From 4b8b800648a9510e2caab1f941f1c6e37376a710 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 15 Nov 2021 20:41:37 +0100 Subject: [PATCH] stages/*: add more tests Signed-off-by: Jens Langhammer --- authentik/core/tests/test_models.py | 4 +-- authentik/crypto/tests.py | 8 ++---- .../stages/authenticator_validate/tests.py | 4 +++ authentik/stages/deny/tests.py | 28 ++++++++++++++++++- authentik/stages/prompt/tests.py | 2 ++ authentik/stages/user_delete/tests.py | 23 +++++++++++++++ authentik/stages/user_login/tests.py | 24 +++++++++++++++- authentik/stages/user_logout/tests.py | 27 +++++++++++++++++- 8 files changed, 109 insertions(+), 11 deletions(-) diff --git a/authentik/core/tests/test_models.py b/authentik/core/tests/test_models.py index 25b658af5..9dc17d724 100644 --- a/authentik/core/tests/test_models.py +++ b/authentik/core/tests/test_models.py @@ -59,6 +59,6 @@ def provider_tester_factory(test_model: Type[Stage]) -> Callable: for model in all_subclasses(Source): - setattr(TestModels, f"test_model_{model.__name__}", source_tester_factory(model)) + setattr(TestModels, f"test_source_{model.__name__}", source_tester_factory(model)) for model in all_subclasses(Provider): - setattr(TestModels, f"test_model_{model.__name__}", provider_tester_factory(model)) + setattr(TestModels, f"test_provider_{model.__name__}", provider_tester_factory(model)) diff --git a/authentik/crypto/tests.py b/authentik/crypto/tests.py index 24325740c..8ab5704ae 100644 --- a/authentik/crypto/tests.py +++ b/authentik/crypto/tests.py @@ -66,13 +66,9 @@ class TestCrypto(APITestCase): def test_builder_api(self): """Test Builder (via API)""" self.client.force_login(User.objects.get(username="akadmin")) - response = self.client.post( + self.client.post( reverse("authentik_api:certificatekeypair-generate"), - data={ - "common_name": "foo", - "subject_alt_name": "bar,baz", - "validity_days": 3 - }, + data={"common_name": "foo", "subject_alt_name": "bar,baz", "validity_days": 3}, ) self.assertTrue(CertificateKeyPair.objects.filter(name="foo").exists()) diff --git a/authentik/stages/authenticator_validate/tests.py b/authentik/stages/authenticator_validate/tests.py index a215aca4a..7a5dbca7a 100644 --- a/authentik/stages/authenticator_validate/tests.py +++ b/authentik/stages/authenticator_validate/tests.py @@ -87,6 +87,10 @@ class AuthenticatorValidateStageTests(APITestCase): ) self.assertFalse(serializer.is_valid()) self.assertIn("not_configured_action", serializer.errors) + serializer = AuthenticatorValidateStageSerializer( + data={"name": "foo", "not_configured_action": NotConfiguredAction.DENY} + ) + self.assertTrue(serializer.is_valid()) def test_device_challenge_totp(self): """Test device challenge""" diff --git a/authentik/stages/deny/tests.py b/authentik/stages/deny/tests.py index 2a7278ba7..b87559158 100644 --- a/authentik/stages/deny/tests.py +++ b/authentik/stages/deny/tests.py @@ -27,7 +27,7 @@ class TestUserDenyStage(APITestCase): self.stage = DenyStage.objects.create(name="logout") self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) - def test_valid_password(self): + def test_valid_get(self): """Test with a valid pending user and backend""" plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) session = self.client.session @@ -52,3 +52,29 @@ class TestUserDenyStage(APITestCase): "type": ChallengeTypes.NATIVE.value, }, ) + + def test_valid_post(self): + """Test with a valid pending user and backend""" + plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) + session = self.client.session + session[SESSION_KEY_PLAN] = plan + session.save() + + response = self.client.post( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) + ) + + self.assertEqual(response.status_code, 200) + self.assertJSONEqual( + force_str(response.content), + { + "component": "ak-stage-access-denied", + "error_message": None, + "flow_info": { + "background": self.flow.background_url, + "cancel_url": reverse("authentik_flows:cancel"), + "title": "", + }, + "type": ChallengeTypes.NATIVE.value, + }, + ) diff --git a/authentik/stages/prompt/tests.py b/authentik/stages/prompt/tests.py index c55a7caee..b109cc4ce 100644 --- a/authentik/stages/prompt/tests.py +++ b/authentik/stages/prompt/tests.py @@ -216,6 +216,7 @@ class TestPromptStage(APITestCase): def test_static_hidden_overwrite(self): """Test that static and hidden fields ignore any value sent to them""" plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) + plan.context[PLAN_CONTEXT_PROMPT] = {"hidden_prompt": "hidden"} self.prompt_data["hidden_prompt"] = "foo" self.prompt_data["static_prompt"] = "foo" challenge_response = PromptChallengeResponse( @@ -223,4 +224,5 @@ class TestPromptStage(APITestCase): ) self.assertEqual(challenge_response.is_valid(), True) self.assertNotEqual(challenge_response.validated_data["hidden_prompt"], "foo") + self.assertEqual(challenge_response.validated_data["hidden_prompt"], "hidden") self.assertNotEqual(challenge_response.validated_data["static_prompt"], "foo") diff --git a/authentik/stages/user_delete/tests.py b/authentik/stages/user_delete/tests.py index 4813fda06..2b40eceb9 100644 --- a/authentik/stages/user_delete/tests.py +++ b/authentik/stages/user_delete/tests.py @@ -82,3 +82,26 @@ class TestUserDeleteStage(APITestCase): ) self.assertFalse(User.objects.filter(username=self.username).exists()) + + def test_user_delete_post(self): + """Test Form render""" + plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) + plan.context[PLAN_CONTEXT_PENDING_USER] = self.user + session = self.client.session + session[SESSION_KEY_PLAN] = plan + session.save() + + response = self.client.post( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) + ) + self.assertEqual(response.status_code, 200) + self.assertJSONEqual( + force_str(response.content), + { + "component": "xak-flow-redirect", + "to": reverse("authentik_core:root-redirect"), + "type": ChallengeTypes.REDIRECT.value, + }, + ) + + self.assertFalse(User.objects.filter(username=self.username).exists()) diff --git a/authentik/stages/user_login/tests.py b/authentik/stages/user_login/tests.py index c20509452..e44c6e937 100644 --- a/authentik/stages/user_login/tests.py +++ b/authentik/stages/user_login/tests.py @@ -31,7 +31,7 @@ class TestUserLoginStage(APITestCase): self.stage = UserLoginStage.objects.create(name="login") self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) - def test_valid_password(self): + def test_valid_get(self): """Test with a valid pending user and backend""" plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user @@ -53,6 +53,28 @@ class TestUserLoginStage(APITestCase): }, ) + def test_valid_post(self): + """Test with a valid pending user and backend""" + plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) + plan.context[PLAN_CONTEXT_PENDING_USER] = self.user + session = self.client.session + session[SESSION_KEY_PLAN] = plan + session.save() + + response = self.client.post( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) + ) + + self.assertEqual(response.status_code, 200) + self.assertJSONEqual( + force_str(response.content), + { + "component": "xak-flow-redirect", + "to": reverse("authentik_core:root-redirect"), + "type": ChallengeTypes.REDIRECT.value, + }, + ) + def test_expiry(self): """Test with expiry""" self.stage.session_duration = "seconds=2" diff --git a/authentik/stages/user_logout/tests.py b/authentik/stages/user_logout/tests.py index 814c7a26d..0d137f2f8 100644 --- a/authentik/stages/user_logout/tests.py +++ b/authentik/stages/user_logout/tests.py @@ -29,7 +29,7 @@ class TestUserLogoutStage(APITestCase): self.stage = UserLogoutStage.objects.create(name="logout") self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) - def test_valid_password(self): + def test_valid_get(self): """Test with a valid pending user and backend""" plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) plan.context[PLAN_CONTEXT_PENDING_USER] = self.user @@ -53,3 +53,28 @@ class TestUserLogoutStage(APITestCase): "type": ChallengeTypes.REDIRECT.value, }, ) + + def test_valid_post(self): + """Test with a valid pending user and backend""" + plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) + plan.context[PLAN_CONTEXT_PENDING_USER] = self.user + plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = BACKEND_INBUILT + session = self.client.session + session[SESSION_KEY_PLAN] = plan + session.save() + + response = self.client.post( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) + ) + + # pylint: disable=no-member + self.assertEqual(response.status_code, 200) + self.assertJSONEqual( + # pylint: disable=no-member + force_str(response.content), + { + "component": "xak-flow-redirect", + "to": reverse("authentik_core:root-redirect"), + "type": ChallengeTypes.REDIRECT.value, + }, + )