diff --git a/authentik/stages/email/stage.py b/authentik/stages/email/stage.py index 123b1fc15..77f29e0a0 100644 --- a/authentik/stages/email/stage.py +++ b/authentik/stages/email/stage.py @@ -22,7 +22,7 @@ from authentik.stages.email.tasks import send_mails from authentik.stages.email.utils import TemplateEmailMessage LOGGER = get_logger() -QS_KEY_TOKEN = "token" # nosec +QS_KEY_TOKEN = "etoken" # nosec PLAN_CONTEXT_EMAIL_SENT = "email_sent" diff --git a/authentik/stages/invitation/stage.py b/authentik/stages/invitation/stage.py index 364b77816..eb3b77fe8 100644 --- a/authentik/stages/invitation/stage.py +++ b/authentik/stages/invitation/stage.py @@ -15,7 +15,8 @@ from authentik.stages.invitation.signals import invitation_used from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT LOGGER = get_logger() -INVITATION_TOKEN_KEY = "token" # nosec +INVITATION_TOKEN_KEY_CONTEXT = "token" # nosec +INVITATION_TOKEN_KEY = "itoken" # nosec INVITATION_IN_EFFECT = "invitation_in_effect" INVITATION = "invitation" @@ -29,10 +30,14 @@ class InvitationStageView(StageView): def get_token(self) -> Optional[str]: """Get token from saved get-arguments or prompt_data""" + # Check for ?token= and ?itoken= if INVITATION_TOKEN_KEY in self.request.session.get(SESSION_KEY_GET, {}): return self.request.session[SESSION_KEY_GET][INVITATION_TOKEN_KEY] - if INVITATION_TOKEN_KEY in self.executor.plan.context.get(PLAN_CONTEXT_PROMPT, {}): - return self.executor.plan.context[PLAN_CONTEXT_PROMPT][INVITATION_TOKEN_KEY] + if INVITATION_TOKEN_KEY_CONTEXT in self.request.session.get(SESSION_KEY_GET, {}): + return self.request.session[SESSION_KEY_GET][INVITATION_TOKEN_KEY_CONTEXT] + # Check for {'token': ''} in the context + if INVITATION_TOKEN_KEY_CONTEXT in self.executor.plan.context.get(PLAN_CONTEXT_PROMPT, {}): + return self.executor.plan.context[PLAN_CONTEXT_PROMPT][INVITATION_TOKEN_KEY_CONTEXT] return None def get(self, request: HttpRequest) -> HttpResponse: diff --git a/web/src/pages/stages/invitation/InvitationListLink.ts b/web/src/pages/stages/invitation/InvitationListLink.ts index 8af265728..50b5f72f9 100644 --- a/web/src/pages/stages/invitation/InvitationListLink.ts +++ b/web/src/pages/stages/invitation/InvitationListLink.ts @@ -23,7 +23,7 @@ export class InvitationListLink extends LitElement { } renderLink(): string { - return `${window.location.protocol}//${window.location.host}/if/flow/${this.selectedFlow}/?token=${this.invitation}`; + return `${window.location.protocol}//${window.location.host}/if/flow/${this.selectedFlow}/?itoken=${this.invitation}`; } render(): TemplateResult { diff --git a/website/docs/flow/stages/invitation/index.md b/website/docs/flow/stages/invitation/index.md index bd7dcd637..a24bd4eb7 100644 --- a/website/docs/flow/stages/invitation/index.md +++ b/website/docs/flow/stages/invitation/index.md @@ -8,6 +8,6 @@ If the option `Continue Flow without Invitation` is enabled, this stage will con To check if a user has used an invitation within a policy, you can check `request.context.invitation_in_effect`. -To use an invitation, use the URL `https://authentik.tld/if/flow/your-enrollment-flow/?token=invitation-token`. +To use an invitation, use the URL `https://authentik.tld/if/flow/your-enrollment-flow/?itoken=invitation-token`. You can also prompt the user for an invite by using the [*Prompt stage*](../prompt/index.md) by using a field with a field key of `token`.