root: deny unauthenticated websocket messages consumer

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
goauthentik · Feb 27, 2025 · 7d40e00 · 7d40e00
1 parent 42501f6
commit 7d40e00
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/authentik/root/messages/consumer.py b/authentik/root/messages/consumer.py
@@ -1,5 +1,6 @@
 """websocket Message consumer"""
 
+from channels.exceptions import DenyConnection
 from channels.generic.websocket import JsonWebsocketConsumer
 from django.core.cache import cache
 
@@ -13,6 +14,8 @@ class MessageConsumer(JsonWebsocketConsumer):
     session_key: str
 
     def connect(self):
+        if not self.scope["user"].is_authenticated():
+            raise DenyConnection()
         self.accept()
         self.session_key = self.scope["session"].session_key
         if not self.session_key: