sources/oauth: fix URLs being overwritten by OIDC urls (#8147)

* sources/oauth: fix URLs being overwritten by OIDC urls

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2024-01-13 16:27:44 +01:00 committed by GitHub
parent 85ebbcfb82
commit 7c116acf0f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 6 deletions

View file

@ -56,6 +56,7 @@ class OAuthSourceSerializer(SourceSerializer):
"""Get source's type configuration""" """Get source's type configuration"""
return SourceTypeSerializer(instance.source_type).data return SourceTypeSerializer(instance.source_type).data
# pylint: disable=too-many-locals
def validate(self, attrs: dict) -> dict: def validate(self, attrs: dict) -> dict:
session = get_http_session() session = get_http_session()
source_type = registry.find_type(attrs["provider_type"]) source_type = registry.find_type(attrs["provider_type"])
@ -73,9 +74,17 @@ class OAuthSourceSerializer(SourceSerializer):
config = well_known_config.json() config = well_known_config.json()
if "issuer" not in config: if "issuer" not in config:
raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"}) raise ValidationError({"oidc_well_known_url": "Invalid well-known configuration"})
attrs["authorization_url"] = config.get("authorization_endpoint", "") field_map = {
attrs["access_token_url"] = config.get("token_endpoint", "") # authentik field to oidc field
attrs["profile_url"] = config.get("userinfo_endpoint", "") "authorization_url": "authorization_endpoint",
"access_token_url": "token_endpoint",
"profile_url": "userinfo_endpoint",
}
for ak_key, oidc_key in field_map.items():
# Don't overwrite user-set values
if ak_key in attrs and attrs[ak_key]:
continue
attrs[ak_key] = config.get(oidc_key, "")
inferred_oidc_jwks_url = config.get("jwks_uri", "") inferred_oidc_jwks_url = config.get("jwks_uri", "")
# Prefer user-entered URL to inferred URL to default URL # Prefer user-entered URL to inferred URL to default URL

View file

@ -83,9 +83,6 @@ class TestOAuthSource(APITestCase):
"provider_type": "openidconnect", "provider_type": "openidconnect",
"consumer_key": "foo", "consumer_key": "foo",
"consumer_secret": "foo", "consumer_secret": "foo",
"authorization_url": "http://foo",
"access_token_url": "http://foo",
"profile_url": "http://foo",
"oidc_well_known_url": url, "oidc_well_known_url": url,
"oidc_jwks_url": "", "oidc_jwks_url": "",
}, },