47e330d08a
* flows: add FlowPlan .to_redirect helper to redirect to flow executor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * flows: add initial silent flow executor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refactor and add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * how'd that happen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix most tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't set allowed_silent_types if we cant transmit data via URL Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix stage not being set early enough Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix OAuthDeviceCodeFinishStage being marked able-to-be-skipped-to when it is not Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont skip on rac for now Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add support for SAML redirect Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
39 lines
1.4 KiB
Python
39 lines
1.4 KiB
Python
"""oauth2 provider end_session Views"""
|
|
|
|
from django.http import Http404, HttpRequest, HttpResponse
|
|
from django.shortcuts import get_object_or_404
|
|
|
|
from authentik.core.models import Application
|
|
from authentik.flows.models import Flow, in_memory_stage
|
|
from authentik.flows.planner import PLAN_CONTEXT_APPLICATION, FlowPlanner
|
|
from authentik.flows.stage import SessionEndStage
|
|
from authentik.policies.views import PolicyAccessView
|
|
|
|
|
|
class EndSessionView(PolicyAccessView):
|
|
"""Redirect to application's provider's invalidation flow"""
|
|
|
|
flow: Flow
|
|
|
|
def resolve_provider_application(self):
|
|
self.application = get_object_or_404(Application, slug=self.kwargs["application_slug"])
|
|
self.provider = self.application.get_provider()
|
|
if not self.provider:
|
|
raise Http404
|
|
self.flow = self.provider.invalidation_flow or self.request.brand.flow_invalidation
|
|
if not self.flow:
|
|
raise Http404
|
|
|
|
def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
|
|
"""Dispatch the flow planner for the invalidation flow"""
|
|
planner = FlowPlanner(self.flow)
|
|
planner.allow_empty_flows = True
|
|
plan = planner.plan(
|
|
request,
|
|
{
|
|
PLAN_CONTEXT_APPLICATION: self.application,
|
|
},
|
|
)
|
|
plan.insert_stage(in_memory_stage(SessionEndStage))
|
|
return plan.to_redirect(self.request, self.flow)
|