From 61d14078043e5bb4e643ca29d1192da73ac48e1e Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 12 Jan 2021 22:37:33 +0100
Subject: [PATCH] sources/*: Set PLAN_CONTEXT_SOURCE when logging in with a
 source

---
 authentik/flows/planner.py                    | 1 +
 authentik/sources/oauth/views/callback.py     | 4 +++-
 authentik/sources/saml/processors/response.py | 3 ++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/authentik/flows/planner.py b/authentik/flows/planner.py
index 7ed49a69b..8105051e6 100644
--- a/authentik/flows/planner.py
+++ b/authentik/flows/planner.py
@@ -21,6 +21,7 @@ PLAN_CONTEXT_PENDING_USER = "pending_user"
 PLAN_CONTEXT_SSO = "is_sso"
 PLAN_CONTEXT_REDIRECT = "redirect"
 PLAN_CONTEXT_APPLICATION = "application"
+PLAN_CONTEXT_SOURCE = "source"
 
 
 def cache_key(flow: Flow, user: Optional[User] = None) -> str:
diff --git a/authentik/sources/oauth/views/callback.py b/authentik/sources/oauth/views/callback.py
index fc91e730a..bd0d249e4 100644
--- a/authentik/sources/oauth/views/callback.py
+++ b/authentik/sources/oauth/views/callback.py
@@ -15,7 +15,7 @@ from authentik.events.models import Event, EventAction
 from authentik.flows.models import Flow, in_memory_stage
 from authentik.flows.planner import (
     PLAN_CONTEXT_PENDING_USER,
-    PLAN_CONTEXT_REDIRECT,
+    PLAN_CONTEXT_REDIRECT, PLAN_CONTEXT_SOURCE,
     PLAN_CONTEXT_SSO,
     FlowPlanner,
 )
@@ -146,6 +146,7 @@ class OAuthCallback(OAuthClientMixin, View):
                 # Since we authenticate the user by their token, they have no backend set
                 PLAN_CONTEXT_AUTHENTICATION_BACKEND: "django.contrib.auth.backends.ModelBackend",
                 PLAN_CONTEXT_SSO: True,
+                PLAN_CONTEXT_SOURCE: self.source,
                 PLAN_CONTEXT_REDIRECT: final_redirect,
             }
         )
@@ -224,6 +225,7 @@ class OAuthCallback(OAuthClientMixin, View):
             # Since we authenticate the user by their token, they have no backend set
             PLAN_CONTEXT_AUTHENTICATION_BACKEND: "django.contrib.auth.backends.ModelBackend",
             PLAN_CONTEXT_SSO: True,
+            PLAN_CONTEXT_SOURCE: self.source,
             PLAN_CONTEXT_PROMPT: delete_none_keys(
                 self.get_user_enroll_context(source, access, info)
             ),
diff --git a/authentik/sources/saml/processors/response.py b/authentik/sources/saml/processors/response.py
index 655365849..bfa3337f0 100644
--- a/authentik/sources/saml/processors/response.py
+++ b/authentik/sources/saml/processors/response.py
@@ -13,7 +13,7 @@ from authentik.core.models import User
 from authentik.flows.models import Flow
 from authentik.flows.planner import (
     PLAN_CONTEXT_PENDING_USER,
-    PLAN_CONTEXT_REDIRECT,
+    PLAN_CONTEXT_REDIRECT, PLAN_CONTEXT_SOURCE,
     PLAN_CONTEXT_SSO,
     FlowPlanner,
 )
@@ -217,6 +217,7 @@ class ResponseProcessor:
         self, request: HttpRequest, flow: Flow, **kwargs
     ) -> HttpResponse:
         kwargs[PLAN_CONTEXT_SSO] = True
+        kwargs[PLAN_CONTEXT_SOURCE] = self._source
         request.session[SESSION_KEY_PLAN] = FlowPlanner(flow).plan(request, kwargs)
         return redirect_with_qs(
             "authentik_flows:flow-executor-shell",