providers/oauth2: use correct title based on flow context and translated

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-05-14 00:08:29 +02:00
parent ddd785898b
commit a9a62bbfc8
1 changed files with 14 additions and 7 deletions

View File

@ -52,6 +52,7 @@ from authentik.providers.oauth2.models import (
from authentik.providers.oauth2.utils import HttpResponseRedirectScheme
from authentik.providers.oauth2.views.userinfo import UserInfoView
from authentik.providers.saml.views.flows import AutosubmitChallenge
from authentik.sources.saml.views import PLAN_CONTEXT_TITLE
from authentik.stages.consent.models import ConsentMode, ConsentStage
from authentik.stages.consent.stage import (
PLAN_CONTEXT_CONSENT_HEADER,
@ -253,7 +254,6 @@ class OAuthAuthorizationParams:
return code
class AuthorizationFlowInitView(PolicyAccessView):
"""OAuth2 Flow initializer, checks access to application and starts flow"""
@ -366,11 +366,13 @@ class AuthorizationFlowInitView(PolicyAccessView):
flow_slug=self.provider.authorization_flow.slug,
)
class OAuthFulfillmentStage(StageView):
"""Final stage, restores params from Flow."""
params: OAuthAuthorizationParams
provider: OAuth2Provider
application: Application
def redirect(self, uri: str) -> HttpResponse:
"""Redirect using HttpResponseRedirectScheme, compatible with non-http schemes"""
@ -390,7 +392,12 @@ class OAuthFulfillmentStage(StageView):
data={
"type": ChallengeTypes.NATIVE.value,
"component": "ak-stage-autosubmit",
"title": "Redirecting back to application...",
"title": (
self.executor.plan.context.get(
PLAN_CONTEXT_TITLE,
_("Redirecting to %(app)s..." % {"app": self.application.name}),
)
),
"url": self.params.redirect_uri,
"attrs": query_params,
}
@ -415,8 +422,8 @@ class OAuthFulfillmentStage(StageView):
LOGGER.warning("Got to fulfillment stage with no pending context")
return HttpResponseBadRequest()
self.params: OAuthAuthorizationParams = self.executor.plan.context.pop(PLAN_CONTEXT_PARAMS)
application: Application = self.executor.plan.context.pop(PLAN_CONTEXT_APPLICATION)
self.provider = get_object_or_404(OAuth2Provider, pk=application.provider_id)
self.application: Application = self.executor.plan.context.pop(PLAN_CONTEXT_APPLICATION)
self.provider = get_object_or_404(OAuth2Provider, pk=self.application.provider_id)
try:
# At this point we don't need to check permissions anymore
if {PROMPT_NONE, PROMPT_CONSENT}.issubset(self.params.prompt):
@ -428,18 +435,18 @@ class OAuthFulfillmentStage(StageView):
)
Event.new(
EventAction.AUTHORIZE_APPLICATION,
authorized_application=application,
authorized_application=self.application,
flow=self.executor.plan.flow_pk,
scopes=", ".join(self.params.scope),
).from_http(self.request)
return self.redirect(self.create_response_uri())
except (ClientIdError, RedirectUriError) as error:
error.to_event(application=application).from_http(request)
error.to_event(application=self.application).from_http(request)
self.executor.stage_invalid()
# pylint: disable=no-member
return bad_request_message(request, error.description, title=error.error)
except AuthorizeError as error:
error.to_event(application=application).from_http(request)
error.to_event(application=self.application).from_http(request)
self.executor.stage_invalid()
return self.redirect(error.create_uri())