core: move end-session to core

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-06 13:24:27 +02:00 · 2021-06-06 13:24:27 +02:00 · 9180d448df
parent 67470590c2
commit 9180d448df
9 changed files with 16 additions and 9 deletions
--- a/authentik/providers/oauth2/templates/providers/oauth2/end_session.html
+++ b/authentik/providers/oauth2/templates/providers/oauth2/end_session.html
--- a/authentik/core/urls.py
+++ b/authentik/core/urls.py
@ -1,4 +1,5 @@
 """authentik URL Configuration"""
+from authentik.core.views.session import EndSessionView
 from django.contrib.auth.decorators import login_required
 from django.urls import path
 from django.views.decorators.csrf import ensure_csrf_cookie
@ -36,6 +37,11 @@ urlpatterns = [
        ensure_csrf_cookie(FlowInterfaceView.as_view()),
        name="if-flow",
    ),
+    path(
+        "if/session-end/<slug:application_slug>/",
+        ensure_csrf_cookie(EndSessionView.as_view()),
+        name="if-session-end",
+    ),
    # Fallback for WS
    path("ws/outpost/<uuid:pk>/", TemplateView.as_view(template_name="if/admin.html")),
    path(
--- a/authentik/providers/oauth2/views/session.py
+++ b/authentik/providers/oauth2/views/session.py
@ -1,4 +1,4 @@
-"""authentik OAuth2 Session Views"""
+"""authentik Session Views"""
 from typing import Any

 from django.shortcuts import get_object_or_404
@ -10,7 +10,7 @@ from authentik.core.models import Application
 class EndSessionView(TemplateView):
    """Allow the client to end the Session"""

-    template_name = "providers/oauth2/end_session.html"
+    template_name = "if/end_session.html"

    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
        context = super().get_context_data(**kwargs)
--- a/authentik/providers/oauth2/api/provider.py
+++ b/authentik/providers/oauth2/api/provider.py
@ -107,7 +107,7 @@ class OAuth2ProviderViewSet(ModelViewSet):
            )
            data["logout"] = request.build_absolute_uri(
                reverse(
-                    "authentik_providers_oauth2:end-session",
+                    "authentik_core:if-session-end",
                    kwargs={"application_slug": provider.application.slug},
                )
            )
--- a/authentik/providers/oauth2/apps.py
+++ b/authentik/providers/oauth2/apps.py
@ -11,8 +11,8 @@ class AuthentikProviderOAuth2Config(AppConfig):
    label = "authentik_providers_oauth2"
    verbose_name = "authentik Providers.OAuth2"
    mountpoints = {
-        "authentik.providers.oauth2.urls": "application/o/",
        "authentik.providers.oauth2.urls_github": "",
+        "authentik.providers.oauth2.urls": "application/o/",
    }

    def ready(self) -> None:
--- a/authentik/providers/oauth2/urls.py
+++ b/authentik/providers/oauth2/urls.py
@ -1,6 +1,7 @@
 """OAuth provider URLs"""
 from django.urls import path
 from django.views.decorators.csrf import csrf_exempt
+from django.views.generic.base import RedirectView

 from authentik.providers.oauth2.constants import SCOPE_OPENID
 from authentik.providers.oauth2.utils import protected_resource_view
@ -8,7 +9,6 @@ from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
 from authentik.providers.oauth2.views.introspection import TokenIntrospectionView
 from authentik.providers.oauth2.views.jwks import JWKSView
 from authentik.providers.oauth2.views.provider import ProviderInfoView
-from authentik.providers.oauth2.views.session import EndSessionView
 from authentik.providers.oauth2.views.token import TokenView
 from authentik.providers.oauth2.views.userinfo import UserInfoView

@ -31,7 +31,7 @@ urlpatterns = [
    ),
    path(
        "<slug:application_slug>/end-session/",
-        EndSessionView.as_view(),
+        RedirectView.as_view(pattern_name="authentik_core:if-session-end"),
        name="end-session",
    ),
    path("<slug:application_slug>/jwks/", JWKSView.as_view(), name="jwks"),
--- a/authentik/providers/oauth2/views/provider.py
+++ b/authentik/providers/oauth2/views/provider.py
@ -54,7 +54,7 @@ class ProviderInfoView(View):
            ),
            "end_session_endpoint": self.request.build_absolute_uri(
                reverse(
-                    "authentik_providers_oauth2:end-session",
+                    "authentik_core:if-session-end",
                    kwargs={"application_slug": provider.application.slug},
                )
            ),
--- a/tests/e2e/test_provider_oauth2_grafana.py
+++ b/tests/e2e/test_provider_oauth2_grafana.py
@ -72,7 +72,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
                ),
                "GF_AUTH_SIGNOUT_REDIRECT_URL": (
                    self.url(
-                        "authentik_providers_oauth2:end-session",
+                        "authentik_core:if-session-end",
                        application_slug=APPLICATION_SLUG,
                    )
                ),
@ -250,7 +250,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
        self.driver.get("http://localhost:3000/logout")
        self.wait_for_url(
            self.url(
-                "authentik_providers_oauth2:end-session",
+                "authentik_core:if-session-end",
                application_slug=APPLICATION_SLUG,
            )
        )
--- a/website/docs/integrations/services/nextcloud/index.md
+++ b/website/docs/integrations/services/nextcloud/index.md
@ -46,6 +46,7 @@ Set the following values:
 - Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
 - Identifier of the IdP entity (must be a URI): `https://authentik.company`
 - URL Target of the IdP where the SP will send the Authentication Request Message: `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
+- URL Location of IdP where the SP will send the SLO Request: `https://authentik.company/if/session-end/<application-slug>/`
 - Public X.509 certificate of the IdP: Copy the PEM of the Selected Signing Certificate

 Under Attribute mapping, set these values: