diff --git a/authentik/events/models.py b/authentik/events/models.py index 53b9dd8e3..e2f8e4ec6 100644 --- a/authentik/events/models.py +++ b/authentik/events/models.py @@ -214,11 +214,18 @@ class Event(SerializerModel, ExpiringModel): Events independently from requests. `user` arguments optionally overrides user from requests.""" if request: + from authentik.flows.views.executor import QS_QUERY + self.context["http_request"] = { "path": request.path, "method": request.method, "args": QueryDict(request.META.get("QUERY_STRING", "")), } + # Special case for events created during flow execution + # since they keep the http query within a wrapped query + if QS_QUERY in self.context["http_request"]["args"]: + wrapped = self.context["http_request"]["args"][QS_QUERY] + self.context["http_request"]["args"] = QueryDict(wrapped) if hasattr(request, "tenant"): tenant: Tenant = request.tenant # Because self.created only gets set on save, we can't use it's value here diff --git a/authentik/flows/views/executor.py b/authentik/flows/views/executor.py index 04ac610cd..1279940b6 100644 --- a/authentik/flows/views/executor.py +++ b/authentik/flows/views/executor.py @@ -69,6 +69,7 @@ SESSION_KEY_GET = "authentik/flows/get" SESSION_KEY_POST = "authentik/flows/post" SESSION_KEY_HISTORY = "authentik/flows/history" QS_KEY_TOKEN = "flow_token" # nosec +QS_QUERY = "query" def challenge_types(): @@ -173,7 +174,7 @@ class FlowExecutorView(APIView): op="authentik.flow.executor.dispatch", description=self.flow.slug ) as span: span.set_data("authentik Flow", self.flow.slug) - get_params = QueryDict(request.GET.get("query", "")) + get_params = QueryDict(request.GET.get(QS_QUERY, "")) if QS_KEY_TOKEN in get_params: plan = self._check_flow_token(get_params[QS_KEY_TOKEN]) if plan: