sources/oauth: simplify enrollment handler

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-03-23 23:07:55 +01:00
parent 4137266041
commit da4fa96499
3 changed files with 15 additions and 51 deletions

View file

@ -136,7 +136,9 @@ class OAuthCallback(OAuthClientMixin, View):
messages.error(self.request, _("Authentication Failed.")) messages.error(self.request, _("Authentication Failed."))
return redirect(self.get_error_redirect(source, reason)) return redirect(self.get_error_redirect(source, reason))
def handle_login_flow(self, flow: Flow, **kwargs) -> HttpResponse: def handle_login_flow(
self, flow: Flow, *stages_to_append, **kwargs
) -> HttpResponse:
"""Prepare Authentication Plan, redirect user FlowExecutor""" """Prepare Authentication Plan, redirect user FlowExecutor"""
# Ensure redirect is carried through when user was trying to # Ensure redirect is carried through when user was trying to
# authorize application # authorize application
@ -157,6 +159,8 @@ class OAuthCallback(OAuthClientMixin, View):
# We run the Flow planner here so we can pass the Pending user in the context # We run the Flow planner here so we can pass the Pending user in the context
planner = FlowPlanner(flow) planner = FlowPlanner(flow)
plan = planner.plan(self.request, kwargs) plan = planner.plan(self.request, kwargs)
for stage in stages_to_append:
plan.append(stage)
self.request.session[SESSION_KEY_PLAN] = plan self.request.session[SESSION_KEY_PLAN] = plan
return redirect_with_qs( return redirect_with_qs(
"authentik_core:if-flow", "authentik_core:if-flow",
@ -224,27 +228,18 @@ class OAuthCallback(OAuthClientMixin, View):
% {"source": self.source.name} % {"source": self.source.name}
), ),
) )
# Because we inject a stage into the planned flow, we can't use `self.handle_login_flow`
context = {
# Since we authenticate the user by their token, they have no backend set
PLAN_CONTEXT_AUTHENTICATION_BACKEND: "django.contrib.auth.backends.ModelBackend",
PLAN_CONTEXT_SSO: True,
PLAN_CONTEXT_SOURCE: self.source,
PLAN_CONTEXT_PROMPT: delete_none_keys(
self.get_user_enroll_context(source, access, info)
),
PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
}
# We run the Flow planner here so we can pass the Pending user in the context # We run the Flow planner here so we can pass the Pending user in the context
if not source.enrollment_flow: if not source.enrollment_flow:
LOGGER.warning("source has no enrollment flow", source=source) LOGGER.warning("source has no enrollment flow", source=source)
return HttpResponseBadRequest() return HttpResponseBadRequest()
planner = FlowPlanner(source.enrollment_flow) return self.handle_login_flow(
plan = planner.plan(self.request, context) source.enrollment_flow,
plan.append(in_memory_stage(PostUserEnrollmentStage)) in_memory_stage(PostUserEnrollmentStage),
self.request.session[SESSION_KEY_PLAN] = plan **{
return redirect_with_qs( PLAN_CONTEXT_PROMPT: delete_none_keys(
"authentik_core:if-flow", self.get_user_enroll_context(source, access, info)
self.request.GET, ),
flow_slug=source.enrollment_flow.slug, PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
},
) )

View file

@ -1,15 +0,0 @@
{% load i18n %}
<header class="pf-c-login__main-header">
<h1 class="pf-c-title pf-m-3xl">
{% trans 'WebAuthn' %}
</h1>
</header>
<div class="pf-c-login__main-body">
{% block card %}
<div class="pf-c-form">
<ak-stage-webauthn-auth>
</ak-stage-webauthn-auth>
</div>
{% endblock %}
</div>

View file

@ -1,16 +0,0 @@
{% load i18n %}
<header class="pf-c-login__main-header">
<h1 class="pf-c-title pf-m-3xl">
{% trans 'Configure WebAuthn' %}
</h1>
</header>
<div class="pf-c-login__main-body">
{% block card %}
<div class="pf-c-form">
<ak-stage-webauthn-register>
</ak-stage-webauthn-register>
</div>
{% endblock %}
</div>