From 086a8753c0b6f0fcfc73810c7c62c9c5da6645b7 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 3 Jul 2021 19:22:09 +0200
Subject: [PATCH] flows: handle old cached flow plans better

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/flows/views.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/authentik/flows/views.py b/authentik/flows/views.py
index 39c9a1662..ea44daa1f 100644
--- a/authentik/flows/views.py
+++ b/authentik/flows/views.py
@@ -167,7 +167,16 @@ class FlowExecutorView(APIView):
         request.session[SESSION_KEY_GET] = QueryDict(request.GET.get("query", ""))
         # We don't save the Plan after getting the next stage
         # as it hasn't been successfully passed yet
-        next_binding = self.plan.next(self.request)
+        try:
+            # This is the first time we actually access any attribute on the selected plan
+            # if the cached plan is from an older version, it might have different attributes
+            # in which case we just delete the plan and invalidate everything
+            next_binding = self.plan.next(self.request)
+        except Exception as exc:  # pylint: disable=broad-except
+            self._logger.warning("f(exec): found incompatible flow plan, invalidating run", exc=exc)
+            keys = cache.keys("flow_*")
+            cache.delete_many(keys)
+            return self.stage_invalid()
         if not next_binding:
             self._logger.debug("f(exec): no more stages, flow is done.")
             return self._flow_done()