*: don't return values in test suites

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/sources/saml/processors/response.py

@@ -202,10 +202,10 @@ class ResponseProcessor:
         """Get all attributes sent"""
         attributes = {}
         assertion = self._root.find(f"{{{NS_SAML_ASSERTION}}}Assertion")
-        if not assertion:
+        if assertion is None:
             raise ValueError("Assertion element not found")
         attribute_statement = assertion.find(f"{{{NS_SAML_ASSERTION}}}AttributeStatement")
-        if not attribute_statement:
+        if attribute_statement is None:
             raise ValueError("Attribute statement element not found")
         # Get all attributes and their values into a dict
         for attribute in attribute_statement.iterchildren():

authentik/stages/authenticator_validate/tests/test_totp.py

@@ -1,7 +1,6 @@
 """Test validator stage"""
 from datetime import datetime, timedelta
 from hashlib import sha256
-from http.cookies import SimpleCookie
 from time import sleep
 
 from django.conf import settings
@@ -76,7 +75,7 @@ class AuthenticatorValidateStageTOTPTests(FlowTestCase):
             component="ak-stage-authenticator-validate",
         )
 
-    def test_last_auth_threshold_valid(self) -> SimpleCookie:
+    def test_last_auth_threshold_valid(self):
         """Test last_auth_threshold"""
         ident_stage = IdentificationStage.objects.create(
             name=generate_id(),
@@ -115,12 +114,47 @@ class AuthenticatorValidateStageTOTPTests(FlowTestCase):
         )
         self.assertIn(COOKIE_NAME_MFA, response.cookies)
         self.assertStageResponse(response, component="xak-flow-redirect", to="/")
-        return response.cookies
 
     def test_last_auth_skip(self):
         """Test valid cookie"""
-        cookies = self.test_last_auth_threshold_valid()
-        mfa_cookie = cookies[COOKIE_NAME_MFA]
+        ident_stage = IdentificationStage.objects.create(
+            name=generate_id(),
+            user_fields=[
+                UserFields.USERNAME,
+            ],
+        )
+        device: TOTPDevice = TOTPDevice.objects.create(
+            user=self.user,
+            confirmed=True,
+        )
+        stage = AuthenticatorValidateStage.objects.create(
+            name=generate_id(),
+            last_auth_threshold="hours=1",
+            not_configured_action=NotConfiguredAction.CONFIGURE,
+            device_classes=[DeviceClasses.TOTP],
+        )
+        stage.configuration_stages.set([ident_stage])
+        FlowStageBinding.objects.create(target=self.flow, stage=ident_stage, order=0)
+        FlowStageBinding.objects.create(target=self.flow, stage=stage, order=1)
+
+        response = self.client.post(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
+            {"uid_field": self.user.username},
+        )
+        self.assertEqual(response.status_code, 302)
+        response = self.client.get(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
+        )
+        # Verify token once here to set last_t etc
+        totp = TOTP(device.bin_key)
+        sleep(1)
+        response = self.client.post(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
+            {"code": str(totp.token())},
+        )
+        self.assertIn(COOKIE_NAME_MFA, response.cookies)
+        self.assertStageResponse(response, component="xak-flow-redirect", to="/")
+        mfa_cookie = response.cookies[COOKIE_NAME_MFA]
         self.client.logout()
         self.client.cookies[COOKIE_NAME_MFA] = mfa_cookie
         response = self.client.post(

authentik/stages/prompt/tests.py

@@ -137,7 +137,7 @@ class TestPromptStage(FlowTestCase):
             self.assertIn(prompt.label, response.content.decode())
             self.assertIn(prompt.placeholder, response.content.decode())
 
-    def test_valid_challenge_with_policy(self) -> PromptChallengeResponse:
+    def test_valid_challenge_with_policy(self):
         """Test challenge_response validation"""
         plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
         expr = (
@@ -151,9 +151,8 @@ class TestPromptStage(FlowTestCase):
             None, stage=self.stage, plan=plan, data=self.prompt_data
         )
         self.assertEqual(challenge_response.is_valid(), True)
-        return challenge_response
 
-    def test_invalid_challenge(self) -> PromptChallengeResponse:
+    def test_invalid_challenge(self):
         """Test challenge_response validation"""
         plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
         expr = "False"
@@ -164,7 +163,6 @@ class TestPromptStage(FlowTestCase):
             None, stage=self.stage, plan=plan, data=self.prompt_data
         )
         self.assertEqual(challenge_response.is_valid(), False)
-        return challenge_response
 
     def test_valid_challenge_request(self):
         """Test a request with valid challenge_response data"""
@@ -173,7 +171,18 @@ class TestPromptStage(FlowTestCase):
         session[SESSION_KEY_PLAN] = plan
         session.save()
 
-        challenge_response = self.test_valid_challenge_with_policy()
+        plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
+        expr = (
+            "return request.context['prompt_data']['password_prompt'] "
+            "== request.context['prompt_data']['password2_prompt']"
+        )
+        expr_policy = ExpressionPolicy.objects.create(name="validate-form", expression=expr)
+        self.stage.validation_policies.set([expr_policy])
+        self.stage.save()
+        challenge_response = PromptChallengeResponse(
+            None, stage=self.stage, plan=plan, data=self.prompt_data
+        )
+        self.assertEqual(challenge_response.is_valid(), True)
 
         with patch("authentik.flows.views.executor.FlowExecutorView.cancel", MagicMock()):
             response = self.client.post(