flows: don't check redirect URL when set from flow plan (set from authentik or policy)
closes #1203 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
f84cd6208c
commit
d767504474
|
@ -322,14 +322,15 @@ class FlowExecutorView(APIView):
|
||||||
"""User Successfully passed all stages"""
|
"""User Successfully passed all stages"""
|
||||||
# Since this is wrapped by the ExecutorShell, the next argument is saved in the session
|
# Since this is wrapped by the ExecutorShell, the next argument is saved in the session
|
||||||
# extract the next param before cancel as that cleans it
|
# extract the next param before cancel as that cleans it
|
||||||
next_param = None
|
self.cancel()
|
||||||
if self.plan:
|
if self.plan and PLAN_CONTEXT_REDIRECT in self.plan.context:
|
||||||
next_param = self.plan.context.get(PLAN_CONTEXT_REDIRECT)
|
# The context `redirect` variable can only be set by
|
||||||
if not next_param:
|
# an expression policy or authentik itself, so we don't
|
||||||
|
# check if its an absolute URL or a relative one
|
||||||
|
return redirect(self.plan.context.get(PLAN_CONTEXT_REDIRECT))
|
||||||
next_param = self.request.session.get(SESSION_KEY_GET, {}).get(
|
next_param = self.request.session.get(SESSION_KEY_GET, {}).get(
|
||||||
NEXT_ARG_NAME, "authentik_core:root-redirect"
|
NEXT_ARG_NAME, "authentik_core:root-redirect"
|
||||||
)
|
)
|
||||||
self.cancel()
|
|
||||||
return to_stage_response(self.request, redirect_with_qs(next_param))
|
return to_stage_response(self.request, redirect_with_qs(next_param))
|
||||||
|
|
||||||
def stage_ok(self) -> HttpResponse:
|
def stage_ok(self) -> HttpResponse:
|
||||||
|
|
|
@ -22,7 +22,7 @@ def redirect_with_qs(view: str, get_query_set=None, **kwargs) -> HttpResponse:
|
||||||
except NoReverseMatch:
|
except NoReverseMatch:
|
||||||
if not is_url_absolute(view):
|
if not is_url_absolute(view):
|
||||||
return redirect(view)
|
return redirect(view)
|
||||||
LOGGER.debug("redirect target is not a valid view", view=view)
|
LOGGER.warning("redirect target is not a valid view", view=view)
|
||||||
raise
|
raise
|
||||||
else:
|
else:
|
||||||
if get_query_set:
|
if get_query_set:
|
||||||
|
|
Reference in a new issue