providers/oauth2: use correct title based on flow context and translated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
ddd785898b
commit
a9a62bbfc8
|
@ -52,6 +52,7 @@ from authentik.providers.oauth2.models import (
|
||||||
from authentik.providers.oauth2.utils import HttpResponseRedirectScheme
|
from authentik.providers.oauth2.utils import HttpResponseRedirectScheme
|
||||||
from authentik.providers.oauth2.views.userinfo import UserInfoView
|
from authentik.providers.oauth2.views.userinfo import UserInfoView
|
||||||
from authentik.providers.saml.views.flows import AutosubmitChallenge
|
from authentik.providers.saml.views.flows import AutosubmitChallenge
|
||||||
|
from authentik.sources.saml.views import PLAN_CONTEXT_TITLE
|
||||||
from authentik.stages.consent.models import ConsentMode, ConsentStage
|
from authentik.stages.consent.models import ConsentMode, ConsentStage
|
||||||
from authentik.stages.consent.stage import (
|
from authentik.stages.consent.stage import (
|
||||||
PLAN_CONTEXT_CONSENT_HEADER,
|
PLAN_CONTEXT_CONSENT_HEADER,
|
||||||
|
@ -253,7 +254,6 @@ class OAuthAuthorizationParams:
|
||||||
return code
|
return code
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class AuthorizationFlowInitView(PolicyAccessView):
|
class AuthorizationFlowInitView(PolicyAccessView):
|
||||||
"""OAuth2 Flow initializer, checks access to application and starts flow"""
|
"""OAuth2 Flow initializer, checks access to application and starts flow"""
|
||||||
|
|
||||||
|
@ -366,11 +366,13 @@ class AuthorizationFlowInitView(PolicyAccessView):
|
||||||
flow_slug=self.provider.authorization_flow.slug,
|
flow_slug=self.provider.authorization_flow.slug,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
class OAuthFulfillmentStage(StageView):
|
class OAuthFulfillmentStage(StageView):
|
||||||
"""Final stage, restores params from Flow."""
|
"""Final stage, restores params from Flow."""
|
||||||
|
|
||||||
params: OAuthAuthorizationParams
|
params: OAuthAuthorizationParams
|
||||||
provider: OAuth2Provider
|
provider: OAuth2Provider
|
||||||
|
application: Application
|
||||||
|
|
||||||
def redirect(self, uri: str) -> HttpResponse:
|
def redirect(self, uri: str) -> HttpResponse:
|
||||||
"""Redirect using HttpResponseRedirectScheme, compatible with non-http schemes"""
|
"""Redirect using HttpResponseRedirectScheme, compatible with non-http schemes"""
|
||||||
|
@ -390,7 +392,12 @@ class OAuthFulfillmentStage(StageView):
|
||||||
data={
|
data={
|
||||||
"type": ChallengeTypes.NATIVE.value,
|
"type": ChallengeTypes.NATIVE.value,
|
||||||
"component": "ak-stage-autosubmit",
|
"component": "ak-stage-autosubmit",
|
||||||
"title": "Redirecting back to application...",
|
"title": (
|
||||||
|
self.executor.plan.context.get(
|
||||||
|
PLAN_CONTEXT_TITLE,
|
||||||
|
_("Redirecting to %(app)s..." % {"app": self.application.name}),
|
||||||
|
)
|
||||||
|
),
|
||||||
"url": self.params.redirect_uri,
|
"url": self.params.redirect_uri,
|
||||||
"attrs": query_params,
|
"attrs": query_params,
|
||||||
}
|
}
|
||||||
|
@ -415,8 +422,8 @@ class OAuthFulfillmentStage(StageView):
|
||||||
LOGGER.warning("Got to fulfillment stage with no pending context")
|
LOGGER.warning("Got to fulfillment stage with no pending context")
|
||||||
return HttpResponseBadRequest()
|
return HttpResponseBadRequest()
|
||||||
self.params: OAuthAuthorizationParams = self.executor.plan.context.pop(PLAN_CONTEXT_PARAMS)
|
self.params: OAuthAuthorizationParams = self.executor.plan.context.pop(PLAN_CONTEXT_PARAMS)
|
||||||
application: Application = self.executor.plan.context.pop(PLAN_CONTEXT_APPLICATION)
|
self.application: Application = self.executor.plan.context.pop(PLAN_CONTEXT_APPLICATION)
|
||||||
self.provider = get_object_or_404(OAuth2Provider, pk=application.provider_id)
|
self.provider = get_object_or_404(OAuth2Provider, pk=self.application.provider_id)
|
||||||
try:
|
try:
|
||||||
# At this point we don't need to check permissions anymore
|
# At this point we don't need to check permissions anymore
|
||||||
if {PROMPT_NONE, PROMPT_CONSENT}.issubset(self.params.prompt):
|
if {PROMPT_NONE, PROMPT_CONSENT}.issubset(self.params.prompt):
|
||||||
|
@ -428,18 +435,18 @@ class OAuthFulfillmentStage(StageView):
|
||||||
)
|
)
|
||||||
Event.new(
|
Event.new(
|
||||||
EventAction.AUTHORIZE_APPLICATION,
|
EventAction.AUTHORIZE_APPLICATION,
|
||||||
authorized_application=application,
|
authorized_application=self.application,
|
||||||
flow=self.executor.plan.flow_pk,
|
flow=self.executor.plan.flow_pk,
|
||||||
scopes=", ".join(self.params.scope),
|
scopes=", ".join(self.params.scope),
|
||||||
).from_http(self.request)
|
).from_http(self.request)
|
||||||
return self.redirect(self.create_response_uri())
|
return self.redirect(self.create_response_uri())
|
||||||
except (ClientIdError, RedirectUriError) as error:
|
except (ClientIdError, RedirectUriError) as error:
|
||||||
error.to_event(application=application).from_http(request)
|
error.to_event(application=self.application).from_http(request)
|
||||||
self.executor.stage_invalid()
|
self.executor.stage_invalid()
|
||||||
# pylint: disable=no-member
|
# pylint: disable=no-member
|
||||||
return bad_request_message(request, error.description, title=error.error)
|
return bad_request_message(request, error.description, title=error.error)
|
||||||
except AuthorizeError as error:
|
except AuthorizeError as error:
|
||||||
error.to_event(application=application).from_http(request)
|
error.to_event(application=self.application).from_http(request)
|
||||||
self.executor.stage_invalid()
|
self.executor.stage_invalid()
|
||||||
return self.redirect(error.create_uri())
|
return self.redirect(error.create_uri())
|
||||||
|
|
||||||
|
|
Reference in a new issue