actually we can do this centrally

Signed-off-by: Jens Langhammer <[email protected]>
goauthentik · Jan 24, 2025 · 48c020b · 48c020b
1 parent 08768d7
commit 48c020b
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/authentik/flows/planner.py b/authentik/flows/planner.py
@@ -159,7 +159,10 @@ def to_redirect(
             temp_exec.current_stage_view = final_stage
             temp_exec.setup(request, flow.slug)
             stage = final_stage(request=request, executor=temp_exec)
-            return stage.dispatch(request)
+            response = stage.dispatch(request)
+            # Ensure we clean the flow state we have in the session before we redirect away
+            temp_exec.stage_ok()
+            return response
 
         get_qs = request.GET.copy()
         if request.user.is_authenticated and (

diff --git a/authentik/flows/views/executor.py b/authentik/flows/views/executor.py
@@ -103,7 +103,7 @@ class FlowExecutorView(APIView):
 
     permission_classes = [AllowAny]
 
-    flow: Flow
+    flow: Flow = None
 
     plan: FlowPlan | None = None
     current_binding: FlowStageBinding | None = None

diff --git a/authentik/providers/oauth2/views/authorize.py b/authentik/providers/oauth2/views/authorize.py
@@ -499,11 +499,11 @@ def redirect(self, uri: str) -> HttpResponse:
             )
 
             challenge.is_valid()
-            self.executor.stage_ok()
+
             return HttpChallengeResponse(
                 challenge=challenge,
             )
-        self.executor.stage_ok()
+
         return HttpResponseRedirectScheme(uri, allowed_schemes=[parsed.scheme])
 
     def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponse: