providers/saml: fix Autosubmit Challenge

This commit is contained in:
Jens Langhammer 2021-02-28 00:09:08 +01:00
parent 9cdfd8b75a
commit 0958740b51
2 changed files with 9 additions and 10 deletions

View file

@ -1,12 +1,10 @@
"""authentik SAML IDP Views""" """authentik SAML IDP Views"""
from django.core.validators import URLValidator from django.core.validators import URLValidator
from django.db.models.fields import CharField
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
from django.http.response import HttpResponseBadRequest from django.http.response import HttpResponseBadRequest
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect
from django.utils.http import urlencode from django.utils.http import urlencode
from django.utils.translation import gettext_lazy as _ from rest_framework.fields import CharField, DictField
from rest_framework.fields import DictField
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
from authentik.core.models import Application from authentik.core.models import Application
@ -35,7 +33,7 @@ class AutosubmitChallenge(Challenge):
"""Autosubmit challenge used to send and navigate a POST request""" """Autosubmit challenge used to send and navigate a POST request"""
url = CharField() url = CharField()
attrs = DictField(CharField()) attrs = DictField(child=CharField())
# This View doesn't have a URL on purpose, as its called by the FlowExecutor # This View doesn't have a URL on purpose, as its called by the FlowExecutor
@ -73,14 +71,15 @@ class SAMLFlowFinalView(ChallengeStageView):
} }
if auth_n_request.relay_state: if auth_n_request.relay_state:
form_attrs[REQUEST_KEY_RELAY_STATE] = auth_n_request.relay_state form_attrs[REQUEST_KEY_RELAY_STATE] = auth_n_request.relay_state
return self.get_challenge( return super().get(
{ self.request,
**{
"type": ChallengeTypes.native, "type": ChallengeTypes.native,
"component": "ak-stage-autosubmit", "component": "ak-stage-autosubmit",
"title": _("Redirecting to %(app)s..." % {"app": application.name}), "title": "Redirecting to %(app)s..." % {"app": application.name},
"url": provider.acs_url, "url": provider.acs_url,
"attrs": form_attrs, "attrs": form_attrs,
} },
) )
if provider.sp_binding == SAMLBindings.REDIRECT: if provider.sp_binding == SAMLBindings.REDIRECT:
url_args = { url_args = {
@ -93,7 +92,7 @@ class SAMLFlowFinalView(ChallengeStageView):
return bad_request_message(request, "Invalid sp_binding specified") return bad_request_message(request, "Invalid sp_binding specified")
def get_challenge(self, *args, **kwargs) -> Challenge: def get_challenge(self, *args, **kwargs) -> Challenge:
return Challenge(data=kwargs) return AutosubmitChallenge(data=kwargs)
def challenge_valid(self, response: ChallengeResponse) -> HttpResponse: def challenge_valid(self, response: ChallengeResponse) -> HttpResponse:
# We'll never get here since the challenge redirects to the SP # We'll never get here since the challenge redirects to the SP

View file

@ -34,7 +34,7 @@ export class AutosubmitStage extends BaseStage {
</h1> </h1>
</header> </header>
<div class="pf-c-login__main-body"> <div class="pf-c-login__main-body">
<form class="pf-c-form" > <form class="pf-c-form" action="${this.challenge.url}" method="POST">
${Object.entries(this.challenge.attrs).map(([ key, value ]) => { ${Object.entries(this.challenge.attrs).map(([ key, value ]) => {
return html`<input type="hidden" name="${key}" value="${value}">`; return html`<input type="hidden" name="${key}" value="${value}">`;
})} })}