trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

core: move end-session to core 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-06 13:24:27 +02:00
parent 67470590c2
commit 9180d448df
9 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
authentik/providers/oauth2/templates/providers/oauth2/end_session.html → authentik/core/templates/if/end_session.html
View File

6
authentik/core/urls.py
View File

@ -1,4 +1,5 @@
"""authentik URL Configuration""" """authentik URL Configuration"""
from authentik.core.views.session import EndSessionView
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.urls import path from django.urls import path
from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.csrf import ensure_csrf_cookie
@ -36,6 +37,11 @@ urlpatterns = [
ensure_csrf_cookie(FlowInterfaceView.as_view()), ensure_csrf_cookie(FlowInterfaceView.as_view()),
name="if-flow", name="if-flow",
), ),
path(
"if/session-end/<slug:application_slug>/",
ensure_csrf_cookie(EndSessionView.as_view()),
name="if-session-end",
),
# Fallback for WS # Fallback for WS
path("ws/outpost/<uuid:pk>/", TemplateView.as_view(template_name="if/admin.html")), path("ws/outpost/<uuid:pk>/", TemplateView.as_view(template_name="if/admin.html")),
path( path(

4
authentik/providers/oauth2/views/session.py → authentik/core/views/session.py
View File

@ -1,4 +1,4 @@
"""authentik OAuth2 Session Views""" """authentik Session Views"""
from typing import Any from typing import Any
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
@ -10,7 +10,7 @@ from authentik.core.models import Application
class EndSessionView(TemplateView): class EndSessionView(TemplateView):
"""Allow the client to end the Session""" """Allow the client to end the Session"""
template_name = "providers/oauth2/end_session.html" template_name = "if/end_session.html"
def get_context_data(self, **kwargs: Any) -> dict[str, Any]: def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)

2
authentik/providers/oauth2/api/provider.py
View File

@ -107,7 +107,7 @@ class OAuth2ProviderViewSet(ModelViewSet):
) )
data["logout"] = request.build_absolute_uri( data["logout"] = request.build_absolute_uri(
reverse( reverse(
"authentik_providers_oauth2:end-session", "authentik_core:if-session-end",
kwargs={"application_slug": provider.application.slug}, kwargs={"application_slug": provider.application.slug},
) )
) )

2
authentik/providers/oauth2/apps.py
View File

@ -11,8 +11,8 @@ class AuthentikProviderOAuth2Config(AppConfig):
label = "authentik_providers_oauth2" label = "authentik_providers_oauth2"
verbose_name = "authentik Providers.OAuth2" verbose_name = "authentik Providers.OAuth2"
mountpoints = { mountpoints = {
"authentik.providers.oauth2.urls": "application/o/",
"authentik.providers.oauth2.urls_github": "", "authentik.providers.oauth2.urls_github": "",
"authentik.providers.oauth2.urls": "application/o/",
} }
def ready(self) -> None: def ready(self) -> None:

4
authentik/providers/oauth2/urls.py
View File

@ -1,6 +1,7 @@
"""OAuth provider URLs""" """OAuth provider URLs"""
from django.urls import path from django.urls import path
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from django.views.generic.base import RedirectView
from authentik.providers.oauth2.constants import SCOPE_OPENID from authentik.providers.oauth2.constants import SCOPE_OPENID
from authentik.providers.oauth2.utils import protected_resource_view from authentik.providers.oauth2.utils import protected_resource_view
@ -8,7 +9,6 @@ from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
from authentik.providers.oauth2.views.introspection import TokenIntrospectionView from authentik.providers.oauth2.views.introspection import TokenIntrospectionView
from authentik.providers.oauth2.views.jwks import JWKSView from authentik.providers.oauth2.views.jwks import JWKSView
from authentik.providers.oauth2.views.provider import ProviderInfoView from authentik.providers.oauth2.views.provider import ProviderInfoView
from authentik.providers.oauth2.views.session import EndSessionView
from authentik.providers.oauth2.views.token import TokenView from authentik.providers.oauth2.views.token import TokenView
from authentik.providers.oauth2.views.userinfo import UserInfoView from authentik.providers.oauth2.views.userinfo import UserInfoView
@ -31,7 +31,7 @@ urlpatterns = [
), ),
path( path(
"<slug:application_slug>/end-session/", "<slug:application_slug>/end-session/",
EndSessionView.as_view(), RedirectView.as_view(pattern_name="authentik_core:if-session-end"),
name="end-session", name="end-session",
), ),
path("<slug:application_slug>/jwks/", JWKSView.as_view(), name="jwks"), path("<slug:application_slug>/jwks/", JWKSView.as_view(), name="jwks"),

2
authentik/providers/oauth2/views/provider.py
View File

@ -54,7 +54,7 @@ class ProviderInfoView(View):
), ),
"end_session_endpoint": self.request.build_absolute_uri( "end_session_endpoint": self.request.build_absolute_uri(
reverse( reverse(
"authentik_providers_oauth2:end-session", "authentik_core:if-session-end",
kwargs={"application_slug": provider.application.slug}, kwargs={"application_slug": provider.application.slug},
) )
), ),

4
tests/e2e/test_provider_oauth2_grafana.py
View File

@ -72,7 +72,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
), ),
"GF_AUTH_SIGNOUT_REDIRECT_URL": ( "GF_AUTH_SIGNOUT_REDIRECT_URL": (
self.url( self.url(
"authentik_providers_oauth2:end-session", "authentik_core:if-session-end",
application_slug=APPLICATION_SLUG, application_slug=APPLICATION_SLUG,
) )
), ),
@ -250,7 +250,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
self.driver.get("http://localhost:3000/logout") self.driver.get("http://localhost:3000/logout")
self.wait_for_url( self.wait_for_url(
self.url( self.url(
"authentik_providers_oauth2:end-session", "authentik_core:if-session-end",
application_slug=APPLICATION_SLUG, application_slug=APPLICATION_SLUG,
) )
) )

1
website/docs/integrations/services/nextcloud/index.md
View File

@ -46,6 +46,7 @@ Set the following values:
- Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik` - Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
- Identifier of the IdP entity (must be a URI): `https://authentik.company` - Identifier of the IdP entity (must be a URI): `https://authentik.company`
- URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/` - URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
- URL Location of IdP where the SP will send the SLO Request: `https://authentik.company/if/session-end/<application-slug>/`
- Public X.509 certificate of the IdP: Copy the PEM of the Selected Signing Certificate - Public X.509 certificate of the IdP: Copy the PEM of the Selected Signing Certificate
Under Attribute mapping, set these values: Under Attribute mapping, set these values: