diff --git a/authentik/core/signals.py b/authentik/core/signals.py index 228d59ce4c5a..3c103b169f3a 100644 --- a/authentik/core/signals.py +++ b/authentik/core/signals.py @@ -52,6 +52,8 @@ def user_logged_in_session(sender, request: HttpRequest, user: User, **_): @receiver(user_logged_out) def user_logged_out_session(sender, request: HttpRequest, user: User, **_): """Delete AuthenticatedSession if it exists""" + if not request.session or not request.session.session_key: + return AuthenticatedSession.objects.filter(session_key=request.session.session_key).delete() diff --git a/authentik/enterprise/providers/rac/signals.py b/authentik/enterprise/providers/rac/signals.py index 28cece00ab0c..2cf7b00bf933 100644 --- a/authentik/enterprise/providers/rac/signals.py +++ b/authentik/enterprise/providers/rac/signals.py @@ -21,6 +21,8 @@ @receiver(user_logged_out) def user_logged_out_session(sender, request: HttpRequest, user: User, **_): """Disconnect any open RAC connections""" + if not request.session or not request.session.session_key: + return layer = get_channel_layer() async_to_sync(layer.group_send)( RAC_CLIENT_GROUP_SESSION diff --git a/authentik/providers/oauth2/signals.py b/authentik/providers/oauth2/signals.py index 60336b18b641..ee0f4ed9c8a3 100644 --- a/authentik/providers/oauth2/signals.py +++ b/authentik/providers/oauth2/signals.py @@ -11,5 +11,7 @@ @receiver(user_logged_out) def user_logged_out_oauth_access_token(sender, request: HttpRequest, user: User, **_): """Revoke access tokens upon user logout""" + if not request.session or not request.session.session_key: + return hashed_session_key = sha256(request.session.session_key.encode("ascii")).hexdigest() AccessToken.objects.filter(user=user, session_id=hashed_session_key).delete() diff --git a/authentik/providers/proxy/signals.py b/authentik/providers/proxy/signals.py index 7ada0492b405..1a38eee53ff0 100644 --- a/authentik/providers/proxy/signals.py +++ b/authentik/providers/proxy/signals.py @@ -12,6 +12,8 @@ @receiver(user_logged_out) def logout_proxy_revoke_direct(sender: type[User], request: HttpRequest, **_): """Catch logout by direct logout and forward to proxy providers""" + if not request.session or not request.session.session_key: + return proxy_on_logout.delay(request.session.session_key)