Merge pull request #373 from TeskaLabs/fix/authorize-last-tenant

Authorize into last active tenant

CHANGELOG.md

@@ -3,6 +3,7 @@
 ## v24.17
 
 ### Pre-releases
+- `v24.17-alpha6`
 - `v24.17-alpha5`
 - `v24.17-alpha4`
 - `v24.17-alpha3`
@@ -11,6 +12,7 @@
 - `v24.17-alpha1`
 
 ### Fix
+- Authorize into last active tenant (#373, `v24.17-alpha6`)
 - Default provisioning tenant name mst pass validation (#368, `v24.17-alpha4`)
 - Fix the initialization and updating of built-in resources (#363, `v24.06-alpha15`)
 - Fix searching credentials with multiple filters (#362, `v24.06-alpha14`)

seacatauth/openidconnect/handler/authorize.py

@@ -12,6 +12,7 @@
 from ... import exceptions
 from ..utils import AuthErrorResponseCode, AUTHORIZE_PARAMETERS
 from ..pkce import InvalidCodeChallengeMethodError, InvalidCodeChallengeError
+from ...last_activity import EventCode
 
 #
 
@@ -531,6 +532,12 @@ async def authorization_code_flow(
 			"from_ip": from_info,
 			"scope": scope,
 		})
+		await self.OpenIdConnectService.LastActivityService.update_last_activity(
+			EventCode.AUTHORIZE_SUCCESS,
+			credentials_id=new_session.Credentials.Id,
+			tenants=list(tenants),
+			scope=list(scope)
+		)
 		return await self.reply_with_successful_response(
 			new_session, scope, redirect_uri, state,
 			code_challenge=code_challenge,

seacatauth/openidconnect/service.py

@@ -57,6 +57,7 @@ def __init__(self, app, service_name="seacatauth.OpenIdConnectService"):
 		self.TenantService = app.get_service("seacatauth.TenantService")
 		self.RBACService = app.get_service("seacatauth.RBACService")
 		self.RoleService = app.get_service("seacatauth.RoleService")
+		self.LastActivityService = app.get_service("seacatauth.LastActivityService")
 		self.PKCE = pkce.PKCE()  # TODO: Restructure. This is OAuth, but not OpenID Connect!
 
 		self.PublicApiBaseUrl = app.PublicOpenIdConnectApiUrl