security: fix CVE 2024 52289 (#12113)

* initial migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix loading Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start dynamic ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add serialize Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add error message handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix/add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prepare docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate to new input Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> # Conflicts: # authentik/core/tests/test_transactional_applications_api.py # authentik/providers/oauth2/tests/test_authorize.py # authentik/providers/oauth2/tests/test_jwks.py # authentik/providers/oauth2/tests/test_token.py # website/docs/security/CVE-2024-52289.md # website/sidebars.js
2024-11-21 14:46:43 +01:00
parent e7f49d97a8
commit 13636c0efe
37 changed files with 683 additions and 195 deletions
--- a/tests/e2e/test_provider_oauth2_github.py
+++ b/tests/e2e/test_provider_oauth2_github.py
@ -13,7 +13,12 @@ from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id, generate_key
 from authentik.policies.expression.models import ExpressionPolicy
 from authentik.policies.models import PolicyBinding
-from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider
+from authentik.providers.oauth2.models import (
+    ClientTypes,
+    OAuth2Provider,
+    RedirectURI,
+    RedirectURIMatchingMode,
+)
 from tests.e2e.utils import SeleniumTestCase, retry


@ -79,7 +84,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
            client_id=self.client_id,
            client_secret=self.client_secret,
            client_type=ClientTypes.CONFIDENTIAL,
-            redirect_uris="http://localhost:3000/login/github",
+            redirect_uris=[
+                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/github")
+            ],
            authorization_flow=authorization_flow,
        )
        Application.objects.create(
@ -134,7 +141,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
            client_id=self.client_id,
            client_secret=self.client_secret,
            client_type=ClientTypes.CONFIDENTIAL,
-            redirect_uris="http://localhost:3000/login/github",
+            redirect_uris=[
+                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/github")
+            ],
            authorization_flow=authorization_flow,
        )
        app = Application.objects.create(
@ -205,7 +214,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
            client_id=self.client_id,
            client_secret=self.client_secret,
            client_type=ClientTypes.CONFIDENTIAL,
-            redirect_uris="http://localhost:3000/login/github",
+            redirect_uris=[
+                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:3000/login/github")
+            ],
            authorization_flow=authorization_flow,
        )
        app = Application.objects.create(