5b66dbe890
* add initial Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add web stage for session end Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate saml and tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * group flow settings when providers have multiple flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * adjust name for default provider invalidation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-make migrations Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add invalidation_flow to saml importer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-do migrations again Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web stuff to get rid of old libraries Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make unbind flow for ldap configurable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated: fix flow inspector Signed-off-by: Jens Langhammer <jens@goauthentik.io> * handle invalidation_flow as optional, as it should be Signed-off-by: Jens Langhammer <jens@goauthentik.io> * also fix ldap outpost Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't generate URL in client Signed-off-by: Jens Langhammer <jens@goauthentik.io> * actually make it work??? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix migration breaking things...? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start fixing tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-migrate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix duplicate flow setting Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix race condition with brand Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix oauth test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix SAML tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add to wizard, fix required Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make required, start release notes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens@goauthentik.io>
46 lines
1.7 KiB
Python
46 lines
1.7 KiB
Python
"""oauth2 provider end_session Views"""
|
|
|
|
from django.http import Http404, HttpRequest, HttpResponse
|
|
from django.shortcuts import get_object_or_404
|
|
|
|
from authentik.core.models import Application
|
|
from authentik.flows.models import Flow, in_memory_stage
|
|
from authentik.flows.planner import PLAN_CONTEXT_APPLICATION, FlowPlanner
|
|
from authentik.flows.stage import SessionEndStage
|
|
from authentik.flows.views.executor import SESSION_KEY_PLAN
|
|
from authentik.lib.utils.urls import redirect_with_qs
|
|
from authentik.policies.views import PolicyAccessView
|
|
|
|
|
|
class EndSessionView(PolicyAccessView):
|
|
"""Redirect to application's provider's invalidation flow"""
|
|
|
|
flow: Flow
|
|
|
|
def resolve_provider_application(self):
|
|
self.application = get_object_or_404(Application, slug=self.kwargs["application_slug"])
|
|
self.provider = self.application.get_provider()
|
|
if not self.provider:
|
|
raise Http404
|
|
self.flow = self.provider.invalidation_flow or self.request.brand.flow_invalidation
|
|
if not self.flow:
|
|
raise Http404
|
|
|
|
def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
|
|
"""Dispatch the flow planner for the invalidation flow"""
|
|
planner = FlowPlanner(self.flow)
|
|
planner.allow_empty_flows = True
|
|
plan = planner.plan(
|
|
request,
|
|
{
|
|
PLAN_CONTEXT_APPLICATION: self.application,
|
|
},
|
|
)
|
|
plan.insert_stage(in_memory_stage(SessionEndStage))
|
|
request.session[SESSION_KEY_PLAN] = plan
|
|
return redirect_with_qs(
|
|
"authentik_core:if-flow",
|
|
self.request.GET,
|
|
flow_slug=self.flow.slug,
|
|
)
|