From 6314be14ad1b42b04d466b56c567545233ad37ab Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 8 Feb 2022 23:46:23 +0100
Subject: [PATCH] core: allow formatting strings to be used for applications'
 launch URLs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/core/api/applications.py            | 18 ++++++++++++++++--
 authentik/core/tests/test_applications_api.py | 12 +++++++-----
 website/docs/core/applications.md             |  3 +++
 3 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py
index eab41f471..dcbb41017 100644
--- a/authentik/core/api/applications.py
+++ b/authentik/core/api/applications.py
@@ -1,13 +1,16 @@
 """Application API Views"""
+from typing import Optional
+
 from django.core.cache import cache
 from django.db.models import QuerySet
 from django.http.response import HttpResponseBadRequest
 from django.shortcuts import get_object_or_404
+from django.utils.functional import SimpleLazyObject
 from drf_spectacular.types import OpenApiTypes
 from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema
 from guardian.shortcuts import get_objects_for_user
 from rest_framework.decorators import action
-from rest_framework.fields import ReadOnlyField
+from rest_framework.fields import ReadOnlyField, SerializerMethodField
 from rest_framework.parsers import MultiPartParser
 from rest_framework.request import Request
 from rest_framework.response import Response
@@ -39,11 +42,22 @@ def user_app_cache_key(user_pk: str) -> str:
 class ApplicationSerializer(ModelSerializer):
     """Application Serializer"""
 
-    launch_url = ReadOnlyField(source="get_launch_url")
+    launch_url = SerializerMethodField()
     provider_obj = ProviderSerializer(source="get_provider", required=False)
 
     meta_icon = ReadOnlyField(source="get_meta_icon")
 
+    def get_launch_url(self, app: Application) -> Optional[str]:
+        """Allow formatting of launch URL"""
+        url = app.get_launch_url()
+        if not url:
+            return url
+        user = self.context["request"].user
+        if isinstance(user, SimpleLazyObject):
+            user._setup()
+            user = user._wrapped
+        return url % user.__dict__
+
     class Meta:
 
         model = Application
diff --git a/authentik/core/tests/test_applications_api.py b/authentik/core/tests/test_applications_api.py
index bec6632ff..34cb8855c 100644
--- a/authentik/core/tests/test_applications_api.py
+++ b/authentik/core/tests/test_applications_api.py
@@ -13,7 +13,9 @@ class TestApplicationsAPI(APITestCase):
 
     def setUp(self) -> None:
         self.user = create_test_admin_user()
-        self.allowed = Application.objects.create(name="allowed", slug="allowed")
+        self.allowed = Application.objects.create(
+            name="allowed", slug="allowed", meta_launch_url="https://goauthentik.io/%(username)s"
+        )
         self.denied = Application.objects.create(name="denied", slug="denied")
         PolicyBinding.objects.create(
             target=self.denied,
@@ -64,8 +66,8 @@ class TestApplicationsAPI(APITestCase):
                         "slug": "allowed",
                         "provider": None,
                         "provider_obj": None,
-                        "launch_url": None,
-                        "meta_launch_url": "",
+                        "launch_url": f"https://goauthentik.io/{self.user.username}",
+                        "meta_launch_url": "https://goauthentik.io/%(username)s",
                         "meta_icon": None,
                         "meta_description": "",
                         "meta_publisher": "",
@@ -100,8 +102,8 @@ class TestApplicationsAPI(APITestCase):
                         "slug": "allowed",
                         "provider": None,
                         "provider_obj": None,
-                        "launch_url": None,
-                        "meta_launch_url": "",
+                        "launch_url": f"https://goauthentik.io/{self.user.username}",
+                        "meta_launch_url": "https://goauthentik.io/%(username)s",
                         "meta_icon": None,
                         "meta_description": "",
                         "meta_publisher": "",
diff --git a/website/docs/core/applications.md b/website/docs/core/applications.md
index f0d5e0905..3cc8a006e 100644
--- a/website/docs/core/applications.md
+++ b/website/docs/core/applications.md
@@ -24,6 +24,9 @@ The following aspects can be configured:
 
 - *Name*: This is the name shown for the application card
 - *Launch URL*: The URL that is opened when a user clicks on the application. When left empty, authentik tries to guess it based on the provider
+
+    Starting with authentik 2022.2, you can use placeholders in the launch url to build them dynamically based on logged in user. For example, you can set the Launch URL to `https://goauthentik.io/%(username)s`, which will be replaced with the currently logged in user's username.
+
 - *Icon (URL)*: Optionally configure an Icon for the application
 - *Publisher*: Text shown below the application
 - *Description*: Subtext shown on the application card below the publisher