security: fix CVE 2024 52289 (#12113)

* initial migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix loading Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start dynamic ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add serialize Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add error message handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix/add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prepare docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate to new input Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-11-21 14:46:43 +01:00
parent 5ea4580884
commit 85bb638243
37 changed files with 687 additions and 198 deletions
--- a/tests/e2e/test_provider_oidc.py
+++ b/tests/e2e/test_provider_oidc.py
@ -19,7 +19,13 @@ from authentik.providers.oauth2.constants import (
    SCOPE_OPENID_EMAIL,
    SCOPE_OPENID_PROFILE,
 )
-from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
+from authentik.providers.oauth2.models import (
+    ClientTypes,
+    OAuth2Provider,
+    RedirectURI,
+    RedirectURIMatchingMode,
+    ScopeMapping,
+)
 from tests.e2e.utils import SeleniumTestCase, retry


@ -67,7 +73,7 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
-            redirect_uris="http://localhost:9009/",
+            redirect_uris=[RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/")],
            authorization_flow=authorization_flow,
        )
        provider.property_mappings.set(
@ -116,7 +122,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
-            redirect_uris="http://localhost:9009/auth/callback",
+            redirect_uris=[
+                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
+            ],
            authorization_flow=authorization_flow,
        )
        provider.property_mappings.set(
@ -188,7 +196,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
-            redirect_uris="http://localhost:9009/auth/callback",
+            redirect_uris=[
+                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
+            ],
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(
@ -259,7 +269,9 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
            client_id=self.client_id,
            client_secret=self.client_secret,
            signing_key=create_test_cert(),
-            redirect_uris="http://localhost:9009/auth/callback",
+            redirect_uris=[
+                RedirectURI(RedirectURIMatchingMode.STRICT, "http://localhost:9009/auth/callback")
+            ],
        )
        provider.property_mappings.set(
            ScopeMapping.objects.filter(