From 51b229387b05decf46e8a1838a670a572f414701 Mon Sep 17 00:00:00 2001
From: Stanislav Dimov <stanislav.vdimov@gmail.com>
Date: Tue, 16 Jan 2024 01:38:02 +0000
Subject: [PATCH] change urls

---
 authentik/providers/oauth2/api/providers.py   |  3 +++
 authentik/providers/oauth2/tests/test_api.py  |  4 ++--
 authentik/providers/oauth2/urls.py            | 20 ++++++++--------
 authentik/providers/oauth2/views/authorize.py |  4 ++--
 .../oauth2/views/device_backchannel.py        |  6 ++---
 .../providers/oauth2/views/introspection.py   |  3 ++-
 authentik/providers/oauth2/views/provider.py  | 24 ++++++++++++++-----
 authentik/providers/oauth2/views/token.py     |  4 ++--
 .../providers/oauth2/views/token_revoke.py    |  3 ++-
 authentik/providers/oauth2/views/userinfo.py  |  8 +++----
 10 files changed, 48 insertions(+), 31 deletions(-)

diff --git a/authentik/providers/oauth2/api/providers.py b/authentik/providers/oauth2/api/providers.py
index 2b03dc4e6..d4a7c1674 100644
--- a/authentik/providers/oauth2/api/providers.py
+++ b/authentik/providers/oauth2/api/providers.py
@@ -95,16 +95,19 @@ class OAuth2ProviderViewSet(UsedByMixin, ModelViewSet):
             "authorize": request.build_absolute_uri(
                 reverse(
                     "authentik_providers_oauth2:authorize",
+                    kwargs={"application_slug": provider.application.slug},
                 )
             ),
             "token": request.build_absolute_uri(
                 reverse(
                     "authentik_providers_oauth2:token",
+                    kwargs={"application_slug": provider.application.slug},
                 )
             ),
             "user_info": request.build_absolute_uri(
                 reverse(
                     "authentik_providers_oauth2:userinfo",
+                    kwargs={"application_slug": provider.application.slug},
                 )
             ),
             "provider_info": None,
diff --git a/authentik/providers/oauth2/tests/test_api.py b/authentik/providers/oauth2/tests/test_api.py
index 002df774d..5aecb3a0e 100644
--- a/authentik/providers/oauth2/tests/test_api.py
+++ b/authentik/providers/oauth2/tests/test_api.py
@@ -34,7 +34,7 @@ class TestAPI(APITestCase):
         )
         self.assertEqual(response.status_code, 200)
         body = loads(response.content.decode())["preview"]
-        self.assertEqual(body["iss"], "http://testserver/application/o/issuer/test/")
+        self.assertEqual(body["iss"], "http://testserver/application/o/test/")
 
     def test_setup_urls(self):
         """Test Setup URLs API Endpoint"""
@@ -43,7 +43,7 @@ class TestAPI(APITestCase):
         )
         self.assertEqual(response.status_code, 200)
         body = loads(response.content.decode())
-        self.assertEqual(body["issuer"], "http://testserver/application/o/issuer/test/")
+        self.assertEqual(body["issuer"], "http://testserver/application/o/test/")
 
     # https://github.com/goauthentik/authentik/pull/5918
     @skipUnless(version_info >= (3, 11, 4), "This behaviour is only Python 3.11.4 and up")
diff --git a/authentik/providers/oauth2/urls.py b/authentik/providers/oauth2/urls.py
index 1e153fd7f..b77e1a443 100644
--- a/authentik/providers/oauth2/urls.py
+++ b/authentik/providers/oauth2/urls.py
@@ -20,40 +20,40 @@ from authentik.providers.oauth2.views.userinfo import UserInfoView
 
 urlpatterns = [
     path(
-        "authorize/",
+        "<slug:application_slug>/authorize/",
         AuthorizationFlowInitView.as_view(),
         name="authorize",
     ),
-    path("token/", TokenView.as_view(), name="token"),
-    path("device/", DeviceView.as_view(), name="device"),
+    path("<slug:application_slug>/token/", TokenView.as_view(), name="token"),
+    path("<slug:application_slug>/device/", DeviceView.as_view(), name="device"),
     path(
-        "userinfo/",
+        "<slug:application_slug>/userinfo/",
         UserInfoView.as_view(),
         name="userinfo",
     ),
     path(
-        "introspect/",
+        "<slug:application_slug>/introspect/",
         TokenIntrospectionView.as_view(),
         name="token-introspection",
     ),
     path(
-        "revoke/",
+        "<slug:application_slug>/revoke/",
         TokenRevokeView.as_view(),
         name="token-revoke",
     ),
     path(
-        "end-session/<slug:application_slug>/",
+        "<slug:application_slug>/end-session/",
         RedirectView.as_view(pattern_name="authentik_core:if-session-end", query_string=True),
         name="end-session",
     ),
-    path("jwks/<slug:application_slug>/", JWKSView.as_view(), name="jwks"),
+    path("<slug:application_slug>/jwks/", JWKSView.as_view(), name="jwks"),
     path(
-        "issuer/<slug:application_slug>/",
+        "<slug:application_slug>/",
         RedirectView.as_view(pattern_name="authentik_providers_oauth2:provider-info"),
         name="provider-root",
     ),
     path(
-        "discovery/<slug:application_slug>/.well-known/openid-configuration",
+        "<slug:application_slug>/.well-known/openid-configuration",
         ProviderInfoView.as_view(),
         name="provider-info",
     ),
diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py
index 8c31192bf..f33df9aa2 100644
--- a/authentik/providers/oauth2/views/authorize.py
+++ b/authentik/providers/oauth2/views/authorize.py
@@ -4,7 +4,7 @@ from datetime import timedelta
 from json import dumps
 from re import error as RegexError
 from re import fullmatch
-from typing import Optional
+from typing import Any, Optional
 from urllib.parse import parse_qs, urlencode, urlparse, urlsplit, urlunsplit
 from uuid import uuid4
 
@@ -339,7 +339,7 @@ class AuthorizationFlowInitView(PolicyAccessView):
         request.context["oauth_response_type"] = self.params.response_type
         return request
 
-    def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
+    def get(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         """Start FlowPLanner, return to flow executor shell"""
         # Require a login event to be set, otherwise make the user re-login
         login_event = get_login_event(request)
diff --git a/authentik/providers/oauth2/views/device_backchannel.py b/authentik/providers/oauth2/views/device_backchannel.py
index 79f723a73..ce8e6486e 100644
--- a/authentik/providers/oauth2/views/device_backchannel.py
+++ b/authentik/providers/oauth2/views/device_backchannel.py
@@ -1,5 +1,5 @@
 """Device flow views"""
-from typing import Optional
+from typing import Any, Optional
 from urllib.parse import urlencode
 
 from django.http import HttpRequest, HttpResponse, HttpResponseBadRequest, JsonResponse
@@ -44,7 +44,7 @@ class DeviceView(View):
         self.scopes = self.request.POST.get("scope", "").split(" ")
         return None
 
-    def dispatch(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
+    def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         throttle = AnonRateThrottle()
         throttle.rate = CONFIG.get("throttle.providers.oauth2.device", "20/hour")
         throttle.num_requests, throttle.duration = throttle.parse_rate(throttle.rate)
@@ -52,7 +52,7 @@ class DeviceView(View):
             return HttpResponse(status=429)
         return super().dispatch(request, *args, **kwargs)
 
-    def post(self, request: HttpRequest) -> HttpResponse:
+    def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         """Generate device token"""
         resp = self.parse_request()
         if resp:
diff --git a/authentik/providers/oauth2/views/introspection.py b/authentik/providers/oauth2/views/introspection.py
index ca702eda7..8a83a6432 100644
--- a/authentik/providers/oauth2/views/introspection.py
+++ b/authentik/providers/oauth2/views/introspection.py
@@ -1,5 +1,6 @@
 """authentik OAuth2 Token Introspection Views"""
 from dataclasses import dataclass, field
+from typing import Any
 
 from django.http import HttpRequest, HttpResponse
 from django.utils.decorators import method_decorator
@@ -64,7 +65,7 @@ class TokenIntrospectionView(View):
     params: TokenIntrospectionParams
     provider: OAuth2Provider
 
-    def post(self, request: HttpRequest) -> HttpResponse:
+    def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         """Introspection handler"""
         try:
             self.params = TokenIntrospectionParams.from_request(request)
diff --git a/authentik/providers/oauth2/views/provider.py b/authentik/providers/oauth2/views/provider.py
index ab6fbc328..c0df5abf3 100644
--- a/authentik/providers/oauth2/views/provider.py
+++ b/authentik/providers/oauth2/views/provider.py
@@ -48,13 +48,19 @@ class ProviderInfoView(View):
         return {
             "issuer": provider.get_issuer(self.request),
             "authorization_endpoint": self.request.build_absolute_uri(
-                reverse("authentik_providers_oauth2:authorize")
+                reverse(
+                    "authentik_providers_oauth2:authorize",
+                    kwargs={"application_slug": provider.application.slug})
             ),
             "token_endpoint": self.request.build_absolute_uri(
-                reverse("authentik_providers_oauth2:token")
+                reverse(
+                    "authentik_providers_oauth2:token",
+                    kwargs={"application_slug": provider.application.slug})
             ),
             "userinfo_endpoint": self.request.build_absolute_uri(
-                reverse("authentik_providers_oauth2:userinfo")
+                reverse(
+                    "authentik_providers_oauth2:userinfo",
+                    kwargs={"application_slug": provider.application.slug})
             ),
             "end_session_endpoint": self.request.build_absolute_uri(
                 reverse(
@@ -63,13 +69,19 @@ class ProviderInfoView(View):
                 )
             ),
             "introspection_endpoint": self.request.build_absolute_uri(
-                reverse("authentik_providers_oauth2:token-introspection")
+                reverse(
+                    "authentik_providers_oauth2:token-introspection",
+                    kwargs={"application_slug": provider.application.slug})
             ),
             "revocation_endpoint": self.request.build_absolute_uri(
-                reverse("authentik_providers_oauth2:token-revoke")
+                reverse(
+                    "authentik_providers_oauth2:token-revoke",
+                    kwargs={"application_slug": provider.application.slug})
             ),
             "device_authorization_endpoint": self.request.build_absolute_uri(
-                reverse("authentik_providers_oauth2:device")
+                reverse(
+                    "authentik_providers_oauth2:device",
+                    kwargs={"application_slug": provider.application.slug})
             ),
             "response_types_supported": [
                 ResponseTypes.CODE,
diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py
index 146978fe1..5fd56c8ad 100644
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@@ -435,10 +435,10 @@ class TokenView(View):
         cors_allow(self.request, response, *allowed_origins)
         return response
 
-    def options(self, request: HttpRequest) -> HttpResponse:
+    def options(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         return TokenResponse({})
 
-    def post(self, request: HttpRequest) -> HttpResponse:
+    def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         """Generate tokens for clients"""
         try:
             with Hub.current.start_span(
diff --git a/authentik/providers/oauth2/views/token_revoke.py b/authentik/providers/oauth2/views/token_revoke.py
index e4a5bd078..5a8b67214 100644
--- a/authentik/providers/oauth2/views/token_revoke.py
+++ b/authentik/providers/oauth2/views/token_revoke.py
@@ -1,5 +1,6 @@
 """Token revocation endpoint"""
 from dataclasses import dataclass
+from typing import Any
 
 from django.http import Http404, HttpRequest, HttpResponse
 from django.utils.decorators import method_decorator
@@ -49,7 +50,7 @@ class TokenRevokeView(View):
     params: TokenRevocationParams
     provider: OAuth2Provider
 
-    def post(self, request: HttpRequest) -> HttpResponse:
+    def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         """Revocation handler"""
         try:
             self.params = TokenRevocationParams.from_request(request)
diff --git a/authentik/providers/oauth2/views/userinfo.py b/authentik/providers/oauth2/views/userinfo.py
index 061e43fc8..58c4f876a 100644
--- a/authentik/providers/oauth2/views/userinfo.py
+++ b/authentik/providers/oauth2/views/userinfo.py
@@ -113,10 +113,10 @@ class UserInfoView(View):
         cors_allow(self.request, response, *allowed_origins)
         return response
 
-    def options(self, request: HttpRequest) -> HttpResponse:
+    def options(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         return TokenResponse({})
 
-    def get(self, request: HttpRequest, **kwargs) -> HttpResponse:
+    def get(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         """Handle GET Requests for UserInfo"""
         if not self.token:
             return HttpResponseBadRequest()
@@ -127,6 +127,6 @@ class UserInfoView(View):
         response = TokenResponse(claims)
         return response
 
-    def post(self, request: HttpRequest, **kwargs) -> HttpResponse:
+    def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         """POST Requests behave the same as GET Requests, so the get handler is called here"""
-        return self.get(request, **kwargs)
+        return self.get(request, *args, **kwargs)