stages/user_delete: fix delete stage failing when pending user is not explicitly set

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/flows/views/executor.py

@@ -169,10 +169,11 @@ class FlowExecutorView(APIView):
                     self.request.session[SESSION_KEY_PLAN] = plan
             # Early check if there's an active Plan for the current session
             if SESSION_KEY_PLAN in self.request.session:
-                self.plan = self.request.session[SESSION_KEY_PLAN]
+                self.plan: FlowPlan = self.request.session[SESSION_KEY_PLAN]
                 if self.plan.flow_pk != self.flow.pk.hex:
                     self._logger.warning(
                         "f(exec): Found existing plan for other flow, deleting plan",
+                        other_flow=self.plan.flow_pk,
                     )
                     # Existing plan is deleted from session and instance
                     self.plan = None

authentik/stages/user_delete/stage.py

@@ -1,10 +1,10 @@
 """Delete stage logic"""
 from django.contrib import messages
+from django.contrib.auth import logout
 from django.http import HttpRequest, HttpResponse
 from django.utils.translation import gettext as _
 from structlog.stdlib import get_logger
 
-from authentik.core.models import User
 from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
 from authentik.flows.stage import StageView
 
@@ -20,13 +20,15 @@ class UserDeleteStageView(StageView):
 
     def get(self, request: HttpRequest) -> HttpResponse:
         """Delete currently pending user"""
-        if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
+        user = self.get_pending_user()
+        if not user.is_authenticated:
             message = _("No Pending User.")
             messages.error(request, message)
             LOGGER.debug(message)
             return self.executor.stage_invalid()
-        user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
+        logout(self.request)
         user.delete()
         LOGGER.debug("Deleted user", user=user)
-        del self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
+        if PLAN_CONTEXT_PENDING_USER in self.executor.plan.context:
+            del self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
         return self.executor.stage_ok()

authentik/stages/user_delete/tests.py

@@ -48,8 +48,8 @@ class TestUserDeleteStage(FlowTestCase):
 
     def test_user_delete_get(self):
         """Test Form render"""
+        self.client.force_login(self.user)
         plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
-        plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
         session = self.client.session
         session[SESSION_KEY_PLAN] = plan
         session.save()

web/src/user/user-settings/details/stages/prompt/PromptStage.ts

@@ -37,7 +37,7 @@ export class UserSettingsPromptStage extends PromptStage {
                     ${this.host.tenant.flowUnenrollment
                         ? html` <a
                               class="pf-c-button pf-m-danger"
-                              href="/if/flow/${this.host.tenant.flowUnenrollment}"
+                              href="/if/flow/${this.host.tenant.flowUnenrollment}/"
                           >
                               ${t`Delete account`}
                           </a>`