change urls
This commit is contained in:
Stanislav Dimov
parent
461af185ad
commit
51b229387b
|
|
@ -95,16 +95,19 @@ class OAuth2ProviderViewSet(UsedByMixin, ModelViewSet):
|
||||||
"authorize": request.build_absolute_uri(
|
"authorize": request.build_absolute_uri(
|
||||||
reverse(
|
reverse(
|
||||||
"authentik_providers_oauth2:authorize",
|
"authentik_providers_oauth2:authorize",
|
||||||
|
kwargs={"application_slug": provider.application.slug},
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
"token": request.build_absolute_uri(
|
"token": request.build_absolute_uri(
|
||||||
reverse(
|
reverse(
|
||||||
"authentik_providers_oauth2:token",
|
"authentik_providers_oauth2:token",
|
||||||
|
kwargs={"application_slug": provider.application.slug},
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
"user_info": request.build_absolute_uri(
|
"user_info": request.build_absolute_uri(
|
||||||
reverse(
|
reverse(
|
||||||
"authentik_providers_oauth2:userinfo",
|
"authentik_providers_oauth2:userinfo",
|
||||||
|
kwargs={"application_slug": provider.application.slug},
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
"provider_info": None,
|
"provider_info": None,
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ class TestAPI(APITestCase):
|
||||||
)
|
)
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
body = loads(response.content.decode())["preview"]
|
body = loads(response.content.decode())["preview"]
|
||||||
self.assertEqual(body["iss"], "http://testserver/application/o/issuer/test/")
|
self.assertEqual(body["iss"], "http://testserver/application/o/test/")
|
||||||
|
|
||||||
def test_setup_urls(self):
|
def test_setup_urls(self):
|
||||||
"""Test Setup URLs API Endpoint"""
|
"""Test Setup URLs API Endpoint"""
|
||||||
|
|
@ -43,7 +43,7 @@ class TestAPI(APITestCase):
|
||||||
)
|
)
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
body = loads(response.content.decode())
|
body = loads(response.content.decode())
|
||||||
self.assertEqual(body["issuer"], "http://testserver/application/o/issuer/test/")
|
self.assertEqual(body["issuer"], "http://testserver/application/o/test/")
|
||||||
|
|
||||||
# https://github.com/goauthentik/authentik/pull/5918
|
# https://github.com/goauthentik/authentik/pull/5918
|
||||||
@skipUnless(version_info >= (3, 11, 4), "This behaviour is only Python 3.11.4 and up")
|
@skipUnless(version_info >= (3, 11, 4), "This behaviour is only Python 3.11.4 and up")
|
||||||
|
|
|
||||||
|
|
@ -20,40 +20,40 @@ from authentik.providers.oauth2.views.userinfo import UserInfoView
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path(
|
path(
|
||||||
"authorize/",
|
"<slug:application_slug>/authorize/",
|
||||||
AuthorizationFlowInitView.as_view(),
|
AuthorizationFlowInitView.as_view(),
|
||||||
name="authorize",
|
name="authorize",
|
||||||
),
|
),
|
||||||
path("token/", TokenView.as_view(), name="token"),
|
path("<slug:application_slug>/token/", TokenView.as_view(), name="token"),
|
||||||
path("device/", DeviceView.as_view(), name="device"),
|
path("<slug:application_slug>/device/", DeviceView.as_view(), name="device"),
|
||||||
path(
|
path(
|
||||||
"userinfo/",
|
"<slug:application_slug>/userinfo/",
|
||||||
UserInfoView.as_view(),
|
UserInfoView.as_view(),
|
||||||
name="userinfo",
|
name="userinfo",
|
||||||
),
|
),
|
||||||
path(
|
path(
|
||||||
"introspect/",
|
"<slug:application_slug>/introspect/",
|
||||||
TokenIntrospectionView.as_view(),
|
TokenIntrospectionView.as_view(),
|
||||||
name="token-introspection",
|
name="token-introspection",
|
||||||
),
|
),
|
||||||
path(
|
path(
|
||||||
"revoke/",
|
"<slug:application_slug>/revoke/",
|
||||||
TokenRevokeView.as_view(),
|
TokenRevokeView.as_view(),
|
||||||
name="token-revoke",
|
name="token-revoke",
|
||||||
),
|
),
|
||||||
path(
|
path(
|
||||||
"end-session/<slug:application_slug>/",
|
"<slug:application_slug>/end-session/",
|
||||||
RedirectView.as_view(pattern_name="authentik_core:if-session-end", query_string=True),
|
RedirectView.as_view(pattern_name="authentik_core:if-session-end", query_string=True),
|
||||||
name="end-session",
|
name="end-session",
|
||||||
),
|
),
|
||||||
path("jwks/<slug:application_slug>/", JWKSView.as_view(), name="jwks"),
|
path("<slug:application_slug>/jwks/", JWKSView.as_view(), name="jwks"),
|
||||||
path(
|
path(
|
||||||
"issuer/<slug:application_slug>/",
|
"<slug:application_slug>/",
|
||||||
RedirectView.as_view(pattern_name="authentik_providers_oauth2:provider-info"),
|
RedirectView.as_view(pattern_name="authentik_providers_oauth2:provider-info"),
|
||||||
name="provider-root",
|
name="provider-root",
|
||||||
),
|
),
|
||||||
path(
|
path(
|
||||||
"discovery/<slug:application_slug>/.well-known/openid-configuration",
|
"<slug:application_slug>/.well-known/openid-configuration",
|
||||||
ProviderInfoView.as_view(),
|
ProviderInfoView.as_view(),
|
||||||
name="provider-info",
|
name="provider-info",
|
||||||
),
|
),
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ from datetime import timedelta
|
||||||
from json import dumps
|
from json import dumps
|
||||||
from re import error as RegexError
|
from re import error as RegexError
|
||||||
from re import fullmatch
|
from re import fullmatch
|
||||||
from typing import Optional
|
from typing import Any, Optional
|
||||||
from urllib.parse import parse_qs, urlencode, urlparse, urlsplit, urlunsplit
|
from urllib.parse import parse_qs, urlencode, urlparse, urlsplit, urlunsplit
|
||||||
from uuid import uuid4
|
from uuid import uuid4
|
||||||
|
|
||||||
|
|
@ -339,7 +339,7 @@ class AuthorizationFlowInitView(PolicyAccessView):
|
||||||
request.context["oauth_response_type"] = self.params.response_type
|
request.context["oauth_response_type"] = self.params.response_type
|
||||||
return request
|
return request
|
||||||
|
|
||||||
def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
|
def get(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
"""Start FlowPLanner, return to flow executor shell"""
|
"""Start FlowPLanner, return to flow executor shell"""
|
||||||
# Require a login event to be set, otherwise make the user re-login
|
# Require a login event to be set, otherwise make the user re-login
|
||||||
login_event = get_login_event(request)
|
login_event = get_login_event(request)
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
"""Device flow views"""
|
"""Device flow views"""
|
||||||
from typing import Optional
|
from typing import Any, Optional
|
||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode
|
||||||
|
|
||||||
from django.http import HttpRequest, HttpResponse, HttpResponseBadRequest, JsonResponse
|
from django.http import HttpRequest, HttpResponse, HttpResponseBadRequest, JsonResponse
|
||||||
|
|
@ -44,7 +44,7 @@ class DeviceView(View):
|
||||||
self.scopes = self.request.POST.get("scope", "").split(" ")
|
self.scopes = self.request.POST.get("scope", "").split(" ")
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def dispatch(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
|
def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
throttle = AnonRateThrottle()
|
throttle = AnonRateThrottle()
|
||||||
throttle.rate = CONFIG.get("throttle.providers.oauth2.device", "20/hour")
|
throttle.rate = CONFIG.get("throttle.providers.oauth2.device", "20/hour")
|
||||||
throttle.num_requests, throttle.duration = throttle.parse_rate(throttle.rate)
|
throttle.num_requests, throttle.duration = throttle.parse_rate(throttle.rate)
|
||||||
|
|
@ -52,7 +52,7 @@ class DeviceView(View):
|
||||||
return HttpResponse(status=429)
|
return HttpResponse(status=429)
|
||||||
return super().dispatch(request, *args, **kwargs)
|
return super().dispatch(request, *args, **kwargs)
|
||||||
|
|
||||||
def post(self, request: HttpRequest) -> HttpResponse:
|
def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
"""Generate device token"""
|
"""Generate device token"""
|
||||||
resp = self.parse_request()
|
resp = self.parse_request()
|
||||||
if resp:
|
if resp:
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
"""authentik OAuth2 Token Introspection Views"""
|
"""authentik OAuth2 Token Introspection Views"""
|
||||||
from dataclasses import dataclass, field
|
from dataclasses import dataclass, field
|
||||||
|
from typing import Any
|
||||||
|
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse
|
||||||
from django.utils.decorators import method_decorator
|
from django.utils.decorators import method_decorator
|
||||||
|
|
@ -64,7 +65,7 @@ class TokenIntrospectionView(View):
|
||||||
params: TokenIntrospectionParams
|
params: TokenIntrospectionParams
|
||||||
provider: OAuth2Provider
|
provider: OAuth2Provider
|
||||||
|
|
||||||
def post(self, request: HttpRequest) -> HttpResponse:
|
def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
"""Introspection handler"""
|
"""Introspection handler"""
|
||||||
try:
|
try:
|
||||||
self.params = TokenIntrospectionParams.from_request(request)
|
self.params = TokenIntrospectionParams.from_request(request)
|
||||||
|
|
|
||||||
|
|
@ -48,13 +48,19 @@ class ProviderInfoView(View):
|
||||||
return {
|
return {
|
||||||
"issuer": provider.get_issuer(self.request),
|
"issuer": provider.get_issuer(self.request),
|
||||||
"authorization_endpoint": self.request.build_absolute_uri(
|
"authorization_endpoint": self.request.build_absolute_uri(
|
||||||
reverse("authentik_providers_oauth2:authorize")
|
reverse(
|
||||||
|
"authentik_providers_oauth2:authorize",
|
||||||
|
kwargs={"application_slug": provider.application.slug})
|
||||||
),
|
),
|
||||||
"token_endpoint": self.request.build_absolute_uri(
|
"token_endpoint": self.request.build_absolute_uri(
|
||||||
reverse("authentik_providers_oauth2:token")
|
reverse(
|
||||||
|
"authentik_providers_oauth2:token",
|
||||||
|
kwargs={"application_slug": provider.application.slug})
|
||||||
),
|
),
|
||||||
"userinfo_endpoint": self.request.build_absolute_uri(
|
"userinfo_endpoint": self.request.build_absolute_uri(
|
||||||
reverse("authentik_providers_oauth2:userinfo")
|
reverse(
|
||||||
|
"authentik_providers_oauth2:userinfo",
|
||||||
|
kwargs={"application_slug": provider.application.slug})
|
||||||
),
|
),
|
||||||
"end_session_endpoint": self.request.build_absolute_uri(
|
"end_session_endpoint": self.request.build_absolute_uri(
|
||||||
reverse(
|
reverse(
|
||||||
|
|
@ -63,13 +69,19 @@ class ProviderInfoView(View):
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
"introspection_endpoint": self.request.build_absolute_uri(
|
"introspection_endpoint": self.request.build_absolute_uri(
|
||||||
reverse("authentik_providers_oauth2:token-introspection")
|
reverse(
|
||||||
|
"authentik_providers_oauth2:token-introspection",
|
||||||
|
kwargs={"application_slug": provider.application.slug})
|
||||||
),
|
),
|
||||||
"revocation_endpoint": self.request.build_absolute_uri(
|
"revocation_endpoint": self.request.build_absolute_uri(
|
||||||
reverse("authentik_providers_oauth2:token-revoke")
|
reverse(
|
||||||
|
"authentik_providers_oauth2:token-revoke",
|
||||||
|
kwargs={"application_slug": provider.application.slug})
|
||||||
),
|
),
|
||||||
"device_authorization_endpoint": self.request.build_absolute_uri(
|
"device_authorization_endpoint": self.request.build_absolute_uri(
|
||||||
reverse("authentik_providers_oauth2:device")
|
reverse(
|
||||||
|
"authentik_providers_oauth2:device",
|
||||||
|
kwargs={"application_slug": provider.application.slug})
|
||||||
),
|
),
|
||||||
"response_types_supported": [
|
"response_types_supported": [
|
||||||
ResponseTypes.CODE,
|
ResponseTypes.CODE,
|
||||||
|
|
|
||||||
|
|
@ -435,10 +435,10 @@ class TokenView(View):
|
||||||
cors_allow(self.request, response, *allowed_origins)
|
cors_allow(self.request, response, *allowed_origins)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
def options(self, request: HttpRequest) -> HttpResponse:
|
def options(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
return TokenResponse({})
|
return TokenResponse({})
|
||||||
|
|
||||||
def post(self, request: HttpRequest) -> HttpResponse:
|
def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
"""Generate tokens for clients"""
|
"""Generate tokens for clients"""
|
||||||
try:
|
try:
|
||||||
with Hub.current.start_span(
|
with Hub.current.start_span(
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
"""Token revocation endpoint"""
|
"""Token revocation endpoint"""
|
||||||
from dataclasses import dataclass
|
from dataclasses import dataclass
|
||||||
|
from typing import Any
|
||||||
|
|
||||||
from django.http import Http404, HttpRequest, HttpResponse
|
from django.http import Http404, HttpRequest, HttpResponse
|
||||||
from django.utils.decorators import method_decorator
|
from django.utils.decorators import method_decorator
|
||||||
|
|
@ -49,7 +50,7 @@ class TokenRevokeView(View):
|
||||||
params: TokenRevocationParams
|
params: TokenRevocationParams
|
||||||
provider: OAuth2Provider
|
provider: OAuth2Provider
|
||||||
|
|
||||||
def post(self, request: HttpRequest) -> HttpResponse:
|
def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
"""Revocation handler"""
|
"""Revocation handler"""
|
||||||
try:
|
try:
|
||||||
self.params = TokenRevocationParams.from_request(request)
|
self.params = TokenRevocationParams.from_request(request)
|
||||||
|
|
|
||||||
|
|
@ -113,10 +113,10 @@ class UserInfoView(View):
|
||||||
cors_allow(self.request, response, *allowed_origins)
|
cors_allow(self.request, response, *allowed_origins)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
def options(self, request: HttpRequest) -> HttpResponse:
|
def options(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
return TokenResponse({})
|
return TokenResponse({})
|
||||||
|
|
||||||
def get(self, request: HttpRequest, **kwargs) -> HttpResponse:
|
def get(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
"""Handle GET Requests for UserInfo"""
|
"""Handle GET Requests for UserInfo"""
|
||||||
if not self.token:
|
if not self.token:
|
||||||
return HttpResponseBadRequest()
|
return HttpResponseBadRequest()
|
||||||
|
|
@ -127,6 +127,6 @@ class UserInfoView(View):
|
||||||
response = TokenResponse(claims)
|
response = TokenResponse(claims)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
def post(self, request: HttpRequest, **kwargs) -> HttpResponse:
|
def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
|
||||||
"""POST Requests behave the same as GET Requests, so the get handler is called here"""
|
"""POST Requests behave the same as GET Requests, so the get handler is called here"""
|
||||||
return self.get(request, **kwargs)
|
return self.get(request, *args, **kwargs)
|
||||||
|
|
|
||||||
Reference in a new issue