Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flows: clear flow state before redirecting to final URL #12788

Merged
merged 4 commits into from
Jan 24, 2025
Merged

flows: clear flow state before redirecting to final URL #12788

merged 4 commits into from
Jan 24, 2025
+13 −5

Conversation

BeryJu
Copy link
Member

@BeryJu BeryJu commented Jan 23, 2025

Details

If a user re-loads the flow URL of an authorization flow after having used it, there may be left overs from the OAuth2 provider in the context which causes the flow to error. This PR clears the state before redirecting away.

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@BeryJu BeryJu requested a review from a team as a code owner January 23, 2025 18:03
@BeryJu
Copy link
Member Author

BeryJu commented Jan 23, 2025

/cherry-pick version-2024.12

@netlify Netlify
Copy link

netlify bot commented Jan 23, 2025
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 95fd34d
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/6793ae92243cd60008202982

@netlify Netlify
Copy link

netlify bot commented Jan 23, 2025
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit 95fd34d
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/6793ae924966490009290a2e

@codecov Codecov
Copy link

codecov bot commented Jan 23, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.77%. Comparing base (02bdf09) to head (95fd34d).
Report is 12 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #12788      +/-   ##
==========================================
+ Coverage   92.70%   92.77%   +0.07%     
==========================================
  Files         769      769              
  Lines       38912    38920       +8     
==========================================
+ Hits        36072    36109      +37     
+ Misses       2840     2811      -29
Flag Coverage Δ
e2e 48.58% <91.66%> (+0.10%) ⬆️
integration 24.61% <8.33%> (-0.01%) ⬇️
unit 90.40% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@BeryJu BeryJu changed the title providers/oauth2: clear flow state before redirecting to final URL flows: clear flow state before redirecting to final URL Jan 24, 2025
@BeryJu
actually we can do this centrally
48c020b 
Signed-off-by: Jens Langhammer <[email protected]>
@BeryJu BeryJu force-pushed the providers/oauth2/clear-context-before-redirect branch from 35ce708 to 48c020b Compare January 24, 2025 14:26
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 24, 2025
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-95fd34d9c0960cfae4454e6c85c0ccceeafb5c96
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-95fd34d9c0960cfae4454e6c85c0ccceeafb5c96

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu BeryJu merged commit 9e2fccb into main Jan 24, 2025
72 checks passed
@BeryJu BeryJu deleted the providers/oauth2/clear-context-before-redirect branch January 24, 2025 16:01
gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Jan 24, 2025
@BeryJu
flows: clear flow state before redirecting to final URL (#12788)
7187f60 
* providers/oauth2: clear flow state before redirecting to final URL

Signed-off-by: Jens Langhammer <[email protected]>

* make flow executor invocation correct

Signed-off-by: Jens Langhammer <[email protected]>

* actually we can do this centrally

Signed-off-by: Jens Langhammer <[email protected]>

* make sure the state is really clean

Signed-off-by: Jens Langhammer <[email protected]>

---------

Signed-off-by: Jens Langhammer <[email protected]>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Jan 24, 2025
Merged
BeryJu added a commit that referenced this pull request Jan 24, 2025
@gcp-cherry-pick-bot @BeryJu
flows: clear flow state before redirecting to final URL (cherry-pick #…
349572b 
…12788) (#12801)

flows: clear flow state before redirecting to final URL (#12788)

* providers/oauth2: clear flow state before redirecting to final URL



* make flow executor invocation correct



* actually we can do this centrally



* make sure the state is really clean



---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L. <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@BeryJu