From 69b3d1722b4ac95fa563eb582b79b30953cbebc8 Mon Sep 17 00:00:00 2001
From: "gcp-cherry-pick-bot[bot]"
 <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com>
Date: Mon, 3 Mar 2025 13:11:50 +0000
Subject: [PATCH] *: fix stage incorrectly being inserted instead of appended
 (cherry-pick #13304) (#13327)

*: fix stage incorrectly being inserted instead of appended (#13304)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
---
 authentik/core/views/apps.py                    | 2 +-
 authentik/providers/oauth2/views/device_init.py | 2 +-
 authentik/providers/oauth2/views/end_session.py | 2 +-
 authentik/providers/rac/views.py                | 2 +-
 authentik/providers/saml/views/slo.py           | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/authentik/core/views/apps.py b/authentik/core/views/apps.py
index d90a994bd9..96d2590e5e 100644
--- a/authentik/core/views/apps.py
+++ b/authentik/core/views/apps.py
@@ -55,7 +55,7 @@ class RedirectToAppLaunch(View):
             )
         except FlowNonApplicableException:
             raise Http404 from None
-        plan.insert_stage(in_memory_stage(RedirectToAppStage))
+        plan.append_stage(in_memory_stage(RedirectToAppStage))
         return plan.to_redirect(request, flow)
 
 
diff --git a/authentik/providers/oauth2/views/device_init.py b/authentik/providers/oauth2/views/device_init.py
index 5f96818c60..104e79d211 100644
--- a/authentik/providers/oauth2/views/device_init.py
+++ b/authentik/providers/oauth2/views/device_init.py
@@ -71,7 +71,7 @@ class CodeValidatorView(PolicyAccessView):
         except FlowNonApplicableException:
             LOGGER.warning("Flow not applicable to user")
             return None
-        plan.insert_stage(in_memory_stage(OAuthDeviceCodeFinishStage))
+        plan.append_stage(in_memory_stage(OAuthDeviceCodeFinishStage))
         return plan.to_redirect(self.request, self.token.provider.authorization_flow)
 
 
diff --git a/authentik/providers/oauth2/views/end_session.py b/authentik/providers/oauth2/views/end_session.py
index b3ce811016..e813b5286c 100644
--- a/authentik/providers/oauth2/views/end_session.py
+++ b/authentik/providers/oauth2/views/end_session.py
@@ -34,5 +34,5 @@ class EndSessionView(PolicyAccessView):
                 PLAN_CONTEXT_APPLICATION: self.application,
             },
         )
-        plan.insert_stage(in_memory_stage(SessionEndStage))
+        plan.append_stage(in_memory_stage(SessionEndStage))
         return plan.to_redirect(self.request, self.flow)
diff --git a/authentik/providers/rac/views.py b/authentik/providers/rac/views.py
index bac8e21b90..2905d2ed42 100644
--- a/authentik/providers/rac/views.py
+++ b/authentik/providers/rac/views.py
@@ -46,7 +46,7 @@ class RACStartView(PolicyAccessView):
             )
         except FlowNonApplicableException:
             raise Http404 from None
-        plan.insert_stage(
+        plan.append_stage(
             in_memory_stage(
                 RACFinalStage,
                 application=self.application,
diff --git a/authentik/providers/saml/views/slo.py b/authentik/providers/saml/views/slo.py
index de234c19ec..2a205b73aa 100644
--- a/authentik/providers/saml/views/slo.py
+++ b/authentik/providers/saml/views/slo.py
@@ -61,7 +61,7 @@ class SAMLSLOView(PolicyAccessView):
                 PLAN_CONTEXT_APPLICATION: self.application,
             },
         )
-        plan.insert_stage(in_memory_stage(SessionEndStage))
+        plan.append_stage(in_memory_stage(SessionEndStage))
         return plan.to_redirect(self.request, self.flow)
 
     def post(self, request: HttpRequest, application_slug: str) -> HttpResponse: