From da4fa96499057d84deb385df4efb28d0841444d2 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 23 Mar 2021 23:07:55 +0100 Subject: [PATCH] sources/oauth: simplify enrollment handler Signed-off-by: Jens Langhammer --- authentik/sources/oauth/views/callback.py | 35 ++++++++----------- .../stages/authenticator_webauthn/auth.html | 15 -------- .../stages/authenticator_webauthn/setup.html | 16 --------- 3 files changed, 15 insertions(+), 51 deletions(-) delete mode 100644 authentik/stages/authenticator_webauthn/templates/stages/authenticator_webauthn/auth.html delete mode 100644 authentik/stages/authenticator_webauthn/templates/stages/authenticator_webauthn/setup.html diff --git a/authentik/sources/oauth/views/callback.py b/authentik/sources/oauth/views/callback.py index f121ef338..a4e66c8bb 100644 --- a/authentik/sources/oauth/views/callback.py +++ b/authentik/sources/oauth/views/callback.py @@ -136,7 +136,9 @@ class OAuthCallback(OAuthClientMixin, View): messages.error(self.request, _("Authentication Failed.")) return redirect(self.get_error_redirect(source, reason)) - def handle_login_flow(self, flow: Flow, **kwargs) -> HttpResponse: + def handle_login_flow( + self, flow: Flow, *stages_to_append, **kwargs + ) -> HttpResponse: """Prepare Authentication Plan, redirect user FlowExecutor""" # Ensure redirect is carried through when user was trying to # authorize application @@ -157,6 +159,8 @@ class OAuthCallback(OAuthClientMixin, View): # We run the Flow planner here so we can pass the Pending user in the context planner = FlowPlanner(flow) plan = planner.plan(self.request, kwargs) + for stage in stages_to_append: + plan.append(stage) self.request.session[SESSION_KEY_PLAN] = plan return redirect_with_qs( "authentik_core:if-flow", @@ -224,27 +228,18 @@ class OAuthCallback(OAuthClientMixin, View): % {"source": self.source.name} ), ) - # Because we inject a stage into the planned flow, we can't use `self.handle_login_flow` - context = { - # Since we authenticate the user by their token, they have no backend set - PLAN_CONTEXT_AUTHENTICATION_BACKEND: "django.contrib.auth.backends.ModelBackend", - PLAN_CONTEXT_SSO: True, - PLAN_CONTEXT_SOURCE: self.source, - PLAN_CONTEXT_PROMPT: delete_none_keys( - self.get_user_enroll_context(source, access, info) - ), - PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access, - } + # We run the Flow planner here so we can pass the Pending user in the context if not source.enrollment_flow: LOGGER.warning("source has no enrollment flow", source=source) return HttpResponseBadRequest() - planner = FlowPlanner(source.enrollment_flow) - plan = planner.plan(self.request, context) - plan.append(in_memory_stage(PostUserEnrollmentStage)) - self.request.session[SESSION_KEY_PLAN] = plan - return redirect_with_qs( - "authentik_core:if-flow", - self.request.GET, - flow_slug=source.enrollment_flow.slug, + return self.handle_login_flow( + source.enrollment_flow, + in_memory_stage(PostUserEnrollmentStage), + **{ + PLAN_CONTEXT_PROMPT: delete_none_keys( + self.get_user_enroll_context(source, access, info) + ), + PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access, + }, ) diff --git a/authentik/stages/authenticator_webauthn/templates/stages/authenticator_webauthn/auth.html b/authentik/stages/authenticator_webauthn/templates/stages/authenticator_webauthn/auth.html deleted file mode 100644 index f35ee05ed..000000000 --- a/authentik/stages/authenticator_webauthn/templates/stages/authenticator_webauthn/auth.html +++ /dev/null @@ -1,15 +0,0 @@ -{% load i18n %} - - - diff --git a/authentik/stages/authenticator_webauthn/templates/stages/authenticator_webauthn/setup.html b/authentik/stages/authenticator_webauthn/templates/stages/authenticator_webauthn/setup.html deleted file mode 100644 index 6a47a71e9..000000000 --- a/authentik/stages/authenticator_webauthn/templates/stages/authenticator_webauthn/setup.html +++ /dev/null @@ -1,16 +0,0 @@ -{% load i18n %} - - - -