From 4e86aa3f59e91e5836500f37c51071c41f542e48 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 13 Mar 2021 21:05:56 +0100
Subject: [PATCH] sources/oauth: fix error on user enrollment when no
 enrollment flow is defined

fixes #636

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/sources/oauth/forms.py          | 2 ++
 authentik/sources/oauth/views/callback.py | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/authentik/sources/oauth/forms.py b/authentik/sources/oauth/forms.py
index 69ee0e41d..c8190882b 100644
--- a/authentik/sources/oauth/forms.py
+++ b/authentik/sources/oauth/forms.py
@@ -15,9 +15,11 @@ class OAuthSourceForm(forms.ModelForm):
         self.fields["authentication_flow"].queryset = Flow.objects.filter(
             designation=FlowDesignation.AUTHENTICATION
         )
+        self.fields["authentication_flow"].required = True
         self.fields["enrollment_flow"].queryset = Flow.objects.filter(
             designation=FlowDesignation.ENROLLMENT
         )
+        self.fields["enrollment_flow"].required = True
         if hasattr(self.Meta, "overrides"):
             for overide_field, overide_value in getattr(self.Meta, "overrides").items():
                 self.fields[overide_field].initial = overide_value
diff --git a/authentik/sources/oauth/views/callback.py b/authentik/sources/oauth/views/callback.py
index 17d3ad8bd..54a294826 100644
--- a/authentik/sources/oauth/views/callback.py
+++ b/authentik/sources/oauth/views/callback.py
@@ -4,6 +4,7 @@ from typing import Any, Optional
 from django.conf import settings
 from django.contrib import messages
 from django.http import Http404, HttpRequest, HttpResponse
+from django.http.response import HttpResponseBadRequest
 from django.shortcuts import redirect
 from django.urls import reverse
 from django.utils.translation import gettext as _
@@ -151,6 +152,8 @@ class OAuthCallback(OAuthClientMixin, View):
                 PLAN_CONTEXT_REDIRECT: final_redirect,
             }
         )
+        if not flow:
+            return HttpResponseBadRequest()
         # We run the Flow planner here so we can pass the Pending user in the context
         planner = FlowPlanner(flow)
         plan = planner.plan(self.request, kwargs)
@@ -233,6 +236,9 @@ class OAuthCallback(OAuthClientMixin, View):
             PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
         }
         # We run the Flow planner here so we can pass the Pending user in the context
+        if not source.enrollment_flow:
+            LOGGER.warning("source has no enrollment flow", source=source)
+            return HttpResponseBadRequest()
         planner = FlowPlanner(source.enrollment_flow)
         plan = planner.plan(self.request, context)
         plan.append(in_memory_stage(PostUserEnrollmentStage))