From 9180d448df83388835b18167c101bfbf8c4e678d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 6 Jun 2021 13:24:27 +0200 Subject: [PATCH] core: move end-session to core Signed-off-by: Jens Langhammer --- .../providers/oauth2 => core/templates/if}/end_session.html | 0 authentik/core/urls.py | 6 ++++++ authentik/{providers/oauth2 => core}/views/session.py | 4 ++-- authentik/providers/oauth2/api/provider.py | 2 +- authentik/providers/oauth2/apps.py | 2 +- authentik/providers/oauth2/urls.py | 4 ++-- authentik/providers/oauth2/views/provider.py | 2 +- tests/e2e/test_provider_oauth2_grafana.py | 4 ++-- website/docs/integrations/services/nextcloud/index.md | 1 + 9 files changed, 16 insertions(+), 9 deletions(-) rename authentik/{providers/oauth2/templates/providers/oauth2 => core/templates/if}/end_session.html (100%) rename authentik/{providers/oauth2 => core}/views/session.py (84%) diff --git a/authentik/providers/oauth2/templates/providers/oauth2/end_session.html b/authentik/core/templates/if/end_session.html similarity index 100% rename from authentik/providers/oauth2/templates/providers/oauth2/end_session.html rename to authentik/core/templates/if/end_session.html diff --git a/authentik/core/urls.py b/authentik/core/urls.py index 4f2b79aa9..c1aabab26 100644 --- a/authentik/core/urls.py +++ b/authentik/core/urls.py @@ -1,4 +1,5 @@ """authentik URL Configuration""" +from authentik.core.views.session import EndSessionView from django.contrib.auth.decorators import login_required from django.urls import path from django.views.decorators.csrf import ensure_csrf_cookie @@ -36,6 +37,11 @@ urlpatterns = [ ensure_csrf_cookie(FlowInterfaceView.as_view()), name="if-flow", ), + path( + "if/session-end//", + ensure_csrf_cookie(EndSessionView.as_view()), + name="if-session-end", + ), # Fallback for WS path("ws/outpost//", TemplateView.as_view(template_name="if/admin.html")), path( diff --git a/authentik/providers/oauth2/views/session.py b/authentik/core/views/session.py similarity index 84% rename from authentik/providers/oauth2/views/session.py rename to authentik/core/views/session.py index 7d306188b..f726bc10f 100644 --- a/authentik/providers/oauth2/views/session.py +++ b/authentik/core/views/session.py @@ -1,4 +1,4 @@ -"""authentik OAuth2 Session Views""" +"""authentik Session Views""" from typing import Any from django.shortcuts import get_object_or_404 @@ -10,7 +10,7 @@ from authentik.core.models import Application class EndSessionView(TemplateView): """Allow the client to end the Session""" - template_name = "providers/oauth2/end_session.html" + template_name = "if/end_session.html" def get_context_data(self, **kwargs: Any) -> dict[str, Any]: context = super().get_context_data(**kwargs) diff --git a/authentik/providers/oauth2/api/provider.py b/authentik/providers/oauth2/api/provider.py index db95e393e..9d1b3bb98 100644 --- a/authentik/providers/oauth2/api/provider.py +++ b/authentik/providers/oauth2/api/provider.py @@ -107,7 +107,7 @@ class OAuth2ProviderViewSet(ModelViewSet): ) data["logout"] = request.build_absolute_uri( reverse( - "authentik_providers_oauth2:end-session", + "authentik_core:if-session-end", kwargs={"application_slug": provider.application.slug}, ) ) diff --git a/authentik/providers/oauth2/apps.py b/authentik/providers/oauth2/apps.py index 59e9fd23a..8e5cc768f 100644 --- a/authentik/providers/oauth2/apps.py +++ b/authentik/providers/oauth2/apps.py @@ -11,8 +11,8 @@ class AuthentikProviderOAuth2Config(AppConfig): label = "authentik_providers_oauth2" verbose_name = "authentik Providers.OAuth2" mountpoints = { - "authentik.providers.oauth2.urls": "application/o/", "authentik.providers.oauth2.urls_github": "", + "authentik.providers.oauth2.urls": "application/o/", } def ready(self) -> None: diff --git a/authentik/providers/oauth2/urls.py b/authentik/providers/oauth2/urls.py index 2f15b34f6..33a88bea0 100644 --- a/authentik/providers/oauth2/urls.py +++ b/authentik/providers/oauth2/urls.py @@ -1,6 +1,7 @@ """OAuth provider URLs""" from django.urls import path from django.views.decorators.csrf import csrf_exempt +from django.views.generic.base import RedirectView from authentik.providers.oauth2.constants import SCOPE_OPENID from authentik.providers.oauth2.utils import protected_resource_view @@ -8,7 +9,6 @@ from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView from authentik.providers.oauth2.views.introspection import TokenIntrospectionView from authentik.providers.oauth2.views.jwks import JWKSView from authentik.providers.oauth2.views.provider import ProviderInfoView -from authentik.providers.oauth2.views.session import EndSessionView from authentik.providers.oauth2.views.token import TokenView from authentik.providers.oauth2.views.userinfo import UserInfoView @@ -31,7 +31,7 @@ urlpatterns = [ ), path( "/end-session/", - EndSessionView.as_view(), + RedirectView.as_view(pattern_name="authentik_core:if-session-end"), name="end-session", ), path("/jwks/", JWKSView.as_view(), name="jwks"), diff --git a/authentik/providers/oauth2/views/provider.py b/authentik/providers/oauth2/views/provider.py index aafa69958..050e79d23 100644 --- a/authentik/providers/oauth2/views/provider.py +++ b/authentik/providers/oauth2/views/provider.py @@ -54,7 +54,7 @@ class ProviderInfoView(View): ), "end_session_endpoint": self.request.build_absolute_uri( reverse( - "authentik_providers_oauth2:end-session", + "authentik_core:if-session-end", kwargs={"application_slug": provider.application.slug}, ) ), diff --git a/tests/e2e/test_provider_oauth2_grafana.py b/tests/e2e/test_provider_oauth2_grafana.py index ef1b1d767..a234a065e 100644 --- a/tests/e2e/test_provider_oauth2_grafana.py +++ b/tests/e2e/test_provider_oauth2_grafana.py @@ -72,7 +72,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase): ), "GF_AUTH_SIGNOUT_REDIRECT_URL": ( self.url( - "authentik_providers_oauth2:end-session", + "authentik_core:if-session-end", application_slug=APPLICATION_SLUG, ) ), @@ -250,7 +250,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase): self.driver.get("http://localhost:3000/logout") self.wait_for_url( self.url( - "authentik_providers_oauth2:end-session", + "authentik_core:if-session-end", application_slug=APPLICATION_SLUG, ) ) diff --git a/website/docs/integrations/services/nextcloud/index.md b/website/docs/integrations/services/nextcloud/index.md index 42a5cba1a..ccc99b4bc 100644 --- a/website/docs/integrations/services/nextcloud/index.md +++ b/website/docs/integrations/services/nextcloud/index.md @@ -46,6 +46,7 @@ Set the following values: - Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik` - Identifier of the IdP entity (must be a URI): `https://authentik.company` - URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml//sso/binding/redirect/` +- URL Location of IdP where the SP will send the SLO Request: `https://authentik.company/if/session-end//` - Public X.509 certificate of the IdP: Copy the PEM of the Selected Signing Certificate Under Attribute mapping, set these values: