providers: Add ability to choose a default authentication flow (#5070)

* core: add ability to choose a default authentication flow for a provider Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update web to use correct ak-search-select I don't think this element existed when the PR was initially created, lol Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only use provider authentication flow for authentication designation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-03-24 13:26:00 +01:00
parent 94a93adb4b
commit 1957717160
10 changed files with 299 additions and 7 deletions
--- a/authentik/flows/views/executor.py
+++ b/authentik/flows/views/executor.py
@ -22,6 +22,7 @@ from sentry_sdk.api import set_tag
 from sentry_sdk.hub import Hub
 from structlog.stdlib import BoundLogger, get_logger

+from authentik.core.models import Application
 from authentik.events.models import Event, EventAction, cleanse_dict
 from authentik.flows.challenge import (
    Challenge,
@ -480,8 +481,14 @@ class ToDefaultFlow(View):
        flow = None
        # First, attempt to get default flow from tenant
        if self.designation == FlowDesignation.AUTHENTICATION:
-            flow = tenant.flow_authentication
-        if self.designation == FlowDesignation.INVALIDATION:
+            # Attempt to get default flow from application
+            if SESSION_KEY_APPLICATION_PRE in self.request.session:
+                application: Application = self.request.session[SESSION_KEY_APPLICATION_PRE]
+                if application.provider:
+                    flow = application.provider.authentication_flow
+            else:
+                flow = tenant.flow_authentication
+        elif self.designation == FlowDesignation.INVALIDATION:
            flow = tenant.flow_invalidation
        # If no flow was set, get the first based on slug and policy
        if not flow: