From cabbd18880d5cf866b6b4612ff7c0aef3ab7a255 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 13 Jun 2021 21:47:49 +0200
Subject: [PATCH] core: revert check_access API to get to prevent CSRF errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/core/api/applications.py | 12 ++++++++----
 schema.yml                         | 24 ++++++------------------
 2 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py
index ffc1c1e74..b576d9221 100644
--- a/authentik/core/api/applications.py
+++ b/authentik/core/api/applications.py
@@ -107,15 +107,19 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
         return applications
 
     @extend_schema(
-        request=inline_serializer(
-            "CheckAccessRequest", fields={"for_user": IntegerField(required=False)}
-        ),
+        parameters=[
+            OpenApiParameter(
+                name="for_user",
+                location=OpenApiParameter.QUERY,
+                type=OpenApiTypes.INT,
+            )
+        ],
         responses={
             200: PolicyTestResultSerializer(),
             404: OpenApiResponse(description="for_user user not found"),
         },
     )
-    @action(detail=True, methods=["POST"])
+    @action(detail=True, methods=["GET"])
     # pylint: disable=unused-argument
     def check_access(self, request: Request, slug: str) -> Response:
         """Check access to a single application by slug"""
diff --git a/schema.yml b/schema.yml
index 1366e80e5..1d38e7bc4 100644
--- a/schema.yml
+++ b/schema.yml
@@ -1504,10 +1504,14 @@ paths:
         '403':
           $ref: '#/components/schemas/GenericError'
   /api/v2beta/core/applications/{slug}/check_access/:
-    post:
-      operationId: core_applications_check_access_create
+    get:
+      operationId: core_applications_check_access_retrieve
       description: Check access to a single application by slug
       parameters:
+      - in: query
+        name: for_user
+        schema:
+          type: integer
       - in: path
         name: slug
         schema:
@@ -1516,17 +1520,6 @@ paths:
         required: true
       tags:
       - core
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CheckAccessRequestRequest'
-          application/x-www-form-urlencoded:
-            schema:
-              $ref: '#/components/schemas/CheckAccessRequestRequest'
-          multipart/form-data:
-            schema:
-              $ref: '#/components/schemas/CheckAccessRequestRequest'
       security:
       - authentik: []
       - cookieAuth: []
@@ -18415,11 +18408,6 @@ components:
       - shell
       - redirect
       type: string
-    CheckAccessRequestRequest:
-      type: object
-      properties:
-        for_user:
-          type: integer
     ClientTypeEnum:
       enum:
       - confidential