providers/oauth2: fix events being created from /application/o/authorize/

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-21 22:59:01 +02:00 · 2021-10-21 22:59:01 +02:00 · 8eb4d53810
parent e60dfc5b3c
commit 8eb4d53810
1 changed files with 3 additions and 0 deletions
--- a/authentik/providers/oauth2/views/authorize.py
+++ b/authentik/providers/oauth2/views/authorize.py
@ -386,6 +386,9 @@ class AuthorizationFlowInitView(PolicyAccessView):
    def pre_permission_check(self):
        """Check prompt parameter before checking permission/authentication,
        see https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.6"""
+        # Quick sanity check at the beginning to prevent event spamming
+        if len(self.request.GET) < 1:
+            raise Http404
        try:
            self.params = OAuthAuthorizationParams.from_request(self.request)
        except AuthorizeError as error: