providers/oauth2: fix infinite loops when prompt=login

This commit is contained in:
Jens Langhammer 2020-12-27 15:23:26 +01:00
parent bcd0686a33
commit e8debce9c8
1 changed files with 6 additions and 1 deletions

View File

@ -56,6 +56,7 @@ LOGGER = get_logger()
PLAN_CONTEXT_PARAMS = "params" PLAN_CONTEXT_PARAMS = "params"
PLAN_CONTEXT_SCOPE_DESCRIPTIONS = "scope_descriptions" PLAN_CONTEXT_SCOPE_DESCRIPTIONS = "scope_descriptions"
SESSION_NEEDS_LOGIN = "authentik_oauth2_needs_login"
ALLOWED_PROMPT_PARAMS = {PROMPT_NONE, PROMPT_CONSNET, PROMPT_LOGIN} ALLOWED_PROMPT_PARAMS = {PROMPT_NONE, PROMPT_CONSNET, PROMPT_LOGIN}
@ -398,7 +399,11 @@ class AuthorizationFlowInitView(PolicyAccessView):
if current_age.total_seconds() > self.params.max_age: if current_age.total_seconds() > self.params.max_age:
return self.handle_no_permission() return self.handle_no_permission()
# If prompt=login, we need to re-authenticate the user regardless # If prompt=login, we need to re-authenticate the user regardless
if PROMPT_LOGIN in self.params.prompt: if (
PROMPT_LOGIN in self.params.prompt
and SESSION_NEEDS_LOGIN not in self.request.session
):
self.request.session[SESSION_NEEDS_LOGIN] = True
return self.handle_no_permission() return self.handle_no_permission()
# Regardless, we start the planner and return to it # Regardless, we start the planner and return to it
planner = FlowPlanner(self.provider.authorization_flow) planner = FlowPlanner(self.provider.authorization_flow)