trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/oauth2: fix incorrect scope permissions shown (#6696) 

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-08-30 17:27:40 +02:00 committed by GitHub
parent bfd0fb66b3
commit 3afff1bae9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
authentik/providers/oauth2/views/authorize.py
View File

@ -375,7 +375,9 @@ class AuthorizationFlowInitView(PolicyAccessView):
): ):
self.request.session[SESSION_KEY_LAST_LOGIN_UID] = login_uid self.request.session[SESSION_KEY_LAST_LOGIN_UID] = login_uid
return self.handle_no_permission() return self.handle_no_permission()
scope_descriptions = UserInfoView().get_scope_descriptions(self.params.scope) scope_descriptions = UserInfoView().get_scope_descriptions(
self.params.scope, self.params.provider
)
# Regardless, we start the planner and return to it # Regardless, we start the planner and return to it
planner = FlowPlanner(self.provider.authorization_flow) planner = FlowPlanner(self.provider.authorization_flow)
planner.allow_empty_flows = True planner.allow_empty_flows = True

2
authentik/providers/oauth2/views/device_init.py
View File

@ -55,7 +55,7 @@ def validate_code(code: int, request: HttpRequest) -> Optional[HttpResponse]:
if not app: if not app:
return None return None
scope_descriptions = UserInfoView().get_scope_descriptions(token.scope) scope_descriptions = UserInfoView().get_scope_descriptions(token.scope, token.provider)
planner = FlowPlanner(token.provider.authorization_flow) planner = FlowPlanner(token.provider.authorization_flow)
planner.allow_empty_flows = True planner.allow_empty_flows = True
try: try:

8
authentik/providers/oauth2/views/userinfo.py
View File

@ -40,10 +40,14 @@ class UserInfoView(View):
token: Optional[RefreshToken] token: Optional[RefreshToken]
def get_scope_descriptions(self, scopes: list[str]) -> list[PermissionDict]: def get_scope_descriptions(
self, scopes: list[str], provider: OAuth2Provider
) -> list[PermissionDict]:
"""Get a list of all Scopes's descriptions""" """Get a list of all Scopes's descriptions"""
scope_descriptions = [] scope_descriptions = []
for scope in ScopeMapping.objects.filter(scope_name__in=scopes).order_by("scope_name"): for scope in ScopeMapping.objects.filter(scope_name__in=scopes, provider=provider).order_by(
"scope_name"
):
scope_descriptions.append(PermissionDict(id=scope.scope_name, name=scope.description)) scope_descriptions.append(PermissionDict(id=scope.scope_name, name=scope.description))
# GitHub Compatibility Scopes are handled differently, since they required custom paths # GitHub Compatibility Scopes are handled differently, since they required custom paths
# Hence they don't exist as Scope objects # Hence they don't exist as Scope objects