events: fix incorrect user logged when using API token authentication

[BeryJu]

Details

This was introduced in 2024.2 by incorrectly caching the user from before the request instead of taking it from the request when an action was actually done. This works fine with the session auth as the session middleware happens before the event middleware, however since the token authentication modifies the user as part of the view and not the middleware, the user was updated too late.

This also adds a test that makes sure this doesn't happen again.

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	6368390
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/661eddf7193ef30008bb3383

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	6368390
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/661eddf7ea13ba0008523aa2

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.39%. Comparing base (ba36855) to head (6368390).
Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #9302   +/-   ##
=======================================
  Coverage   92.38%   92.39%           
=======================================
  Files         665      665           
  Lines       32609    32617    +8     
=======================================
+ Hits        30126    30135    +9     
+ Misses       2483     2482    -1     

Flag	Coverage Δ
e2e	50.66% <48.14%> (-0.02%)	⬇️
integration	26.00% <11.11%> (-0.01%)	⬇️
unit	89.66% <100.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[kensternberg-authentik]

At a syntactical level, this doesn't look like brain science.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-6368390aab65e4f061590838b7feb44e7f94eb5c
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-6368390aab65e4f061590838b7feb44e7f94eb5c-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-ghcr.io/goauthentik/dev-server:gh-6368390aab65e4f061590838b7feb44e7f94eb5c

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-ghcr.io/goauthentik/dev-server:gh-6368390aab65e4f061590838b7feb44e7f94eb5c-arm64

Afterwards, run the upgrade commands from the latest release notes.

[BeryJu]

/cherry-pick version-2024.2

[gcp-cherry-pick-bot]

Cherry-pick failed with Merge error 89c841b53020e68acfdfd5a56d3525a51b6dc0f6 into temp-cherry-pick-3b8c7b-version-2024.2