From 1b3aacfa1dc271b0c7474d5e8fd100d627ecf926 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 27 May 2022 10:18:27 +0200 Subject: [PATCH] providers/oauth2: add migration from "*" to ".*" closes #2970 Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/tests/test_authorize.py | 2 +- authentik/providers/oauth2/views/authorize.py | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/authentik/providers/oauth2/tests/test_authorize.py b/authentik/providers/oauth2/tests/test_authorize.py index 096970cbe..a5b2a8c7d 100644 --- a/authentik/providers/oauth2/tests/test_authorize.py +++ b/authentik/providers/oauth2/tests/test_authorize.py @@ -84,7 +84,7 @@ class TestAuthorize(OAuthTestCase): name="test", client_id="test", authorization_flow=create_test_flow(), - redirect_uris="*", + redirect_uris="+", ) with self.assertRaises(RedirectUriError): request = self.factory.get("/", data={"response_type": "code", "client_id": "test"}) diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py index ac4802721..9ff3c4eb4 100644 --- a/authentik/providers/oauth2/views/authorize.py +++ b/authentik/providers/oauth2/views/authorize.py @@ -185,6 +185,12 @@ class OAuthAuthorizationParams: self.provider.save() allowed_redirect_urls = self.provider.redirect_uris.split() + if self.provider.redirect_uris == "*": + LOGGER.info("Converting redirect_uris to regex", redirect=self.redirect_uri) + self.provider.redirect_uris = ".*" + self.provider.save() + allowed_redirect_urls = self.provider.redirect_uris.split() + try: if not any(fullmatch(x, self.redirect_uri) for x in allowed_redirect_urls): LOGGER.warning(