tests/e2e: fix more test, add requirements for crypto
This commit is contained in:
parent
088e0e736a
commit
3c8a0081bc
|
@ -39,7 +39,6 @@ class TestFlowsEnroll(SeleniumTestCase):
|
||||||
@retry()
|
@retry()
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
# pylint: disable=too-many-locals
|
|
||||||
def test_enroll_2_step(self):
|
def test_enroll_2_step(self):
|
||||||
"""Test 2-step enroll flow"""
|
"""Test 2-step enroll flow"""
|
||||||
# First stage fields
|
# First stage fields
|
||||||
|
@ -228,7 +227,11 @@ class TestFlowsEnroll(SeleniumTestCase):
|
||||||
# Second prompt stage
|
# Second prompt stage
|
||||||
flow_executor = self.get_shadow_root("ak-flow-executor")
|
flow_executor = self.get_shadow_root("ak-flow-executor")
|
||||||
prompt_stage = self.get_shadow_root("ak-stage-prompt", flow_executor)
|
prompt_stage = self.get_shadow_root("ak-stage-prompt", flow_executor)
|
||||||
|
wait = WebDriverWait(prompt_stage, self.wait_timeout)
|
||||||
|
|
||||||
|
wait.until(
|
||||||
|
ec.presence_of_element_located((By.CSS_SELECTOR, "input[name=name]"))
|
||||||
|
)
|
||||||
prompt_stage.find_element(By.CSS_SELECTOR, "input[name=name]").send_keys(
|
prompt_stage.find_element(By.CSS_SELECTOR, "input[name=name]").send_keys(
|
||||||
"some name"
|
"some name"
|
||||||
)
|
)
|
||||||
|
|
|
@ -64,6 +64,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
def test_authorization_consent_implied(self):
|
def test_authorization_consent_implied(self):
|
||||||
"""test OAuth Provider flow (default authorization flow with implied consent)"""
|
"""test OAuth Provider flow (default authorization flow with implied consent)"""
|
||||||
# Bootstrap all needed objects
|
# Bootstrap all needed objects
|
||||||
|
@ -117,6 +118,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
def test_authorization_consent_explicit(self):
|
def test_authorization_consent_explicit(self):
|
||||||
"""test OAuth Provider flow (default authorization flow with explicit consent)"""
|
"""test OAuth Provider flow (default authorization flow with explicit consent)"""
|
||||||
# Bootstrap all needed objects
|
# Bootstrap all needed objects
|
||||||
|
@ -142,7 +144,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
|
||||||
self.login()
|
self.login()
|
||||||
|
|
||||||
sleep(3)
|
sleep(3)
|
||||||
self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
|
self.wait.until(
|
||||||
|
ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor"))
|
||||||
|
)
|
||||||
|
|
||||||
flow_executor = self.get_shadow_root("ak-flow-executor")
|
flow_executor = self.get_shadow_root("ak-flow-executor")
|
||||||
consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
|
consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
|
||||||
|
@ -153,7 +157,9 @@ class TestProviderOAuth2Github(SeleniumTestCase):
|
||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
"GitHub Compatibility: Access you Email addresses",
|
"GitHub Compatibility: Access you Email addresses",
|
||||||
consent_stage.find_element(By.CSS_SELECTOR, "[data-permission-code='user:email']").text,
|
consent_stage.find_element(
|
||||||
|
By.CSS_SELECTOR, "[data-permission-code='user:email']"
|
||||||
|
).text,
|
||||||
)
|
)
|
||||||
consent_stage.find_element(
|
consent_stage.find_element(
|
||||||
By.CSS_SELECTOR,
|
By.CSS_SELECTOR,
|
||||||
|
@ -189,6 +195,7 @@ class TestProviderOAuth2Github(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
def test_denied(self):
|
def test_denied(self):
|
||||||
"""test OAuth Provider flow (default authorization flow, denied)"""
|
"""test OAuth Provider flow (default authorization flow, denied)"""
|
||||||
# Bootstrap all needed objects
|
# Bootstrap all needed objects
|
||||||
|
|
|
@ -24,7 +24,13 @@ from authentik.providers.oauth2.generators import (
|
||||||
generate_client_secret,
|
generate_client_secret,
|
||||||
)
|
)
|
||||||
from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
|
from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
|
||||||
from tests.e2e.utils import USER, SeleniumTestCase, apply_migration, retry
|
from tests.e2e.utils import (
|
||||||
|
USER,
|
||||||
|
SeleniumTestCase,
|
||||||
|
apply_migration,
|
||||||
|
object_manager,
|
||||||
|
retry,
|
||||||
|
)
|
||||||
|
|
||||||
LOGGER = get_logger()
|
LOGGER = get_logger()
|
||||||
APPLICATION_SLUG = "grafana"
|
APPLICATION_SLUG = "grafana"
|
||||||
|
@ -78,6 +84,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
def test_redirect_uri_error(self):
|
def test_redirect_uri_error(self):
|
||||||
"""test OpenID Provider flow (invalid redirect URI, check error message)"""
|
"""test OpenID Provider flow (invalid redirect URI, check error message)"""
|
||||||
sleep(1)
|
sleep(1)
|
||||||
|
@ -118,6 +125,8 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
|
@object_manager
|
||||||
def test_authorization_consent_implied(self):
|
def test_authorization_consent_implied(self):
|
||||||
"""test OpenID Provider flow (default authorization flow with implied consent)"""
|
"""test OpenID Provider flow (default authorization flow with implied consent)"""
|
||||||
sleep(1)
|
sleep(1)
|
||||||
|
@ -178,6 +187,8 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
|
@object_manager
|
||||||
def test_authorization_logout(self):
|
def test_authorization_logout(self):
|
||||||
"""test OpenID Provider flow with logout"""
|
"""test OpenID Provider flow with logout"""
|
||||||
sleep(1)
|
sleep(1)
|
||||||
|
@ -246,6 +257,8 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
|
@object_manager
|
||||||
def test_authorization_consent_explicit(self):
|
def test_authorization_consent_explicit(self):
|
||||||
"""test OpenID Provider flow (default authorization flow with explicit consent)"""
|
"""test OpenID Provider flow (default authorization flow with explicit consent)"""
|
||||||
sleep(1)
|
sleep(1)
|
||||||
|
@ -278,15 +291,22 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||||
self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
|
self.driver.find_element(By.CLASS_NAME, "btn-service--oauth").click()
|
||||||
self.login()
|
self.login()
|
||||||
|
|
||||||
self.assertEqual(
|
|
||||||
app.name,
|
|
||||||
self.driver.find_element(By.ID, "application-name").text,
|
|
||||||
)
|
|
||||||
self.wait.until(
|
self.wait.until(
|
||||||
ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))
|
ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor"))
|
||||||
)
|
)
|
||||||
sleep(1)
|
sleep(1)
|
||||||
self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
|
|
||||||
|
flow_executor = self.get_shadow_root("ak-flow-executor")
|
||||||
|
consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
|
||||||
|
|
||||||
|
self.assertIn(
|
||||||
|
app.name,
|
||||||
|
consent_stage.find_element(By.CSS_SELECTOR, "#header-text").text,
|
||||||
|
)
|
||||||
|
consent_stage.find_element(
|
||||||
|
By.CSS_SELECTOR,
|
||||||
|
("[type=submit]"),
|
||||||
|
).click()
|
||||||
|
|
||||||
self.wait_for_url("http://localhost:3000/?orgId=1")
|
self.wait_for_url("http://localhost:3000/?orgId=1")
|
||||||
self.driver.get("http://localhost:3000/profile")
|
self.driver.get("http://localhost:3000/profile")
|
||||||
|
@ -318,6 +338,7 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
def test_authorization_denied(self):
|
def test_authorization_denied(self):
|
||||||
"""test OpenID Provider flow (default authorization with access deny)"""
|
"""test OpenID Provider flow (default authorization with access deny)"""
|
||||||
sleep(1)
|
sleep(1)
|
||||||
|
|
|
@ -26,7 +26,13 @@ from authentik.providers.oauth2.generators import (
|
||||||
generate_client_secret,
|
generate_client_secret,
|
||||||
)
|
)
|
||||||
from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
|
from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
|
||||||
from tests.e2e.utils import USER, SeleniumTestCase, apply_migration, retry
|
from tests.e2e.utils import (
|
||||||
|
USER,
|
||||||
|
SeleniumTestCase,
|
||||||
|
apply_migration,
|
||||||
|
object_manager,
|
||||||
|
retry,
|
||||||
|
)
|
||||||
|
|
||||||
LOGGER = get_logger()
|
LOGGER = get_logger()
|
||||||
|
|
||||||
|
@ -73,6 +79,7 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
def test_redirect_uri_error(self):
|
def test_redirect_uri_error(self):
|
||||||
"""test OpenID Provider flow (invalid redirect URI, check error message)"""
|
"""test OpenID Provider flow (invalid redirect URI, check error message)"""
|
||||||
sleep(1)
|
sleep(1)
|
||||||
|
@ -113,6 +120,8 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
|
@object_manager
|
||||||
def test_authorization_consent_implied(self):
|
def test_authorization_consent_implied(self):
|
||||||
"""test OpenID Provider flow (default authorization flow with implied consent)"""
|
"""test OpenID Provider flow (default authorization flow with implied consent)"""
|
||||||
sleep(1)
|
sleep(1)
|
||||||
|
@ -160,6 +169,8 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
|
@object_manager
|
||||||
def test_authorization_consent_explicit(self):
|
def test_authorization_consent_explicit(self):
|
||||||
"""test OpenID Provider flow (default authorization flow with explicit consent)"""
|
"""test OpenID Provider flow (default authorization flow with explicit consent)"""
|
||||||
sleep(1)
|
sleep(1)
|
||||||
|
@ -192,17 +203,21 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||||
self.driver.get("http://localhost:9009")
|
self.driver.get("http://localhost:9009")
|
||||||
self.login()
|
self.login()
|
||||||
|
|
||||||
sleep(9999999)
|
|
||||||
|
|
||||||
self.assertEqual(
|
|
||||||
app.name,
|
|
||||||
self.driver.find_element(By.ID, "application-name").text,
|
|
||||||
)
|
|
||||||
self.wait.until(
|
self.wait.until(
|
||||||
ec.presence_of_element_located((By.CSS_SELECTOR, "[type=submit]"))
|
ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor"))
|
||||||
)
|
)
|
||||||
sleep(1)
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
|
flow_executor = self.get_shadow_root("ak-flow-executor")
|
||||||
|
consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
|
||||||
|
|
||||||
|
self.assertIn(
|
||||||
|
app.name,
|
||||||
|
consent_stage.find_element(By.CSS_SELECTOR, "#header-text").text,
|
||||||
|
)
|
||||||
|
consent_stage.find_element(
|
||||||
|
By.CSS_SELECTOR,
|
||||||
|
("[type=submit]"),
|
||||||
|
).click()
|
||||||
|
|
||||||
self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "pre")))
|
self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "pre")))
|
||||||
body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
|
body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
|
||||||
|
@ -220,6 +235,7 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
|
||||||
@apply_migration("authentik_core", "0003_default_user")
|
@apply_migration("authentik_core", "0003_default_user")
|
||||||
@apply_migration("authentik_flows", "0008_default_flows")
|
@apply_migration("authentik_flows", "0008_default_flows")
|
||||||
@apply_migration("authentik_flows", "0010_provider_flows")
|
@apply_migration("authentik_flows", "0010_provider_flows")
|
||||||
|
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
|
||||||
def test_authorization_denied(self):
|
def test_authorization_denied(self):
|
||||||
"""test OpenID Provider flow (default authorization with access deny)"""
|
"""test OpenID Provider flow (default authorization with access deny)"""
|
||||||
sleep(1)
|
sleep(1)
|
||||||
|
|
|
@ -149,12 +149,23 @@ class TestProviderSAML(SeleniumTestCase):
|
||||||
self.container = self.setup_client(provider)
|
self.container = self.setup_client(provider)
|
||||||
self.driver.get("http://localhost:9009")
|
self.driver.get("http://localhost:9009")
|
||||||
self.login()
|
self.login()
|
||||||
self.assertEqual(
|
|
||||||
app.name,
|
self.wait.until(
|
||||||
self.driver.find_element(By.ID, "application-name").text,
|
ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor"))
|
||||||
)
|
)
|
||||||
sleep(1)
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
|
flow_executor = self.get_shadow_root("ak-flow-executor")
|
||||||
|
consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
|
||||||
|
|
||||||
|
self.assertIn(
|
||||||
|
app.name,
|
||||||
|
consent_stage.find_element(By.CSS_SELECTOR, "#header-text").text,
|
||||||
|
)
|
||||||
|
consent_stage.find_element(
|
||||||
|
By.CSS_SELECTOR,
|
||||||
|
("[type=submit]"),
|
||||||
|
).click()
|
||||||
|
|
||||||
self.wait_for_url("http://localhost:9009/")
|
self.wait_for_url("http://localhost:9009/")
|
||||||
|
|
||||||
body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
|
body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
|
||||||
|
|
|
@ -30,6 +30,7 @@ from structlog.stdlib import get_logger
|
||||||
|
|
||||||
from authentik.core.api.users import UserSerializer
|
from authentik.core.api.users import UserSerializer
|
||||||
from authentik.core.models import User
|
from authentik.core.models import User
|
||||||
|
from authentik.managed.manager import ObjectManager
|
||||||
|
|
||||||
|
|
||||||
# pylint: disable=invalid-name
|
# pylint: disable=invalid-name
|
||||||
|
@ -149,6 +150,7 @@ class SeleniumTestCase(StaticLiveServerTestCase):
|
||||||
password_stage.find_element(By.CSS_SELECTOR, "input[name=password]").send_keys(
|
password_stage.find_element(By.CSS_SELECTOR, "input[name=password]").send_keys(
|
||||||
Keys.ENTER
|
Keys.ENTER
|
||||||
)
|
)
|
||||||
|
sleep(1)
|
||||||
|
|
||||||
def assert_user(self, expected_user: User):
|
def assert_user(self, expected_user: User):
|
||||||
"""Check users/me API and assert it matches expected_user"""
|
"""Check users/me API and assert it matches expected_user"""
|
||||||
|
@ -189,7 +191,18 @@ def apply_migration(app_name: str, migration_name: str):
|
||||||
return wrapper_outter
|
return wrapper_outter
|
||||||
|
|
||||||
|
|
||||||
def retry(max_retires=3, exceptions=None):
|
def object_manager(func: Callable):
|
||||||
|
"""Run objectmanager before a test function"""
|
||||||
|
|
||||||
|
@wraps(func)
|
||||||
|
def wrapper(*args, **kwargs):
|
||||||
|
"""Run objectmanager before a test function"""
|
||||||
|
ObjectManager().run()
|
||||||
|
return func(*args, **kwargs)
|
||||||
|
|
||||||
|
return wrapper
|
||||||
|
|
||||||
|
|
||||||
"""Retry test multiple times. Default to catching Selenium Timeout Exception"""
|
"""Retry test multiple times. Default to catching Selenium Timeout Exception"""
|
||||||
|
|
||||||
if not exceptions:
|
if not exceptions:
|
||||||
|
|
Reference in New Issue