flows: don't check redirect URL when set from flow plan (set from authentik or policy)

closes #1203

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-08-01 15:10:45 +02:00
parent 92a448b677
commit 4e5dba1d0b
2 changed files with 9 additions and 8 deletions

View File

@ -322,14 +322,15 @@ class FlowExecutorView(APIView):
"""User Successfully passed all stages"""
# Since this is wrapped by the ExecutorShell, the next argument is saved in the session
# extract the next param before cancel as that cleans it
next_param = None
if self.plan:
next_param = self.plan.context.get(PLAN_CONTEXT_REDIRECT)
if not next_param:
next_param = self.request.session.get(SESSION_KEY_GET, {}).get(
NEXT_ARG_NAME, "authentik_core:root-redirect"
)
self.cancel()
if self.plan and PLAN_CONTEXT_REDIRECT in self.plan.context:
# The context `redirect` variable can only be set by
# an expression policy or authentik itself, so we don't
# check if its an absolute URL or a relative one
return redirect(self.plan.context.get(PLAN_CONTEXT_REDIRECT))
next_param = self.request.session.get(SESSION_KEY_GET, {}).get(
NEXT_ARG_NAME, "authentik_core:root-redirect"
)
return to_stage_response(self.request, redirect_with_qs(next_param))
def stage_ok(self) -> HttpResponse:

View File

@ -22,7 +22,7 @@ def redirect_with_qs(view: str, get_query_set=None, **kwargs) -> HttpResponse:
except NoReverseMatch:
if not is_url_absolute(view):
return redirect(view)
LOGGER.debug("redirect target is not a valid view", view=view)
LOGGER.warning("redirect target is not a valid view", view=view)
raise
else:
if get_query_set: