Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

flows: clear flow state before redirecting to final URL #12788

Merged
merged 4 commits into from
Jan 24, 2025
+13 −5
Merged

flows: clear flow state before redirecting to final URL #12788

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
aebd2e2
providers/oauth2: clear flow state before redirecting to final URL
BeryJu Jan 23, 2025
08768d7
make flow executor invocation correct
BeryJu Jan 24, 2025
48c020b
actually we can do this centrally
BeryJu Jan 24, 2025
95fd34d
make sure the state is really clean
BeryJu Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion authentik/flows/planner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ def next(self, http_request: HttpRequest | None) -> FlowStageBinding | None:

def pop(self):
"""Pop next pending stage from bottom of list"""
if not self.markers and not self.bindings:
return
self.markers.pop(0)
self.bindings.pop(0)

Expand Down Expand Up @@ -156,8 +158,13 @@ def to_redirect(
final_stage: type[StageView] = self.bindings[-1].stage.view
temp_exec = FlowExecutorView(flow=flow, request=request, plan=self)
temp_exec.current_stage = self.bindings[-1].stage
temp_exec.current_stage_view = final_stage
temp_exec.setup(request, flow.slug)
stage = final_stage(request=request, executor=temp_exec)
return stage.dispatch(request)
response = stage.dispatch(request)
# Ensure we clean the flow state we have in the session before we redirect away
temp_exec.stage_ok()
return response

get_qs = request.GET.copy()
if request.user.is_authenticated and (
Expand Down
5 changes: 3 additions & 2 deletions authentik/flows/views/executor.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ class FlowExecutorView(APIView):

permission_classes = [AllowAny]

flow: Flow
flow: Flow = None

plan: FlowPlan | None = None
current_binding: FlowStageBinding | None = None
Expand All @@ -114,7 +114,8 @@ class FlowExecutorView(APIView):

def setup(self, request: HttpRequest, flow_slug: str):
super().setup(request, flow_slug=flow_slug)
self.flow = get_object_or_404(Flow.objects.select_related(), slug=flow_slug)
if not self.flow:
self.flow = get_object_or_404(Flow.objects.select_related(), slug=flow_slug)
self._logger = get_logger().bind(flow_slug=flow_slug)
set_tag("authentik.flow", self.flow.slug)

Expand Down
4 changes: 2 additions & 2 deletions authentik/providers/oauth2/views/authorize.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -499,11 +499,11 @@
)

challenge.is_valid()

self.executor.stage_ok()

Check warning on line 502 in authentik/providers/oauth2/views/authorize.py

View check run for this annotation

Codecov / codecov/patch

authentik/providers/oauth2/views/authorize.py#L502 

Added line #L502 was not covered by tests
return HttpChallengeResponse(
challenge=challenge,
)

self.executor.stage_ok()
return HttpResponseRedirectScheme(uri, allowed_schemes=[parsed.scheme])

def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
Expand Down
Loading