)
  web: bump ajv from 6.12.6 to 6.14.0 in /web (#20479)
  providers/proxy: preserve URL-encoded path characters in redirect (#20476)
  Weird merge bug: same function appeared twice.
  policies: measure policy process from manager (#20477)
  enterprise: monkey patch pyjwt to accept mismatching key (#20402)
  enterprise/lifecycle: use datetime instead of date to track review cycles (#20283)
  root: run `npm i` with `npm@11.10.1` in all subdirectories (#20471)
  providers/oauth2: device code flow client id via auth header (#20457)
  core: bump goauthentik/fips-debian from `4419749` to `d6def0a` in /lifecycle/container (#20467)
  core: bump goauthentik/fips-python from `d973c46` to `bccefee` in /lifecycle/container (#20466)
  core, web: bump ajv from 6.12.6 to 6.14.0 in /packages/prettier-config (#20462)
  ci: bump and fix daily (#20461)
  website/integrations: fix Vaultwarden SSO_SCOPES syntax (#20459)
  stages/user_login: log correct user when session binding is broken (#20094)
  web/flow: generate a single API object for network transactions and use it for the lifetime of the FlowExecutor (#20030)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area:backend backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12 backport/version-2026.2 Add this label to PRs to backport changes to version-2026.2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BeryJu