tests/e2e: fix more test, add requirements for crypto

tests/e2e/test_flows_enroll.py

@@ -39,7 +39,6 @@ class TestFlowsEnroll(SeleniumTestCase):
     @retry()
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
-    # pylint: disable=too-many-locals
     def test_enroll_2_step(self):
         """Test 2-step enroll flow"""
         # First stage fields
@@ -228,7 +227,11 @@ class TestFlowsEnroll(SeleniumTestCase):
         # Second prompt stage
         flow_executor = self.get_shadow_root("ak-flow-executor")
         prompt_stage = self.get_shadow_root("ak-stage-prompt", flow_executor)
+        wait = WebDriverWait(prompt_stage, self.wait_timeout)
 
+        wait.until(
+            ec.presence_of_element_located((By.CSS_SELECTOR, "input[name=name]"))
+        )
         prompt_stage.find_element(By.CSS_SELECTOR, "input[name=name]").send_keys(
             "some name"
         )

tests/e2e/test_provider_oauth2_github.py

@@ -64,6 +64,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
     def test_authorization_consent_implied(self):
         """test OAuth Provider flow (default authorization flow with implied consent)"""
         # Bootstrap all needed objects
@@ -117,6 +118,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
     def test_authorization_consent_explicit(self):
         """test OAuth Provider flow (default authorization flow with explicit consent)"""
         # Bootstrap all needed objects
@@ -142,7 +144,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
         self.login()
 
         sleep(3)
-        self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
+        self.wait.until(
+            ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor"))
+        )
 
         flow_executor = self.get_shadow_root("ak-flow-executor")
         consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
@@ -153,7 +157,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
         )
         self.assertEqual(
             "GitHub Compatibility: Access you Email addresses",
-            consent_stage.find_element(By.CSS_SELECTOR, "[data-permission-code='user:email']").text,
+            consent_stage.find_element(
+                By.CSS_SELECTOR, "[data-permission-code='user:email']"
+            ).text,
         )
         consent_stage.find_element(
             By.CSS_SELECTOR,
@@ -189,6 +195,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
     def test_denied(self):
         """test OAuth Provider flow (default authorization flow, denied)"""
         # Bootstrap all needed objects

tests/e2e/test_provider_oauth2_grafana.py

@@ -24,7 +24,13 @@ from authentik.providers.oauth2.generators import (
     generate_client_secret,
 )
 from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
-from tests.e2e.utils import USER, SeleniumTestCase, apply_migration, retry
+from tests.e2e.utils import (
+    USER,
+    SeleniumTestCase,
+    apply_migration,
+    object_manager,
+    retry,
+)
 
 LOGGER = get_logger()
 APPLICATION_SLUG = "grafana"
@@ -78,6 +84,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
     def test_redirect_uri_error(self):
         """test OpenID Provider flow (invalid redirect URI, check error message)"""
         sleep(1)
@@ -118,6 +125,8 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
+    @object_manager
     def test_authorization_consent_implied(self):
         """test OpenID Provider flow (default authorization flow with implied consent)"""
         sleep(1)
@@ -178,6 +187,8 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
+    @object_manager
     def test_authorization_logout(self):
         """test OpenID Provider flow with logout"""
         sleep(1)
@@ -246,6 +257,8 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
+    @object_manager
     def test_authorization_consent_explicit(self):
         """test OpenID Provider flow (default authorization flow with explicit consent)"""
         sleep(1)
@@ -278,15 +291,22 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
         self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
         self.login()
 
-        self.assertEqual(
-            app.name,
-            self.driver.find_element(By.ID, "application-name").text,
-        )
         self.wait.until(
-            ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))
+            ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor"))
         )
         sleep(1)
-        self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
+
+        flow_executor = self.get_shadow_root("ak-flow-executor")
+        consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
+
+        self.assertIn(
+            app.name,
+            consent_stage.find_element(By.CSS_SELECTOR, "#header-text").text,
+        )
+        consent_stage.find_element(
+            By.CSS_SELECTOR,
+            ("[type=submit]"),
+        ).click()
 
         self.wait_for_url("http://localhost:3000/?orgId=1")
         self.driver.get("http://localhost:3000/profile")
@@ -318,6 +338,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
     def test_authorization_denied(self):
         """test OpenID Provider flow (default authorization with access deny)"""
         sleep(1)

tests/e2e/test_provider_oauth2_oidc.py

@@ -26,7 +26,13 @@ from authentik.providers.oauth2.generators import (
     generate_client_secret,
 )
 from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
-from tests.e2e.utils import USER, SeleniumTestCase, apply_migration, retry
+from tests.e2e.utils import (
+    USER,
+    SeleniumTestCase,
+    apply_migration,
+    object_manager,
+    retry,
+)
 
 LOGGER = get_logger()
 
@@ -73,6 +79,7 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
     def test_redirect_uri_error(self):
         """test OpenID Provider flow (invalid redirect URI, check error message)"""
         sleep(1)
@@ -113,6 +120,8 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
+    @object_manager
     def test_authorization_consent_implied(self):
         """test OpenID Provider flow (default authorization flow with implied consent)"""
         sleep(1)
@@ -160,6 +169,8 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
+    @object_manager
     def test_authorization_consent_explicit(self):
         """test OpenID Provider flow (default authorization flow with explicit consent)"""
         sleep(1)
@@ -192,17 +203,21 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
         self.driver.get("http://localhost:9009")
         self.login()
 
-        sleep(9999999)
-
-        self.assertEqual(
-            app.name,
-            self.driver.find_element(By.ID, "application-name").text,
-        )
         self.wait.until(
-            ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))
+            ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor"))
         )
-        sleep(1)
+
-        self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
+        flow_executor = self.get_shadow_root("ak-flow-executor")
+        consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
+
+        self.assertIn(
+            app.name,
+            consent_stage.find_element(By.CSS_SELECTOR, "#header-text").text,
+        )
+        consent_stage.find_element(
+            By.CSS_SELECTOR,
+            ("[type=submit]"),
+        ).click()
 
         self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "pre")))
         body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
@@ -220,6 +235,7 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
     @apply_migration("authentik_core", "0003_default_user")
     @apply_migration("authentik_flows", "0008_default_flows")
     @apply_migration("authentik_flows", "0010_provider_flows")
+    @apply_migration("authentik_crypto", "0002_create_self_signed_kp")
     def test_authorization_denied(self):
         """test OpenID Provider flow (default authorization with access deny)"""
         sleep(1)

tests/e2e/test_provider_saml.py

@@ -149,12 +149,23 @@ class TestProviderSAML(SeleniumTestCase):
         self.container = self.setup_client(provider)
         self.driver.get("http://localhost:9009")
         self.login()
-        self.assertEqual(
+
-            app.name,
+        self.wait.until(
-            self.driver.find_element(By.ID, "application-name").text,
+            ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor"))
         )
-        sleep(1)
+
-        self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
+        flow_executor = self.get_shadow_root("ak-flow-executor")
+        consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
+
+        self.assertIn(
+            app.name,
+            consent_stage.find_element(By.CSS_SELECTOR, "#header-text").text,
+        )
+        consent_stage.find_element(
+            By.CSS_SELECTOR,
+            ("[type=submit]"),
+        ).click()
+
         self.wait_for_url("http://localhost:9009/")
 
         body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)

tests/e2e/utils.py

@@ -30,6 +30,7 @@ from structlog.stdlib import get_logger
 
 from authentik.core.api.users import UserSerializer
 from authentik.core.models import User
+from authentik.managed.manager import ObjectManager
 
 
 # pylint: disable=invalid-name
@@ -149,6 +150,7 @@ class SeleniumTestCase(StaticLiveServerTestCase):
         password_stage.find_element(By.CSS_SELECTOR, "input[name=password]").send_keys(
             Keys.ENTER
         )
+        sleep(1)
 
     def assert_user(self, expected_user: User):
         """Check users/me API and assert it matches expected_user"""
@@ -189,7 +191,18 @@ def apply_migration(app_name: str, migration_name: str):
     return wrapper_outter
 
 
-def retry(max_retires=3, exceptions=None):
+def object_manager(func: Callable):
+    """Run objectmanager before a test function"""
+
+    @wraps(func)
+    def wrapper(*args, **kwargs):
+        """Run objectmanager before a test function"""
+        ObjectManager().run()
+        return func(*args, **kwargs)
+
+    return wrapper
+
+
     """Retry test multiple times. Default to catching Selenium Timeout Exception"""
 
     if not exceptions: