stages/email: use different query arguments for email and invitation tokens

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-20 19:55:53 +02:00 · 2021-09-20 19:55:53 +02:00 · 4c29d517f0
parent 180d27cc37
commit 4c29d517f0
4 changed files with 11 additions and 6 deletions
--- a/authentik/stages/email/stage.py
+++ b/authentik/stages/email/stage.py
@ -22,7 +22,7 @@ from authentik.stages.email.tasks import send_mails
 from authentik.stages.email.utils import TemplateEmailMessage

 LOGGER = get_logger()
-QS_KEY_TOKEN = "token"  # nosec
+QS_KEY_TOKEN = "etoken"  # nosec
 PLAN_CONTEXT_EMAIL_SENT = "email_sent"


--- a/authentik/stages/invitation/stage.py
+++ b/authentik/stages/invitation/stage.py
@ -15,7 +15,8 @@ from authentik.stages.invitation.signals import invitation_used
 from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT

 LOGGER = get_logger()
-INVITATION_TOKEN_KEY = "token"  # nosec
+INVITATION_TOKEN_KEY_CONTEXT = "token"  # nosec
+INVITATION_TOKEN_KEY = "itoken"  # nosec
 INVITATION_IN_EFFECT = "invitation_in_effect"
 INVITATION = "invitation"

@ -29,10 +30,14 @@ class InvitationStageView(StageView):

    def get_token(self) -> Optional[str]:
        """Get token from saved get-arguments or prompt_data"""
+        # Check for ?token= and ?itoken=
        if INVITATION_TOKEN_KEY in self.request.session.get(SESSION_KEY_GET, {}):
            return self.request.session[SESSION_KEY_GET][INVITATION_TOKEN_KEY]
-        if INVITATION_TOKEN_KEY in self.executor.plan.context.get(PLAN_CONTEXT_PROMPT, {}):
-            return self.executor.plan.context[PLAN_CONTEXT_PROMPT][INVITATION_TOKEN_KEY]
+        if INVITATION_TOKEN_KEY_CONTEXT in self.request.session.get(SESSION_KEY_GET, {}):
+            return self.request.session[SESSION_KEY_GET][INVITATION_TOKEN_KEY_CONTEXT]
+        # Check for {'token': ''} in the context
+        if INVITATION_TOKEN_KEY_CONTEXT in self.executor.plan.context.get(PLAN_CONTEXT_PROMPT, {}):
+            return self.executor.plan.context[PLAN_CONTEXT_PROMPT][INVITATION_TOKEN_KEY_CONTEXT]
        return None

    def get(self, request: HttpRequest) -> HttpResponse:
--- a/web/src/pages/stages/invitation/InvitationListLink.ts
+++ b/web/src/pages/stages/invitation/InvitationListLink.ts
@ -23,7 +23,7 @@ export class InvitationListLink extends LitElement {
    }

    renderLink(): string {
-        return `${window.location.protocol}//${window.location.host}/if/flow/${this.selectedFlow}/?token=${this.invitation}`;
+        return `${window.location.protocol}//${window.location.host}/if/flow/${this.selectedFlow}/?itoken=${this.invitation}`;
    }

    render(): TemplateResult {
--- a/website/docs/flow/stages/invitation/index.md
+++ b/website/docs/flow/stages/invitation/index.md
@ -8,6 +8,6 @@ If the option `Continue Flow without Invitation` is enabled, this stage will con

 To check if a user has used an invitation within a policy, you can check `request.context.invitation_in_effect`.

-To use an invitation, use the URL `https://authentik.tld/if/flow/your-enrollment-flow/?token=invitation-token`.
+To use an invitation, use the URL `https://authentik.tld/if/flow/your-enrollment-flow/?itoken=invitation-token`.

 You can also prompt the user for an invite by using the [*Prompt stage*](../prompt/index.md) by using a field with a field key of `token`.