providers/oauth2: regex-escape URLs when set to blank

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 12:52:29 +02:00 · 2022-05-26 12:52:29 +02:00 · 6105956847
parent 89028f175a
commit 6105956847
1 changed files with 2 additions and 2 deletions
--- a/authentik/providers/oauth2/views/authorize.py
+++ b/authentik/providers/oauth2/views/authorize.py
@ -2,7 +2,7 @@
 from dataclasses import dataclass, field
 from datetime import timedelta
 from re import error as RegexError
-from re import fullmatch
+from re import escape, fullmatch
 from typing import Optional
 from urllib.parse import parse_qs, urlencode, urlparse, urlsplit, urlunsplit
 from uuid import uuid4
@ -181,7 +181,7 @@ class OAuthAuthorizationParams:

        if self.provider.redirect_uris == "":
            LOGGER.info("Setting redirect for blank redirect_uris", redirect=self.redirect_uri)
-            self.provider.redirect_uris = self.redirect_uri
+            self.provider.redirect_uris = escape(self.redirect_uri)
            self.provider.save()
            allowed_redirect_urls = self.provider.redirect_uris.split()