providers/proxy: fix panic when claims in session were nil (#5569)

* providers/proxy: fix panic when claims in session were nil

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add new options

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-05-10 20:58:44 +02:00 committed by GitHub
parent c68a42f63b
commit 906faf9cce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 0 deletions

View file

@ -21,4 +21,26 @@ class Migration(migrations.Migration):
default=authentik.providers.oauth2.models.generate_client_secret
),
),
migrations.AlterField(
model_name="oauth2provider",
name="sub_mode",
field=models.TextField(
choices=[
("hashed_user_id", "Based on the Hashed User ID"),
("user_id", "Based on user ID"),
("user_uuid", "Based on user UUID"),
("user_username", "Based on the username"),
(
"user_email",
"Based on the User's Email. This is recommended over the UPN method.",
),
(
"user_upn",
"Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.",
),
],
default="hashed_user_id",
help_text="Configure what data should be used as unique User Identifier. For most cases, the default should be fine.",
),
),
]

View file

@ -94,6 +94,10 @@ func (a *Application) Logout(sub string) error {
a.log.WithError(err).Trace("failed to decode session")
continue
}
rc, ok := s.Values[constants.SessionClaims]
if !ok || rc == nil {
continue
}
claims := s.Values[constants.SessionClaims].(Claims)
if claims.Sub == sub {
a.log.WithField("path", fullPath).Trace("deleting session")