providers/proxy: fix panic when claims in session were nil (#5569)
* providers/proxy: fix panic when claims in session were nil Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add new options Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
c68a42f63b
commit
906faf9cce
|
@ -21,4 +21,26 @@ class Migration(migrations.Migration):
|
|||
default=authentik.providers.oauth2.models.generate_client_secret
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="oauth2provider",
|
||||
name="sub_mode",
|
||||
field=models.TextField(
|
||||
choices=[
|
||||
("hashed_user_id", "Based on the Hashed User ID"),
|
||||
("user_id", "Based on user ID"),
|
||||
("user_uuid", "Based on user UUID"),
|
||||
("user_username", "Based on the username"),
|
||||
(
|
||||
"user_email",
|
||||
"Based on the User's Email. This is recommended over the UPN method.",
|
||||
),
|
||||
(
|
||||
"user_upn",
|
||||
"Based on the User's UPN, only works if user has a 'upn' attribute set. Use this method only if you have different UPN and Mail domains.",
|
||||
),
|
||||
],
|
||||
default="hashed_user_id",
|
||||
help_text="Configure what data should be used as unique User Identifier. For most cases, the default should be fine.",
|
||||
),
|
||||
),
|
||||
]
|
||||
|
|
|
@ -94,6 +94,10 @@ func (a *Application) Logout(sub string) error {
|
|||
a.log.WithError(err).Trace("failed to decode session")
|
||||
continue
|
||||
}
|
||||
rc, ok := s.Values[constants.SessionClaims]
|
||||
if !ok || rc == nil {
|
||||
continue
|
||||
}
|
||||
claims := s.Values[constants.SessionClaims].(Claims)
|
||||
if claims.Sub == sub {
|
||||
a.log.WithField("path", fullPath).Trace("deleting session")
|
||||
|
|
Reference in a new issue