Skip to content

outpost/proxyv2: prevent panic in handleSignOut#20097

Merged
gergosimonyi merged 1 commit intogoauthentik:mainfrom
xabinapal:issue-17922
Mar 3, 2026
Merged

outpost/proxyv2: prevent panic in handleSignOut#20097
gergosimonyi merged 1 commit intogoauthentik:mainfrom
xabinapal:issue-17922

Conversation

@xabinapal
Copy link
Contributor

@xabinapal xabinapal commented Feb 8, 2026

Details

Fix a panic that occurs when accessing /outpost.goauthentik.io/sign_out on proxy outposts using the new PostgreSQL session backend due to an unsafe type assertion.

The fix replaces the manual session reading with a call to the existing getClaimsFromSession method, which already handles the PostgreSQL store safely via a checked type assertion.

Fixes #17922

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make docs)

@xabinapal
outpost/proxyv2: use safe claims extraction in handleSignOut to preve…
a9c96ff 
…nt panic

Signed-off-by: Xabier Napal <xabier.napal@dvzr.io>
@xabinapal xabinapal requested a review from a team as a code owner February 8, 2026 11:59
@netlify
Copy link

netlify bot commented Feb 8, 2026

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit a9c96ff
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/69887abe729493000828be87
😎 Deploy Preview https://deploy-preview-20097--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@xabinapal xabinapal mentioned this pull request Feb 8, 2026
Closed
@codecov
Copy link

codecov bot commented Feb 8, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.19%. Comparing base (ab16661) to head (a9c96ff).
⚠️ Report is 279 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #20097      +/-   ##
==========================================
- Coverage   93.23%   93.19%   -0.05%     
==========================================
  Files         968      968              
  Lines       53589    53589              
==========================================
- Hits        49965    49941      -24     
- Misses       3624     3648      +24
Flag Coverage Δ
conformance 37.95% <ø> (+<0.01%) ⬆️
e2e 43.93% <ø> (-0.01%) ⬇️
integration 22.66% <ø> (-0.05%) ⬇️
unit 91.40% <ø> (+0.01%) ⬆️
unit-migrate 91.43% <ø> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

dominic-r
dominic-r approved these changes Feb 9, 2026
View reviewed changes
Copy link
Member

@dominic-r dominic-r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@dominic-r dominic-r added area:backend backport/version-2026.2 Add this label to PRs to backport changes to version-2026.2 labels Mar 2, 2026
@dominic-r dominic-r added this to the Release 2026.2.1 milestone Mar 2, 2026
@github-project-automation github-project-automation bot moved this from Todo to In Progress in authentik Core Mar 3, 2026
@gergosimonyi gergosimonyi merged commit 35e025b into goauthentik:main Mar 3, 2026
102 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in authentik Core Mar 3, 2026
authentik-automation bot pushed a commit that referenced this pull request Mar 3, 2026
@xabinapal @authentik-automation
outpost/proxyv2: prevent panic in handleSignOut (#20097)
9399e90 
outpost/proxyv2: use safe claims extraction in handleSignOut to prevent panic

Signed-off-by: Xabier Napal <xabier.napal@dvzr.io>
@authentik-automation authentik-automation bot mentioned this pull request Mar 3, 2026
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Mar 3, 2026

🍒 Cherry-pick to version-2026.2 created: #20689

gergosimonyi pushed a commit that referenced this pull request Mar 3, 2026
@authentik-automation @xabinapal
outpost/proxyv2: prevent panic in handleSignOut (cherry-pick #20097 t…
fbb217d 
…o version-2026.2) (#20689)

outpost/proxyv2: prevent panic in handleSignOut (#20097)

outpost/proxyv2: use safe claims extraction in handleSignOut to prevent panic

Signed-off-by: Xabier Napal <xabier.napal@dvzr.io>
Co-authored-by: Xabier Napal <xabier.napal@dvzr.io>
@github-actions github-actions bot mentioned this pull request Mar 23, 2026
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gergosimonyi gergosimonyi gergosimonyi approved these changes

@dominic-r dominic-r dominic-r approved these changes

Assignees

No one assigned

Labels

area:backend backport/version-2026.2 Add this label to PRs to backport changes to version-2026.2

Projects

authentik Core
Status: Done

Milestone

Release 2026.2.1

Development

Successfully merging this pull request may close these issues.

Authentik 2025.10.1 - Outpost Proxy Bad Gateway error when sign_out

3 participants

@xabinapal @gergosimonyi @dominic-r