205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

enterprise/stages/mtls: attempt fix freezegun (cherry-pick #22474 to version-2026.2) (#22500)

Browse Source 
enterprise/stages/mtls: attempt fix freezegun (#22474)

* enterprise/stages/mtls: attempt fix freezegun



* emil's fix



* Revert "enterprise/stages/mtls: attempt fix freezegun"

This reverts commit 8963dac3bc.

* format



* Reapply "enterprise/stages/mtls: attempt fix freezegun"

This reverts commit 090ab760b6.

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
This commit is contained in:
authentik-automation[bot]
2026-05-20 14:42:16 +02:00
committed by GitHub
parent 32122d7f43
commit 9a35e8b00a
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
authentik/enterprise/stages/mtls/stage.py
+4 -3
View File
@@ -14,6 +14,7 @@ from cryptography.x509 import (
load_pem_x509_certificate,
)
from cryptography.x509.verification import PolicyBuilder, Store, VerificationError
from django.utils.timezone import now
from django.utils.translation import gettext_lazy as _
from authentik.brands.models import Brand
@@ -138,9 +139,9 @@ class MTLSStageView(ChallengeStageView):
authorities_cert = [x.certificate for x in authorities]
for _cert in certs:
try:
PolicyBuilder().store(Store(authorities_cert)).build_client_verifier().verify(
_cert, []
)
PolicyBuilder().store(Store(authorities_cert)).time(
now()
).build_client_verifier().verify(_cert, [])
return _cert
except (
InvalidSignature,
authentik/root/test_plugin.py
+12
View File
@@ -16,6 +16,18 @@ def pytest_sessionstart(*_, **__):
"""Clear the console ahead of the pytest output starting"""
if not IS_CI:
print("\x1b[2J\x1b[H")
# Pre-warm cryptography's PyO3 PyDateTime type cache with the real
# datetime class. If the first extraction happens under @freeze_time
# (e.g. in MTLSStageTests), PyO3 caches freezegun's FakeDatetime,
# which breaks every later test that passes a real datetime into
# cryptography ("TypeError: 'datetime' object is not an instance
# of 'FakeDatetime'"). The discard is intentional — only side
# effect needed is the type-cache initialization.
from datetime import UTC, datetime
from cryptography.x509.verification import PolicyBuilder
PolicyBuilder().time(datetime.now(tz=UTC))
yield