sources/oauth: simplify enrollment handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-03-23 23:07:55 +01:00
parent 4137266041
commit da4fa96499
3 changed files with 15 additions and 51 deletions

View file

@ -136,7 +136,9 @@ class OAuthCallback(OAuthClientMixin, View):
messages.error(self.request, _("Authentication Failed."))
return redirect(self.get_error_redirect(source, reason))
def handle_login_flow(self, flow: Flow, **kwargs) -> HttpResponse:
def handle_login_flow(
self, flow: Flow, *stages_to_append, **kwargs
) -> HttpResponse:
"""Prepare Authentication Plan, redirect user FlowExecutor"""
# Ensure redirect is carried through when user was trying to
# authorize application
@ -157,6 +159,8 @@ class OAuthCallback(OAuthClientMixin, View):
# We run the Flow planner here so we can pass the Pending user in the context
planner = FlowPlanner(flow)
plan = planner.plan(self.request, kwargs)
for stage in stages_to_append:
plan.append(stage)
self.request.session[SESSION_KEY_PLAN] = plan
return redirect_with_qs(
"authentik_core:if-flow",
@ -224,27 +228,18 @@ class OAuthCallback(OAuthClientMixin, View):
% {"source": self.source.name}
),
)
# Because we inject a stage into the planned flow, we can't use `self.handle_login_flow`
context = {
# Since we authenticate the user by their token, they have no backend set
PLAN_CONTEXT_AUTHENTICATION_BACKEND: "django.contrib.auth.backends.ModelBackend",
PLAN_CONTEXT_SSO: True,
PLAN_CONTEXT_SOURCE: self.source,
PLAN_CONTEXT_PROMPT: delete_none_keys(
self.get_user_enroll_context(source, access, info)
),
PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
}
# We run the Flow planner here so we can pass the Pending user in the context
if not source.enrollment_flow:
LOGGER.warning("source has no enrollment flow", source=source)
return HttpResponseBadRequest()
planner = FlowPlanner(source.enrollment_flow)
plan = planner.plan(self.request, context)
plan.append(in_memory_stage(PostUserEnrollmentStage))
self.request.session[SESSION_KEY_PLAN] = plan
return redirect_with_qs(
"authentik_core:if-flow",
self.request.GET,
flow_slug=source.enrollment_flow.slug,
return self.handle_login_flow(
source.enrollment_flow,
in_memory_stage(PostUserEnrollmentStage),
**{
PLAN_CONTEXT_PROMPT: delete_none_keys(
self.get_user_enroll_context(source, access, info)
),
PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
},
)

View file

@ -1,15 +0,0 @@
{% load i18n %}
<header class="pf-c-login__main-header">
<h1 class="pf-c-title pf-m-3xl">
{% trans 'WebAuthn' %}
</h1>
</header>
<div class="pf-c-login__main-body">
{% block card %}
<div class="pf-c-form">
<ak-stage-webauthn-auth>
</ak-stage-webauthn-auth>
</div>
{% endblock %}
</div>

View file

@ -1,16 +0,0 @@
{% load i18n %}
<header class="pf-c-login__main-header">
<h1 class="pf-c-title pf-m-3xl">
{% trans 'Configure WebAuthn' %}
</h1>
</header>
<div class="pf-c-login__main-body">
{% block card %}
<div class="pf-c-form">
<ak-stage-webauthn-register>
</ak-stage-webauthn-register>
</div>
{% endblock %}
</div>