From bb9a524b5386c37a11b4986d9b4fe3f77f394939 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Sat, 13 Jan 2024 16:37:47 +0100 Subject: [PATCH] sources/oauth: fix URLs being overwritten by OIDC urls (cherry-pick #8147) (#8156) sources/oauth: fix URLs being overwritten by OIDC urls (#8147) * sources/oauth: fix URLs being overwritten by OIDC urls * fix tests --------- Signed-off-by: Jens Langhammer Co-authored-by: Jens L --- authentik/sources/oauth/api/source.py | 15 ++++++++++++--- authentik/sources/oauth/tests/test_views.py | 3 --- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/authentik/sources/oauth/api/source.py b/authentik/sources/oauth/api/source.py index a17bc6b03..53296f5a4 100644 --- a/authentik/sources/oauth/api/source.py +++ b/authentik/sources/oauth/api/source.py @@ -56,6 +56,7 @@ class OAuthSourceSerializer(SourceSerializer): """Get source's type configuration""" return SourceTypeSerializer(instance.source_type).data + # pylint: disable=too-many-locals def validate(self, attrs: dict) -> dict: session = get_http_session() source_type = registry.find_type(attrs["provider_type"]) @@ -73,9 +74,17 @@ class OAuthSourceSerializer(SourceSerializer): config = well_known_config.json() if "issuer" not in config: raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"}) - attrs["authorization_url"] = config.get("authorization_endpoint", "") - attrs["access_token_url"] = config.get("token_endpoint", "") - attrs["profile_url"] = config.get("userinfo_endpoint", "") + field_map = { + # authentik field to oidc field + "authorization_url": "authorization_endpoint", + "access_token_url": "token_endpoint", + "profile_url": "userinfo_endpoint", + } + for ak_key, oidc_key in field_map.items(): + # Don't overwrite user-set values + if ak_key in attrs and attrs[ak_key]: + continue + attrs[ak_key] = config.get(oidc_key, "") inferred_oidc_jwks_url = config.get("jwks_uri", "") # Prefer user-entered URL to inferred URL to default URL diff --git a/authentik/sources/oauth/tests/test_views.py b/authentik/sources/oauth/tests/test_views.py index 16e57c057..da4735073 100644 --- a/authentik/sources/oauth/tests/test_views.py +++ b/authentik/sources/oauth/tests/test_views.py @@ -69,9 +69,6 @@ class TestOAuthSource(TestCase): "provider_type": "openidconnect", "consumer_key": "foo", "consumer_secret": "foo", - "authorization_url": "http://foo", - "access_token_url": "http://foo", - "profile_url": "http://foo", "oidc_well_known_url": url, "oidc_jwks_url": "", },