lib/sync/outgoing: check if there is a provider before creating tasks (cherry-pick #18394 to version-2025.10) (#18397)

authentik-automation[bot] · rissson · web-flow · commit a233feec2955 · 2025-11-26T18:01:42.000Z
lib/sync/outgoing: check if there is a provider before creating tasks (#18394) Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
diff --git a/authentik/enterprise/providers/ssf/tasks.py b/authentik/enterprise/providers/ssf/tasks.py
@@ -42,6 +42,8 @@ def send_ssf_events(
     for stream in Stream.objects.filter(**stream_filter):
         event_data = stream.prepare_event_payload(event_type, data, **extra_data)
         events_data[stream.uuid] = event_data
+    if not events_data:
+        return
     ssf_events_dispatch.send(events_data)
 
 
diff --git a/authentik/lib/sync/outgoing/signals.py b/authentik/lib/sync/outgoing/signals.py
@@ -28,6 +28,8 @@ def model_post_save(
         # This primarily happens during user login
         if sender == User and update_fields == {"last_login"}:
             return
+        if not provider_type.objects.exists():
+            return
         task_sync_direct_dispatch.send(
             class_to_path(instance.__class__),
             instance.pk,
@@ -39,6 +41,8 @@ def model_post_save(
 
     def model_pre_delete(sender: type[Model], instance: User | Group, **_):
         """Pre-delete handler"""
+        if not provider_type.objects.exists():
+            return
         task_sync_direct_dispatch.send(
             class_to_path(instance.__class__),
             instance.pk,
@@ -54,6 +58,8 @@ def model_m2m_changed(
         """Sync group membership"""
         if action not in ["post_add", "post_remove"]:
             return
+        if not provider_type.objects.exists():
+            return
         task_sync_m2m_dispatch.send(instance.pk, action, list(pk_set), reverse)
 
     m2m_changed.connect(model_m2m_changed, User.ak_groups.through, dispatch_uid=uid, weak=False)
diff --git a/authentik/providers/oauth2/signals.py b/authentik/providers/oauth2/signals.py
@@ -109,7 +109,7 @@ def user_session_deleted_oauth_backchannel_logout_and_tokens_removal(
     """Revoke tokens upon user logout"""
     LOGGER.debug("Sending back-channel logout notifications signal!", session=instance)
 
-    access_tokens = AccessToken.objects.filter(
+    access_tokens = AccessToken.objects.select_related("provider").filter(
         user=instance.user,
         session__session__session_key=instance.session.session_key,
     )
@@ -128,7 +128,8 @@ def user_session_deleted_oauth_backchannel_logout_and_tokens_removal(
         and token.provider.logout_method == OAuth2LogoutMethod.BACKCHANNEL
     ]
 
-    backchannel_logout_notification_dispatch.send(revocations=backchannel_tokens)
+    if backchannel_tokens:
+        backchannel_logout_notification_dispatch.send(revocations=backchannel_tokens)
 
     access_tokens.delete()
 

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ def user_session_deleted_oauth_backchannel_logout_and_tokens_removal(`
`109`	`109`	`"""Revoke tokens upon user logout"""`
`110`	`110`	`LOGGER.debug("Sending back-channel logout notifications signal!", session=instance)`
`111`	`111`
`112`		`- access_tokens = AccessToken.objects.filter(`
	`112`	`+ access_tokens = AccessToken.objects.select_related("provider").filter(`
`113`	`113`	`user=instance.user,`
`114`	`114`	`session__session__session_key=instance.session.session_key,`
`115`	`115`	`)`
`@@ -128,7 +128,8 @@ def user_session_deleted_oauth_backchannel_logout_and_tokens_removal(`
`128`	`128`	`and token.provider.logout_method == OAuth2LogoutMethod.BACKCHANNEL`
`129`	`129`	`]`
`130`	`130`
`131`		`- backchannel_logout_notification_dispatch.send(revocations=backchannel_tokens)`
	`131`	`+ if backchannel_tokens:`
	`132`	`+ backchannel_logout_notification_dispatch.send(revocations=backchannel_tokens)`
`132`	`133`
`133`	`134`	`access_tokens.delete()`
`134`	`135`