Merge pull request #103 from BeryJu/stage-password-change
stages/password: Password Change
This commit is contained in:
commit
56f599e4aa
|
@ -286,6 +286,204 @@
|
||||||
],
|
],
|
||||||
"value": "foo@bar.baz"
|
"value": "foo@bar.baz"
|
||||||
}]
|
}]
|
||||||
|
}, {
|
||||||
|
"id": "1a3172e0-ac23-4781-9367-19afccee4f4a",
|
||||||
|
"name": "flows stage setup password",
|
||||||
|
"commands": [{
|
||||||
|
"id": "77784f77-d840-4b3d-a42f-7928f02fb7e1",
|
||||||
|
"comment": "",
|
||||||
|
"command": "open",
|
||||||
|
"target": "/flows/default-authentication-flow/?next=%2F",
|
||||||
|
"targets": [],
|
||||||
|
"value": ""
|
||||||
|
}, {
|
||||||
|
"id": "783aa9a6-81e5-49c6-8789-2f360a5750b1",
|
||||||
|
"comment": "",
|
||||||
|
"command": "setWindowSize",
|
||||||
|
"target": "1699x1417",
|
||||||
|
"targets": [],
|
||||||
|
"value": ""
|
||||||
|
}, {
|
||||||
|
"id": "cb0cd63e-30e9-4443-af59-5345fe26dc88",
|
||||||
|
"comment": "",
|
||||||
|
"command": "click",
|
||||||
|
"target": "id=id_uid_field",
|
||||||
|
"targets": [
|
||||||
|
["id=id_uid_field", "id"],
|
||||||
|
["name=uid_field", "name"],
|
||||||
|
["css=#id_uid_field", "css:finder"],
|
||||||
|
["xpath=//input[@id='id_uid_field']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div/input", "xpath:idRelative"],
|
||||||
|
["xpath=//div/input", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": ""
|
||||||
|
}, {
|
||||||
|
"id": "8466ded1-c5f6-451c-b63f-0889da38503a",
|
||||||
|
"comment": "",
|
||||||
|
"command": "type",
|
||||||
|
"target": "id=id_uid_field",
|
||||||
|
"targets": [
|
||||||
|
["id=id_uid_field", "id"],
|
||||||
|
["name=uid_field", "name"],
|
||||||
|
["css=#id_uid_field", "css:finder"],
|
||||||
|
["xpath=//input[@id='id_uid_field']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div/input", "xpath:idRelative"],
|
||||||
|
["xpath=//div/input", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": "pbadmin"
|
||||||
|
}, {
|
||||||
|
"id": "27383093-d01a-4416-8fc6-9caad4926cd3",
|
||||||
|
"comment": "",
|
||||||
|
"command": "sendKeys",
|
||||||
|
"target": "id=id_uid_field",
|
||||||
|
"targets": [
|
||||||
|
["id=id_uid_field", "id"],
|
||||||
|
["name=uid_field", "name"],
|
||||||
|
["css=#id_uid_field", "css:finder"],
|
||||||
|
["xpath=//input[@id='id_uid_field']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div/input", "xpath:idRelative"],
|
||||||
|
["xpath=//div/input", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": "${KEY_ENTER}"
|
||||||
|
}, {
|
||||||
|
"id": "4602745a-0ebb-4425-a841-a1ed4899659d",
|
||||||
|
"comment": "",
|
||||||
|
"command": "type",
|
||||||
|
"target": "id=id_password",
|
||||||
|
"targets": [
|
||||||
|
["id=id_password", "id"],
|
||||||
|
["name=password", "name"],
|
||||||
|
["css=#id_password", "css:finder"],
|
||||||
|
["xpath=//input[@id='id_password']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div[2]/input", "xpath:idRelative"],
|
||||||
|
["xpath=//div[2]/input", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": "pbadmin"
|
||||||
|
}, {
|
||||||
|
"id": "d1ff4f81-d8f9-45dc-ad5d-f99b54c0cd18",
|
||||||
|
"comment": "",
|
||||||
|
"command": "sendKeys",
|
||||||
|
"target": "id=id_password",
|
||||||
|
"targets": [
|
||||||
|
["id=id_password", "id"],
|
||||||
|
["name=password", "name"],
|
||||||
|
["css=#id_password", "css:finder"],
|
||||||
|
["xpath=//input[@id='id_password']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div[2]/input", "xpath:idRelative"],
|
||||||
|
["xpath=//div[2]/input", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": "${KEY_ENTER}"
|
||||||
|
}, {
|
||||||
|
"id": "014c8f57-7ef2-469c-b700-efa94ba81b66",
|
||||||
|
"comment": "",
|
||||||
|
"command": "click",
|
||||||
|
"target": "css=.pf-c-page__header",
|
||||||
|
"targets": [
|
||||||
|
["css=.pf-c-page__header", "css:finder"],
|
||||||
|
["xpath=//div[@id='page-default-nav-example']/header", "xpath:idRelative"],
|
||||||
|
["xpath=//header", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": ""
|
||||||
|
}, {
|
||||||
|
"id": "14e86b6f-6add-4bcc-913a-42b1e7322c79",
|
||||||
|
"comment": "",
|
||||||
|
"command": "click",
|
||||||
|
"target": "linkText=pbadmin",
|
||||||
|
"targets": [
|
||||||
|
["linkText=pbadmin", "linkText"],
|
||||||
|
["css=.pf-c-page__header-tools-group:nth-child(2) > .pf-c-button", "css:finder"],
|
||||||
|
["xpath=//a[contains(text(),'pbadmin')]", "xpath:link"],
|
||||||
|
["xpath=//div[@id='page-default-nav-example']/header/div[3]/div[2]/a", "xpath:idRelative"],
|
||||||
|
["xpath=//a[contains(@href, '/-/user/')]", "xpath:href"],
|
||||||
|
["xpath=//div[2]/a", "xpath:position"],
|
||||||
|
["xpath=//a[contains(.,'pbadmin')]", "xpath:innerText"]
|
||||||
|
],
|
||||||
|
"value": ""
|
||||||
|
}, {
|
||||||
|
"id": "8280da13-632e-4cba-9e18-ecae0d57d052",
|
||||||
|
"comment": "",
|
||||||
|
"command": "click",
|
||||||
|
"target": "linkText=Change password",
|
||||||
|
"targets": [
|
||||||
|
["linkText=Change password", "linkText"],
|
||||||
|
["css=.pf-c-nav__section:nth-child(2) .pf-c-nav__link", "css:finder"],
|
||||||
|
["xpath=//a[contains(text(),'Change password')]", "xpath:link"],
|
||||||
|
["xpath=//nav[@id='page-default-nav-example-primary-nav']/section[2]/ul/li/a", "xpath:idRelative"],
|
||||||
|
["xpath=//a[contains(@href, '/-/user/stage/password/b929b529-e384-4409-8d40-ac4a195fcab2/change/?next=%2F-%2Fuser%2F')]", "xpath:href"],
|
||||||
|
["xpath=//section[2]/ul/li/a", "xpath:position"],
|
||||||
|
["xpath=//a[contains(.,'Change password')]", "xpath:innerText"]
|
||||||
|
],
|
||||||
|
"value": ""
|
||||||
|
}, {
|
||||||
|
"id": "716d7e0c-79dc-469b-a31f-dceaa0765e9c",
|
||||||
|
"comment": "",
|
||||||
|
"command": "click",
|
||||||
|
"target": "id=id_password",
|
||||||
|
"targets": [
|
||||||
|
["id=id_password", "id"],
|
||||||
|
["name=password", "name"],
|
||||||
|
["css=#id_password", "css:finder"],
|
||||||
|
["xpath=//input[@id='id_password']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div/input", "xpath:idRelative"],
|
||||||
|
["xpath=//div/input", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": ""
|
||||||
|
}, {
|
||||||
|
"id": "77005d70-adf0-4add-8329-b092d43f829a",
|
||||||
|
"comment": "",
|
||||||
|
"command": "type",
|
||||||
|
"target": "id=id_password",
|
||||||
|
"targets": [
|
||||||
|
["id=id_password", "id"],
|
||||||
|
["name=password", "name"],
|
||||||
|
["css=#id_password", "css:finder"],
|
||||||
|
["xpath=//input[@id='id_password']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div/input", "xpath:idRelative"],
|
||||||
|
["xpath=//div/input", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": "test"
|
||||||
|
}, {
|
||||||
|
"id": "965ca365-99f4-45d1-97c3-c944269341b9",
|
||||||
|
"comment": "",
|
||||||
|
"command": "click",
|
||||||
|
"target": "id=id_password_repeat",
|
||||||
|
"targets": [
|
||||||
|
["id=id_password_repeat", "id"],
|
||||||
|
["name=password_repeat", "name"],
|
||||||
|
["css=#id_password_repeat", "css:finder"],
|
||||||
|
["xpath=//input[@id='id_password_repeat']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div[2]/input", "xpath:idRelative"],
|
||||||
|
["xpath=//div[2]/input", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": ""
|
||||||
|
}, {
|
||||||
|
"id": "9b421468-c65e-4943-b6b1-1e80410a6b87",
|
||||||
|
"comment": "",
|
||||||
|
"command": "type",
|
||||||
|
"target": "id=id_password_repeat",
|
||||||
|
"targets": [
|
||||||
|
["id=id_password_repeat", "id"],
|
||||||
|
["name=password_repeat", "name"],
|
||||||
|
["css=#id_password_repeat", "css:finder"],
|
||||||
|
["xpath=//input[@id='id_password_repeat']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div[2]/input", "xpath:idRelative"],
|
||||||
|
["xpath=//div[2]/input", "xpath:position"]
|
||||||
|
],
|
||||||
|
"value": "test"
|
||||||
|
}, {
|
||||||
|
"id": "572c1400-a0f2-499f-808a-18c1f56bf13f",
|
||||||
|
"comment": "",
|
||||||
|
"command": "click",
|
||||||
|
"target": "css=.pf-c-button",
|
||||||
|
"targets": [
|
||||||
|
["css=.pf-c-button", "css:finder"],
|
||||||
|
["xpath=//button[@type='submit']", "xpath:attributes"],
|
||||||
|
["xpath=//main[@id='flow-body']/div/form/div[3]/button", "xpath:idRelative"],
|
||||||
|
["xpath=//button", "xpath:position"],
|
||||||
|
["xpath=//button[contains(.,'Continue')]", "xpath:innerText"]
|
||||||
|
],
|
||||||
|
"value": ""
|
||||||
|
}]
|
||||||
}],
|
}],
|
||||||
"suites": [{
|
"suites": [{
|
||||||
"id": "495657fb-3f5e-4431-877c-4d0b248c0841",
|
"id": "495657fb-3f5e-4431-877c-4d0b248c0841",
|
||||||
|
|
|
@ -1,477 +0,0 @@
|
||||||
"""Test Enroll flow"""
|
|
||||||
from time import sleep
|
|
||||||
|
|
||||||
from django.test import override_settings
|
|
||||||
from selenium.webdriver.common.by import By
|
|
||||||
from selenium.webdriver.common.keys import Keys
|
|
||||||
from selenium.webdriver.support import expected_conditions as ec
|
|
||||||
|
|
||||||
from docker import DockerClient, from_env
|
|
||||||
from docker.models.containers import Container
|
|
||||||
from docker.types import Healthcheck
|
|
||||||
from e2e.utils import USER, SeleniumTestCase
|
|
||||||
from passbook.flows.models import Flow, FlowDesignation, FlowStageBinding
|
|
||||||
from passbook.policies.expression.models import ExpressionPolicy
|
|
||||||
from passbook.policies.models import PolicyBinding
|
|
||||||
from passbook.stages.email.models import EmailStage, EmailTemplates
|
|
||||||
from passbook.stages.identification.models import IdentificationStage
|
|
||||||
from passbook.stages.prompt.models import FieldTypes, Prompt, PromptStage
|
|
||||||
from passbook.stages.user_login.models import UserLoginStage
|
|
||||||
from passbook.stages.user_write.models import UserWriteStage
|
|
||||||
|
|
||||||
|
|
||||||
class TestEnroll(SeleniumTestCase):
|
|
||||||
"""Test Enroll flow"""
|
|
||||||
|
|
||||||
def setUp(self):
|
|
||||||
super().setUp()
|
|
||||||
self.container = self.setup_client()
|
|
||||||
|
|
||||||
def setup_client(self) -> Container:
|
|
||||||
"""Setup test IdP container"""
|
|
||||||
client: DockerClient = from_env()
|
|
||||||
container = client.containers.run(
|
|
||||||
image="mailhog/mailhog",
|
|
||||||
detach=True,
|
|
||||||
network_mode="host",
|
|
||||||
auto_remove=True,
|
|
||||||
healthcheck=Healthcheck(
|
|
||||||
test=["CMD", "wget", "-s", "http://localhost:8025"],
|
|
||||||
interval=5 * 100 * 1000000,
|
|
||||||
start_period=1 * 100 * 1000000,
|
|
||||||
),
|
|
||||||
)
|
|
||||||
while True:
|
|
||||||
container.reload()
|
|
||||||
status = container.attrs.get("State", {}).get("Health", {}).get("Status")
|
|
||||||
if status == "healthy":
|
|
||||||
return container
|
|
||||||
sleep(1)
|
|
||||||
|
|
||||||
def tearDown(self):
|
|
||||||
self.container.kill()
|
|
||||||
super().tearDown()
|
|
||||||
|
|
||||||
# pylint: disable=too-many-statements
|
|
||||||
def setup_test_enroll_2_step(self):
|
|
||||||
"""Setup all required objects"""
|
|
||||||
self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
|
|
||||||
self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
|
|
||||||
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
|
||||||
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Administrate").click()
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Prompts").click()
|
|
||||||
|
|
||||||
# Create Password Prompt
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
self.driver.find_element(By.ID, "id_field_key").send_keys("password")
|
|
||||||
self.driver.find_element(By.ID, "id_label").send_keys("Password")
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_type")
|
|
||||||
dropdown.find_element(By.XPATH, "//option[. = 'Password']").click()
|
|
||||||
self.driver.find_element(By.ID, "id_placeholder").send_keys("Password")
|
|
||||||
self.driver.find_element(By.ID, "id_order").send_keys("1")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create Password Repeat Prompt
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
self.driver.find_element(By.ID, "id_field_key").send_keys("password_repeat")
|
|
||||||
self.driver.find_element(By.ID, "id_label").send_keys("Password (repeat)")
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_type")
|
|
||||||
dropdown.find_element(By.XPATH, "//option[. = 'Password']").click()
|
|
||||||
self.driver.find_element(By.ID, "id_placeholder").send_keys("Password (repeat)")
|
|
||||||
self.driver.find_element(By.ID, "id_order").send_keys("2")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create Name Prompt
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
self.driver.find_element(By.ID, "id_field_key").send_keys("name")
|
|
||||||
self.driver.find_element(By.ID, "id_label").send_keys("Name")
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_type")
|
|
||||||
dropdown.find_element(By.XPATH, "//option[. = 'Text']").click()
|
|
||||||
self.driver.find_element(By.ID, "id_placeholder").send_keys("Name")
|
|
||||||
self.driver.find_element(By.ID, "id_order").send_keys("0")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create Email Prompt
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
self.driver.find_element(By.ID, "id_field_key").send_keys("email")
|
|
||||||
self.driver.find_element(By.ID, "id_label").send_keys("Email")
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_type")
|
|
||||||
dropdown.find_element(By.XPATH, "//option[. = 'Email']").click()
|
|
||||||
self.driver.find_element(By.ID, "id_placeholder").send_keys("Email")
|
|
||||||
self.driver.find_element(By.ID, "id_order").send_keys("1")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Stages").click()
|
|
||||||
|
|
||||||
# Create first enroll prompt stage
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-dropdown__toggle").click()
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, "li:nth-child(9) > .pf-c-dropdown__menu-item > small"
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_name").send_keys(
|
|
||||||
"enroll-prompt-stage-first"
|
|
||||||
)
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_fields")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, "//option[. = \"Prompt 'username' type=text\"]"
|
|
||||||
).click()
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, "//option[. = \"Prompt 'password' type=password\"]"
|
|
||||||
).click()
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, "//option[. = \"Prompt 'password_repeat' type=password\"]"
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create second enroll prompt stage
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-dropdown__toggle").click()
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, "li:nth-child(9) > .pf-c-dropdown__menu-item"
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_name").send_keys(
|
|
||||||
"enroll-prompt-stage-second"
|
|
||||||
)
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_fields")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, "//option[. = \"Prompt 'name' type=text\"]"
|
|
||||||
).click()
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, "//option[. = \"Prompt 'email' type=email\"]"
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create user write stage
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-dropdown__toggle").click()
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, "li:nth-child(13) > .pf-c-dropdown__menu-item"
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_name").send_keys("enroll-user-write")
|
|
||||||
self.driver.find_element(By.ID, "id_name").send_keys(Keys.ENTER)
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-dropdown__toggle").click()
|
|
||||||
|
|
||||||
# Create user login stage
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, "li:nth-child(11) > .pf-c-dropdown__menu-item"
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_name").send_keys("enroll-user-login")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR,
|
|
||||||
".pf-c-nav__item:nth-child(7) .pf-c-nav__item:nth-child(1) > .pf-c-nav__link",
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create password policy
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-dropdown__toggle").click()
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, "li:nth-child(2) > .pf-c-dropdown__menu-item > small"
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_name").send_keys(
|
|
||||||
"policy-enrollment-password-equals"
|
|
||||||
)
|
|
||||||
self.wait.until(
|
|
||||||
ec.presence_of_element_located((By.CSS_SELECTOR, ".CodeMirror-scroll"))
|
|
||||||
)
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".CodeMirror-scroll").click()
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".CodeMirror textarea").send_keys(
|
|
||||||
"return request.context['password'] == request.context['password_repeat']"
|
|
||||||
)
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create password policy binding
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR,
|
|
||||||
".pf-c-nav__item:nth-child(7) .pf-c-nav__item:nth-child(2) > .pf-c-nav__link",
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_policy")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Policy policy-enrollment-password-equals"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_target").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_target")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Prompt Stage enroll-prompt-stage-first"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_order").send_keys("0")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create Flow
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR,
|
|
||||||
".pf-c-nav__item:nth-child(6) .pf-c-nav__item:nth-child(1) > .pf-c-nav__link",
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
self.driver.find_element(By.ID, "id_name").send_keys("Welcome")
|
|
||||||
self.driver.find_element(By.ID, "id_slug").clear()
|
|
||||||
self.driver.find_element(By.ID, "id_slug").send_keys("default-enrollment-flow")
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_designation")
|
|
||||||
dropdown.find_element(By.XPATH, '//option[. = "Enrollment"]').click()
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Stages").click()
|
|
||||||
|
|
||||||
# Edit identification stage
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, "tr:nth-child(11) .pf-m-secondary"
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR,
|
|
||||||
".pf-c-form__group:nth-child(5) .pf-c-form__horizontal-group",
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_enrollment_flow").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_enrollment_flow")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Flow Welcome (default-enrollment-flow)"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_user_fields_add_all_link").click()
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Bindings").click()
|
|
||||||
|
|
||||||
# Create Stage binding for first prompt stage
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
self.driver.find_element(By.ID, "id_flow").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_flow")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Flow Welcome (default-enrollment-flow)"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-form").click()
|
|
||||||
self.driver.find_element(By.ID, "id_stage").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_stage")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Stage enroll-prompt-stage-first"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_order").click()
|
|
||||||
self.driver.find_element(By.ID, "id_order").send_keys("0")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create Stage binding for second prompt stage
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
self.driver.find_element(By.ID, "id_flow").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_flow")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Flow Welcome (default-enrollment-flow)"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_stage").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_stage")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Stage enroll-prompt-stage-second"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_order").click()
|
|
||||||
self.driver.find_element(By.ID, "id_order").send_keys("1")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create Stage binding for user write stage
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
self.driver.find_element(By.ID, "id_flow").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_flow")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Flow Welcome (default-enrollment-flow)"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_stage").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_stage")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Stage enroll-user-write"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_order").click()
|
|
||||||
self.driver.find_element(By.ID, "id_order").send_keys("2")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
# Create Stage binding for user login stage
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "Create").click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_flow")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Flow Welcome (default-enrollment-flow)"]'
|
|
||||||
).click()
|
|
||||||
dropdown = self.driver.find_element(By.ID, "id_stage")
|
|
||||||
dropdown.find_element(
|
|
||||||
By.XPATH, '//option[. = "Stage enroll-user-login"]'
|
|
||||||
).click()
|
|
||||||
self.driver.find_element(By.ID, "id_order").send_keys("3")
|
|
||||||
self.driver.find_element(
|
|
||||||
By.CSS_SELECTOR, ".pf-c-form__actions > .pf-m-primary"
|
|
||||||
).click()
|
|
||||||
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, "[aria-label=logout]").click()
|
|
||||||
|
|
||||||
def test_enroll_2_step(self):
|
|
||||||
"""Test 2-step enroll flow"""
|
|
||||||
self.driver.get(self.live_server_url)
|
|
||||||
self.setup_test_enroll_2_step()
|
|
||||||
self.wait.until(
|
|
||||||
ec.presence_of_element_located((By.CSS_SELECTOR, "[role=enroll]"))
|
|
||||||
)
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, "[role=enroll]").click()
|
|
||||||
|
|
||||||
self.wait.until(ec.presence_of_element_located((By.ID, "id_username")))
|
|
||||||
self.driver.find_element(By.ID, "id_username").send_keys("foo")
|
|
||||||
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
|
||||||
self.driver.find_element(By.ID, "id_password_repeat").send_keys(USER().username)
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
|
|
||||||
self.driver.find_element(By.ID, "id_name").send_keys("some name")
|
|
||||||
self.driver.find_element(By.ID, "id_email").send_keys("foo@bar.baz")
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
|
|
||||||
|
|
||||||
self.wait.until(ec.presence_of_element_located((By.LINK_TEXT, "foo")))
|
|
||||||
self.driver.find_element(By.LINK_TEXT, "foo").click()
|
|
||||||
|
|
||||||
self.wait_for_url(self.url("passbook_core:user-settings"))
|
|
||||||
self.assertEqual(
|
|
||||||
self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").text,
|
|
||||||
"foo",
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
self.driver.find_element(By.ID, "id_name").get_attribute("value"),
|
|
||||||
"some name",
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
self.driver.find_element(By.ID, "id_email").get_attribute("value"),
|
|
||||||
"foo@bar.baz",
|
|
||||||
)
|
|
||||||
|
|
||||||
@override_settings(EMAIL_BACKEND="django.core.mail.backends.smtp.EmailBackend")
|
|
||||||
def test_enroll_email(self):
|
|
||||||
"""Test enroll with Email verification"""
|
|
||||||
# First stage fields
|
|
||||||
username_prompt = Prompt.objects.create(
|
|
||||||
field_key="username", label="Username", order=0, type=FieldTypes.TEXT
|
|
||||||
)
|
|
||||||
password = Prompt.objects.create(
|
|
||||||
field_key="password", label="Password", order=1, type=FieldTypes.PASSWORD
|
|
||||||
)
|
|
||||||
password_repeat = Prompt.objects.create(
|
|
||||||
field_key="password_repeat",
|
|
||||||
label="Password (repeat)",
|
|
||||||
order=2,
|
|
||||||
type=FieldTypes.PASSWORD,
|
|
||||||
)
|
|
||||||
|
|
||||||
# Second stage fields
|
|
||||||
name_field = Prompt.objects.create(
|
|
||||||
field_key="name", label="Name", order=0, type=FieldTypes.TEXT
|
|
||||||
)
|
|
||||||
email = Prompt.objects.create(
|
|
||||||
field_key="email", label="E-Mail", order=1, type=FieldTypes.EMAIL
|
|
||||||
)
|
|
||||||
|
|
||||||
# Stages
|
|
||||||
first_stage = PromptStage.objects.create(name="prompt-stage-first")
|
|
||||||
first_stage.fields.set([username_prompt, password, password_repeat])
|
|
||||||
first_stage.save()
|
|
||||||
second_stage = PromptStage.objects.create(name="prompt-stage-second")
|
|
||||||
second_stage.fields.set([name_field, email])
|
|
||||||
second_stage.save()
|
|
||||||
email_stage = EmailStage.objects.create(
|
|
||||||
name="enroll-email",
|
|
||||||
host="localhost",
|
|
||||||
port=1025,
|
|
||||||
template=EmailTemplates.ACCOUNT_CONFIRM,
|
|
||||||
)
|
|
||||||
user_write = UserWriteStage.objects.create(name="enroll-user-write")
|
|
||||||
user_login = UserLoginStage.objects.create(name="enroll-user-login")
|
|
||||||
|
|
||||||
# Password checking policy
|
|
||||||
password_policy = ExpressionPolicy.objects.create(
|
|
||||||
name="policy-enrollment-password-equals",
|
|
||||||
expression="return request.context['password'] == request.context['password_repeat']",
|
|
||||||
)
|
|
||||||
PolicyBinding.objects.create(
|
|
||||||
target=first_stage, policy=password_policy, order=0
|
|
||||||
)
|
|
||||||
|
|
||||||
flow = Flow.objects.create(
|
|
||||||
name="default-enrollment-flow",
|
|
||||||
slug="default-enrollment-flow",
|
|
||||||
designation=FlowDesignation.ENROLLMENT,
|
|
||||||
)
|
|
||||||
|
|
||||||
# Attach enrollment flow to identification stage
|
|
||||||
ident_stage: IdentificationStage = IdentificationStage.objects.first()
|
|
||||||
ident_stage.enrollment_flow = flow
|
|
||||||
ident_stage.save()
|
|
||||||
|
|
||||||
FlowStageBinding.objects.create(flow=flow, stage=first_stage, order=0)
|
|
||||||
FlowStageBinding.objects.create(flow=flow, stage=second_stage, order=1)
|
|
||||||
FlowStageBinding.objects.create(flow=flow, stage=user_write, order=2)
|
|
||||||
FlowStageBinding.objects.create(flow=flow, stage=email_stage, order=3)
|
|
||||||
FlowStageBinding.objects.create(flow=flow, stage=user_login, order=4)
|
|
||||||
|
|
||||||
self.driver.get(self.live_server_url)
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, "[role=enroll]").click()
|
|
||||||
self.driver.find_element(By.ID, "id_username").send_keys("foo")
|
|
||||||
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
|
||||||
self.driver.find_element(By.ID, "id_password_repeat").send_keys(USER().username)
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
|
|
||||||
self.driver.find_element(By.ID, "id_name").send_keys("some name")
|
|
||||||
self.driver.find_element(By.ID, "id_email").send_keys("foo@bar.baz")
|
|
||||||
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
|
|
||||||
sleep(3)
|
|
||||||
|
|
||||||
# Open Mailhog
|
|
||||||
self.driver.get("http://localhost:8025")
|
|
||||||
|
|
||||||
# Click on first message
|
|
||||||
self.driver.find_element(By.CLASS_NAME, "msglist-message").click()
|
|
||||||
sleep(3)
|
|
||||||
self.driver.switch_to.frame(self.driver.find_element(By.CLASS_NAME, "tab-pane"))
|
|
||||||
self.driver.find_element(By.ID, "confirm").click()
|
|
||||||
self.driver.close()
|
|
||||||
self.driver.switch_to.window(self.driver.window_handles[0])
|
|
||||||
|
|
||||||
# We're now logged in
|
|
||||||
sleep(3)
|
|
||||||
self.wait.until(
|
|
||||||
ec.presence_of_element_located(
|
|
||||||
(By.XPATH, "//a[contains(@href, '/-/user/')]")
|
|
||||||
)
|
|
||||||
)
|
|
||||||
self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").click()
|
|
||||||
|
|
||||||
self.assertEqual(
|
|
||||||
self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").text,
|
|
||||||
"foo",
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
self.driver.find_element(By.ID, "id_name").get_attribute("value"),
|
|
||||||
"some name",
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
self.driver.find_element(By.ID, "id_email").get_attribute("value"),
|
|
||||||
"foo@bar.baz",
|
|
||||||
)
|
|
|
@ -0,0 +1,260 @@
|
||||||
|
"""Test Enroll flow"""
|
||||||
|
from time import sleep
|
||||||
|
|
||||||
|
from django.test import override_settings
|
||||||
|
from selenium.webdriver.common.by import By
|
||||||
|
from selenium.webdriver.support import expected_conditions as ec
|
||||||
|
|
||||||
|
from docker import DockerClient, from_env
|
||||||
|
from docker.models.containers import Container
|
||||||
|
from docker.types import Healthcheck
|
||||||
|
from e2e.utils import USER, SeleniumTestCase
|
||||||
|
from passbook.flows.models import Flow, FlowDesignation, FlowStageBinding
|
||||||
|
from passbook.policies.expression.models import ExpressionPolicy
|
||||||
|
from passbook.policies.models import PolicyBinding
|
||||||
|
from passbook.stages.email.models import EmailStage, EmailTemplates
|
||||||
|
from passbook.stages.identification.models import IdentificationStage
|
||||||
|
from passbook.stages.prompt.models import FieldTypes, Prompt, PromptStage
|
||||||
|
from passbook.stages.user_login.models import UserLoginStage
|
||||||
|
from passbook.stages.user_write.models import UserWriteStage
|
||||||
|
|
||||||
|
|
||||||
|
class TestFlowsEnroll(SeleniumTestCase):
|
||||||
|
"""Test Enroll flow"""
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super().setUp()
|
||||||
|
self.container = self.setup_client()
|
||||||
|
|
||||||
|
def setup_client(self) -> Container:
|
||||||
|
"""Setup test IdP container"""
|
||||||
|
client: DockerClient = from_env()
|
||||||
|
container = client.containers.run(
|
||||||
|
image="mailhog/mailhog",
|
||||||
|
detach=True,
|
||||||
|
network_mode="host",
|
||||||
|
auto_remove=True,
|
||||||
|
healthcheck=Healthcheck(
|
||||||
|
test=["CMD", "wget", "-s", "http://localhost:8025"],
|
||||||
|
interval=5 * 100 * 1000000,
|
||||||
|
start_period=1 * 100 * 1000000,
|
||||||
|
),
|
||||||
|
)
|
||||||
|
while True:
|
||||||
|
container.reload()
|
||||||
|
status = container.attrs.get("State", {}).get("Health", {}).get("Status")
|
||||||
|
if status == "healthy":
|
||||||
|
return container
|
||||||
|
sleep(1)
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
self.container.kill()
|
||||||
|
super().tearDown()
|
||||||
|
|
||||||
|
def test_enroll_2_step(self):
|
||||||
|
"""Test 2-step enroll flow"""
|
||||||
|
# First stage fields
|
||||||
|
username_prompt = Prompt.objects.create(
|
||||||
|
field_key="username", label="Username", order=0, type=FieldTypes.TEXT
|
||||||
|
)
|
||||||
|
password = Prompt.objects.create(
|
||||||
|
field_key="password", label="Password", order=1, type=FieldTypes.PASSWORD
|
||||||
|
)
|
||||||
|
password_repeat = Prompt.objects.create(
|
||||||
|
field_key="password_repeat",
|
||||||
|
label="Password (repeat)",
|
||||||
|
order=2,
|
||||||
|
type=FieldTypes.PASSWORD,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Second stage fields
|
||||||
|
name_field = Prompt.objects.create(
|
||||||
|
field_key="name", label="Name", order=0, type=FieldTypes.TEXT
|
||||||
|
)
|
||||||
|
email = Prompt.objects.create(
|
||||||
|
field_key="email", label="E-Mail", order=1, type=FieldTypes.EMAIL
|
||||||
|
)
|
||||||
|
|
||||||
|
# Stages
|
||||||
|
first_stage = PromptStage.objects.create(name="prompt-stage-first")
|
||||||
|
first_stage.fields.set([username_prompt, password, password_repeat])
|
||||||
|
first_stage.save()
|
||||||
|
second_stage = PromptStage.objects.create(name="prompt-stage-second")
|
||||||
|
second_stage.fields.set([name_field, email])
|
||||||
|
second_stage.save()
|
||||||
|
user_write = UserWriteStage.objects.create(name="enroll-user-write")
|
||||||
|
user_login = UserLoginStage.objects.create(name="enroll-user-login")
|
||||||
|
|
||||||
|
# Password checking policy
|
||||||
|
password_policy = ExpressionPolicy.objects.create(
|
||||||
|
name="policy-enrollment-password-equals",
|
||||||
|
expression="return request.context['password'] == request.context['password_repeat']",
|
||||||
|
)
|
||||||
|
PolicyBinding.objects.create(
|
||||||
|
target=first_stage, policy=password_policy, order=0
|
||||||
|
)
|
||||||
|
|
||||||
|
flow = Flow.objects.create(
|
||||||
|
name="default-enrollment-flow",
|
||||||
|
slug="default-enrollment-flow",
|
||||||
|
designation=FlowDesignation.ENROLLMENT,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Attach enrollment flow to identification stage
|
||||||
|
ident_stage: IdentificationStage = IdentificationStage.objects.first()
|
||||||
|
ident_stage.enrollment_flow = flow
|
||||||
|
ident_stage.save()
|
||||||
|
|
||||||
|
FlowStageBinding.objects.create(flow=flow, stage=first_stage, order=0)
|
||||||
|
FlowStageBinding.objects.create(flow=flow, stage=second_stage, order=1)
|
||||||
|
FlowStageBinding.objects.create(flow=flow, stage=user_write, order=2)
|
||||||
|
FlowStageBinding.objects.create(flow=flow, stage=user_login, order=3)
|
||||||
|
|
||||||
|
self.driver.get(self.live_server_url)
|
||||||
|
self.wait.until(
|
||||||
|
ec.presence_of_element_located((By.CSS_SELECTOR, "[role=enroll]"))
|
||||||
|
)
|
||||||
|
self.driver.find_element(By.CSS_SELECTOR, "[role=enroll]").click()
|
||||||
|
|
||||||
|
self.wait.until(ec.presence_of_element_located((By.ID, "id_username")))
|
||||||
|
self.driver.find_element(By.ID, "id_username").send_keys("foo")
|
||||||
|
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
||||||
|
self.driver.find_element(By.ID, "id_password_repeat").send_keys(USER().username)
|
||||||
|
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
|
||||||
|
self.driver.find_element(By.ID, "id_name").send_keys("some name")
|
||||||
|
self.driver.find_element(By.ID, "id_email").send_keys("foo@bar.baz")
|
||||||
|
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
|
||||||
|
|
||||||
|
self.wait.until(ec.presence_of_element_located((By.LINK_TEXT, "foo")))
|
||||||
|
self.driver.find_element(By.LINK_TEXT, "foo").click()
|
||||||
|
|
||||||
|
self.wait_for_url(self.url("passbook_core:user-settings"))
|
||||||
|
self.assertEqual(
|
||||||
|
self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").text,
|
||||||
|
"foo",
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
self.driver.find_element(By.ID, "id_name").get_attribute("value"),
|
||||||
|
"some name",
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
self.driver.find_element(By.ID, "id_email").get_attribute("value"),
|
||||||
|
"foo@bar.baz",
|
||||||
|
)
|
||||||
|
|
||||||
|
@override_settings(EMAIL_BACKEND="django.core.mail.backends.smtp.EmailBackend")
|
||||||
|
def test_enroll_email(self):
|
||||||
|
"""Test enroll with Email verification"""
|
||||||
|
# First stage fields
|
||||||
|
username_prompt = Prompt.objects.create(
|
||||||
|
field_key="username", label="Username", order=0, type=FieldTypes.TEXT
|
||||||
|
)
|
||||||
|
password = Prompt.objects.create(
|
||||||
|
field_key="password", label="Password", order=1, type=FieldTypes.PASSWORD
|
||||||
|
)
|
||||||
|
password_repeat = Prompt.objects.create(
|
||||||
|
field_key="password_repeat",
|
||||||
|
label="Password (repeat)",
|
||||||
|
order=2,
|
||||||
|
type=FieldTypes.PASSWORD,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Second stage fields
|
||||||
|
name_field = Prompt.objects.create(
|
||||||
|
field_key="name", label="Name", order=0, type=FieldTypes.TEXT
|
||||||
|
)
|
||||||
|
email = Prompt.objects.create(
|
||||||
|
field_key="email", label="E-Mail", order=1, type=FieldTypes.EMAIL
|
||||||
|
)
|
||||||
|
|
||||||
|
# Stages
|
||||||
|
first_stage = PromptStage.objects.create(name="prompt-stage-first")
|
||||||
|
first_stage.fields.set([username_prompt, password, password_repeat])
|
||||||
|
first_stage.save()
|
||||||
|
second_stage = PromptStage.objects.create(name="prompt-stage-second")
|
||||||
|
second_stage.fields.set([name_field, email])
|
||||||
|
second_stage.save()
|
||||||
|
email_stage = EmailStage.objects.create(
|
||||||
|
name="enroll-email",
|
||||||
|
host="localhost",
|
||||||
|
port=1025,
|
||||||
|
template=EmailTemplates.ACCOUNT_CONFIRM,
|
||||||
|
)
|
||||||
|
user_write = UserWriteStage.objects.create(name="enroll-user-write")
|
||||||
|
user_login = UserLoginStage.objects.create(name="enroll-user-login")
|
||||||
|
|
||||||
|
# Password checking policy
|
||||||
|
password_policy = ExpressionPolicy.objects.create(
|
||||||
|
name="policy-enrollment-password-equals",
|
||||||
|
expression="return request.context['password'] == request.context['password_repeat']",
|
||||||
|
)
|
||||||
|
PolicyBinding.objects.create(
|
||||||
|
target=first_stage, policy=password_policy, order=0
|
||||||
|
)
|
||||||
|
|
||||||
|
flow = Flow.objects.create(
|
||||||
|
name="default-enrollment-flow",
|
||||||
|
slug="default-enrollment-flow",
|
||||||
|
designation=FlowDesignation.ENROLLMENT,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Attach enrollment flow to identification stage
|
||||||
|
ident_stage: IdentificationStage = IdentificationStage.objects.first()
|
||||||
|
ident_stage.enrollment_flow = flow
|
||||||
|
ident_stage.save()
|
||||||
|
|
||||||
|
FlowStageBinding.objects.create(flow=flow, stage=first_stage, order=0)
|
||||||
|
FlowStageBinding.objects.create(flow=flow, stage=second_stage, order=1)
|
||||||
|
FlowStageBinding.objects.create(flow=flow, stage=user_write, order=2)
|
||||||
|
FlowStageBinding.objects.create(flow=flow, stage=email_stage, order=3)
|
||||||
|
FlowStageBinding.objects.create(flow=flow, stage=user_login, order=4)
|
||||||
|
|
||||||
|
self.driver.get(self.live_server_url)
|
||||||
|
self.driver.find_element(By.CSS_SELECTOR, "[role=enroll]").click()
|
||||||
|
self.driver.find_element(By.ID, "id_username").send_keys("foo")
|
||||||
|
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
||||||
|
self.driver.find_element(By.ID, "id_password_repeat").send_keys(USER().username)
|
||||||
|
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
|
||||||
|
self.driver.find_element(By.ID, "id_name").send_keys("some name")
|
||||||
|
self.driver.find_element(By.ID, "id_email").send_keys("foo@bar.baz")
|
||||||
|
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
|
||||||
|
sleep(3)
|
||||||
|
|
||||||
|
# Open Mailhog
|
||||||
|
self.driver.get("http://localhost:8025")
|
||||||
|
|
||||||
|
# Click on first message
|
||||||
|
self.driver.find_element(By.CLASS_NAME, "msglist-message").click()
|
||||||
|
sleep(3)
|
||||||
|
self.driver.switch_to.frame(self.driver.find_element(By.CLASS_NAME, "tab-pane"))
|
||||||
|
self.driver.find_element(By.ID, "confirm").click()
|
||||||
|
self.driver.close()
|
||||||
|
self.driver.switch_to.window(self.driver.window_handles[0])
|
||||||
|
|
||||||
|
# We're now logged in
|
||||||
|
sleep(3)
|
||||||
|
self.wait.until(
|
||||||
|
ec.presence_of_element_located(
|
||||||
|
(By.XPATH, "//a[contains(@href, '/-/user/')]")
|
||||||
|
)
|
||||||
|
)
|
||||||
|
self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").click()
|
||||||
|
|
||||||
|
self.assertEqual(
|
||||||
|
self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").text,
|
||||||
|
"foo",
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
self.driver.find_element(By.ID, "id_username").get_attribute("value"), "foo"
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
self.driver.find_element(By.ID, "id_name").get_attribute("value"),
|
||||||
|
"some name",
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
self.driver.find_element(By.ID, "id_email").get_attribute("value"),
|
||||||
|
"foo@bar.baz",
|
||||||
|
)
|
|
@ -5,7 +5,7 @@ from selenium.webdriver.common.keys import Keys
|
||||||
from e2e.utils import USER, SeleniumTestCase
|
from e2e.utils import USER, SeleniumTestCase
|
||||||
|
|
||||||
|
|
||||||
class TestLogin(SeleniumTestCase):
|
class TestFlowsLogin(SeleniumTestCase):
|
||||||
"""test default login flow"""
|
"""test default login flow"""
|
||||||
|
|
||||||
def test_login(self):
|
def test_login(self):
|
|
@ -0,0 +1,41 @@
|
||||||
|
"""test stage setup flows (password change)"""
|
||||||
|
import string
|
||||||
|
from random import SystemRandom
|
||||||
|
from time import sleep
|
||||||
|
|
||||||
|
from selenium.webdriver.common.by import By
|
||||||
|
from selenium.webdriver.common.keys import Keys
|
||||||
|
|
||||||
|
from e2e.utils import USER, SeleniumTestCase
|
||||||
|
from passbook.core.models import User
|
||||||
|
|
||||||
|
|
||||||
|
class TestFlowsStageSetup(SeleniumTestCase):
|
||||||
|
"""test stage setup flows"""
|
||||||
|
|
||||||
|
def test_password_change(self):
|
||||||
|
"""test password change flow"""
|
||||||
|
new_password = "".join(
|
||||||
|
SystemRandom().choice(string.ascii_uppercase + string.digits)
|
||||||
|
for _ in range(8)
|
||||||
|
)
|
||||||
|
|
||||||
|
self.driver.get(
|
||||||
|
f"{self.live_server_url}/flows/default-authentication-flow/?next=%2F"
|
||||||
|
)
|
||||||
|
self.driver.find_element(By.ID, "id_uid_field").send_keys(USER().username)
|
||||||
|
self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
|
||||||
|
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
||||||
|
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
||||||
|
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-page__header").click()
|
||||||
|
self.driver.find_element(By.XPATH, "//a[contains(@href, '/-/user/')]").click()
|
||||||
|
self.driver.find_element(By.LINK_TEXT, "Change password").click()
|
||||||
|
self.driver.find_element(By.ID, "id_password").send_keys(new_password)
|
||||||
|
self.driver.find_element(By.ID, "id_password_repeat").click()
|
||||||
|
self.driver.find_element(By.ID, "id_password_repeat").send_keys(new_password)
|
||||||
|
self.driver.find_element(By.CSS_SELECTOR, ".pf-c-button").click()
|
||||||
|
|
||||||
|
sleep(2)
|
||||||
|
# Because USER() is cached, we need to get the user manually here
|
||||||
|
user = User.objects.get(username=USER().username)
|
||||||
|
self.assertTrue(user.check_password(new_password))
|
|
@ -88,6 +88,7 @@ class TestProviderSAML(SeleniumTestCase):
|
||||||
self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
|
self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
|
||||||
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
||||||
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
||||||
|
self.wait_for_url("http://localhost:9009/")
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
self.driver.find_element(By.XPATH, "/html/body/pre").text,
|
self.driver.find_element(By.XPATH, "/html/body/pre").text,
|
||||||
f"Hello, {USER().name}!",
|
f"Hello, {USER().name}!",
|
||||||
|
@ -128,6 +129,7 @@ class TestProviderSAML(SeleniumTestCase):
|
||||||
).text,
|
).text,
|
||||||
)
|
)
|
||||||
self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
|
self.driver.find_element(By.CSS_SELECTOR, "[type=submit]").click()
|
||||||
|
self.wait_for_url("http://localhost:9009/")
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
self.driver.find_element(By.XPATH, "/html/body/pre").text,
|
self.driver.find_element(By.XPATH, "/html/body/pre").text,
|
||||||
f"Hello, {USER().name}!",
|
f"Hello, {USER().name}!",
|
||||||
|
@ -166,6 +168,7 @@ class TestProviderSAML(SeleniumTestCase):
|
||||||
self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
|
self.driver.find_element(By.ID, "id_uid_field").send_keys(Keys.ENTER)
|
||||||
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
self.driver.find_element(By.ID, "id_password").send_keys(USER().username)
|
||||||
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
self.driver.find_element(By.ID, "id_password").send_keys(Keys.ENTER)
|
||||||
|
self.wait_for_url("http://localhost:9009/")
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
self.driver.find_element(By.XPATH, "/html/body/pre").text,
|
self.driver.find_element(By.XPATH, "/html/body/pre").text,
|
||||||
f"Hello, {USER().name}!",
|
f"Hello, {USER().name}!",
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
<table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
|
<table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
|
||||||
<thead>
|
<thead>
|
||||||
<tr role="row">
|
<tr role="row">
|
||||||
<th role="columnheader" scope="col">{% trans 'Name' %}</th>
|
<th role="columnheader" scope="col">{% trans 'Identifier' %}</th>
|
||||||
<th role="columnheader" scope="col">{% trans 'Designation' %}</th>
|
<th role="columnheader" scope="col">{% trans 'Designation' %}</th>
|
||||||
<th role="columnheader" scope="col">{% trans 'Stages' %}</th>
|
<th role="columnheader" scope="col">{% trans 'Stages' %}</th>
|
||||||
<th role="columnheader" scope="col">{% trans 'Policies' %}</th>
|
<th role="columnheader" scope="col">{% trans 'Policies' %}</th>
|
||||||
|
@ -39,8 +39,8 @@
|
||||||
<tr role="row">
|
<tr role="row">
|
||||||
<th role="columnheader">
|
<th role="columnheader">
|
||||||
<div>
|
<div>
|
||||||
<div>{{ flow.name }}</div>
|
<div>{{ flow.slug }}</div>
|
||||||
<small>{{ flow.slug }}</small>
|
<small>{{ flow.name }}</small>
|
||||||
</div>
|
</div>
|
||||||
</th>
|
</th>
|
||||||
<td role="cell">
|
<td role="cell">
|
||||||
|
|
|
@ -12,6 +12,7 @@ from django.core.exceptions import ValidationError
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.http import HttpRequest
|
from django.http import HttpRequest
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
from django.views.debug import CLEANSED_SUBSTITUTE, HIDDEN_SETTINGS
|
||||||
from guardian.shortcuts import get_anonymous_user
|
from guardian.shortcuts import get_anonymous_user
|
||||||
from structlog import get_logger
|
from structlog import get_logger
|
||||||
|
|
||||||
|
@ -20,6 +21,22 @@ from passbook.lib.utils.http import get_client_ip
|
||||||
LOGGER = get_logger()
|
LOGGER = get_logger()
|
||||||
|
|
||||||
|
|
||||||
|
def cleanse_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
|
||||||
|
"""Cleanse a dictionary, recursively"""
|
||||||
|
final_dict = {}
|
||||||
|
for key, value in source.items():
|
||||||
|
try:
|
||||||
|
if HIDDEN_SETTINGS.search(key):
|
||||||
|
final_dict[key] = CLEANSED_SUBSTITUTE
|
||||||
|
else:
|
||||||
|
final_dict[key] = value
|
||||||
|
except TypeError:
|
||||||
|
final_dict[key] = value
|
||||||
|
if isinstance(value, dict):
|
||||||
|
final_dict[key] = cleanse_dict(value)
|
||||||
|
return final_dict
|
||||||
|
|
||||||
|
|
||||||
def sanitize_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
|
def sanitize_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
|
||||||
"""clean source of all Models that would interfere with the JSONField.
|
"""clean source of all Models that would interfere with the JSONField.
|
||||||
Models are replaced with a dictionary of {
|
Models are replaced with a dictionary of {
|
||||||
|
@ -27,15 +44,16 @@ def sanitize_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
|
||||||
name: str,
|
name: str,
|
||||||
pk: Any
|
pk: Any
|
||||||
}"""
|
}"""
|
||||||
|
final_dict = {}
|
||||||
for key, value in source.items():
|
for key, value in source.items():
|
||||||
if isinstance(value, dict):
|
if isinstance(value, dict):
|
||||||
source[key] = sanitize_dict(value)
|
final_dict[key] = sanitize_dict(value)
|
||||||
elif isinstance(value, models.Model):
|
elif isinstance(value, models.Model):
|
||||||
model_content_type = ContentType.objects.get_for_model(value)
|
model_content_type = ContentType.objects.get_for_model(value)
|
||||||
name = str(value)
|
name = str(value)
|
||||||
if hasattr(value, "name"):
|
if hasattr(value, "name"):
|
||||||
name = value.name
|
name = value.name
|
||||||
source[key] = sanitize_dict(
|
final_dict[key] = sanitize_dict(
|
||||||
{
|
{
|
||||||
"app": model_content_type.app_label,
|
"app": model_content_type.app_label,
|
||||||
"model_name": model_content_type.model,
|
"model_name": model_content_type.model,
|
||||||
|
@ -44,8 +62,10 @@ def sanitize_dict(source: Dict[Any, Any]) -> Dict[Any, Any]:
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
elif isinstance(value, UUID):
|
elif isinstance(value, UUID):
|
||||||
source[key] = value.hex
|
final_dict[key] = value.hex
|
||||||
return source
|
else:
|
||||||
|
final_dict[key] = value
|
||||||
|
return final_dict
|
||||||
|
|
||||||
|
|
||||||
class EventAction(Enum):
|
class EventAction(Enum):
|
||||||
|
@ -104,7 +124,7 @@ class Event(models.Model):
|
||||||
)
|
)
|
||||||
if not app:
|
if not app:
|
||||||
app = getmodule(stack()[_inspect_offset][0]).__name__
|
app = getmodule(stack()[_inspect_offset][0]).__name__
|
||||||
cleaned_kwargs = sanitize_dict(kwargs)
|
cleaned_kwargs = cleanse_dict(sanitize_dict(kwargs))
|
||||||
event = Event(action=action.value, app=app, context=cleaned_kwargs)
|
event = Event(action=action.value, app=app, context=cleaned_kwargs)
|
||||||
return event
|
return event
|
||||||
|
|
||||||
|
|
|
@ -25,8 +25,7 @@
|
||||||
<ul class="pf-c-nav__list">
|
<ul class="pf-c-nav__list">
|
||||||
{% for stage in user_stages_loc %}
|
{% for stage in user_stages_loc %}
|
||||||
<li class="pf-c-nav__item">
|
<li class="pf-c-nav__item">
|
||||||
<a href="{% url stage.view_name %}" class="pf-c-nav__link {% is_active stage.view_name %}">
|
<a href="{{ stage.url }}" class="pf-c-nav__link {% is_active stage.view_name %}">
|
||||||
<i class="{{ stage.icon }}"></i>
|
|
||||||
{{ stage.name }}
|
{{ stage.name }}
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
|
@ -43,7 +42,6 @@
|
||||||
<li class="pf-c-nav__item">
|
<li class="pf-c-nav__item">
|
||||||
<a href="{{ source.view_name }}"
|
<a href="{{ source.view_name }}"
|
||||||
class="pf-c-nav__link {% if user_settings.view_name == request.get_full_path %} pf-m-current {% endif %}">
|
class="pf-c-nav__link {% if user_settings.view_name == request.get_full_path %} pf-m-current {% endif %}">
|
||||||
<i class="{{ source.icon }}"></i>
|
|
||||||
{{ source.name }}
|
{{ source.name }}
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -38,9 +38,7 @@ def user_sources(context: RequestContext) -> List[UIUserSettings]:
|
||||||
user_settings = source.ui_user_settings
|
user_settings = source.ui_user_settings
|
||||||
if not user_settings:
|
if not user_settings:
|
||||||
continue
|
continue
|
||||||
policy_engine = PolicyEngine(
|
policy_engine = PolicyEngine(source, user, context.get("request"))
|
||||||
source.policies.all(), user, context.get("request")
|
|
||||||
)
|
|
||||||
policy_engine.build()
|
policy_engine.build()
|
||||||
if policy_engine.passing:
|
if policy_engine.passing:
|
||||||
matching_sources.append(user_settings)
|
matching_sources.append(user_settings)
|
||||||
|
|
|
@ -8,8 +8,7 @@ class UIUserSettings:
|
||||||
"""Dataclass for Stage and Source's user_settings"""
|
"""Dataclass for Stage and Source's user_settings"""
|
||||||
|
|
||||||
name: str
|
name: str
|
||||||
icon: str
|
url: str
|
||||||
view_name: str
|
|
||||||
|
|
||||||
|
|
||||||
@dataclass
|
@dataclass
|
||||||
|
|
|
@ -20,42 +20,38 @@ def create_default_authentication_flow(
|
||||||
)
|
)
|
||||||
db_alias = schema_editor.connection.alias
|
db_alias = schema_editor.connection.alias
|
||||||
|
|
||||||
if (
|
identification_stage, _ = IdentificationStage.objects.using(
|
||||||
Flow.objects.using(db_alias)
|
db_alias
|
||||||
.filter(designation=FlowDesignation.AUTHENTICATION)
|
).update_or_create(
|
||||||
.exists()
|
name="default-authentication-identification",
|
||||||
):
|
defaults={
|
||||||
# Only create default flow when none exist
|
"user_fields": [UserFields.E_MAIL, UserFields.USERNAME],
|
||||||
return
|
"template": Templates.DEFAULT_LOGIN,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
if not IdentificationStage.objects.using(db_alias).exists():
|
password_stage, _ = PasswordStage.objects.using(db_alias).update_or_create(
|
||||||
IdentificationStage.objects.using(db_alias).create(
|
name="default-authentication-password",
|
||||||
name="identification",
|
defaults={"backends": ["django.contrib.auth.backends.ModelBackend"]},
|
||||||
user_fields=[UserFields.E_MAIL, UserFields.USERNAME],
|
)
|
||||||
template=Templates.DEFAULT_LOGIN,
|
|
||||||
)
|
|
||||||
|
|
||||||
if not PasswordStage.objects.using(db_alias).exists():
|
login_stage, _ = UserLoginStage.objects.using(db_alias).update_or_create(
|
||||||
PasswordStage.objects.using(db_alias).create(
|
name="default-authentication-login"
|
||||||
name="password", backends=["django.contrib.auth.backends.ModelBackend"],
|
)
|
||||||
)
|
|
||||||
|
|
||||||
if not UserLoginStage.objects.using(db_alias).exists():
|
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||||
UserLoginStage.objects.using(db_alias).create(name="authentication")
|
|
||||||
|
|
||||||
flow = Flow.objects.using(db_alias).create(
|
|
||||||
name="Welcome to passbook!",
|
|
||||||
slug="default-authentication-flow",
|
slug="default-authentication-flow",
|
||||||
designation=FlowDesignation.AUTHENTICATION,
|
designation=FlowDesignation.AUTHENTICATION,
|
||||||
|
defaults={"name": "Welcome to passbook!",},
|
||||||
)
|
)
|
||||||
FlowStageBinding.objects.using(db_alias).create(
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
flow=flow, stage=IdentificationStage.objects.using(db_alias).first(), order=0,
|
flow=flow, stage=identification_stage, defaults={"order": 0,},
|
||||||
)
|
)
|
||||||
FlowStageBinding.objects.using(db_alias).create(
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
flow=flow, stage=PasswordStage.objects.using(db_alias).first(), order=1,
|
flow=flow, stage=password_stage, defaults={"order": 1,},
|
||||||
)
|
)
|
||||||
FlowStageBinding.objects.using(db_alias).create(
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
flow=flow, stage=UserLoginStage.objects.using(db_alias).first(), order=2,
|
flow=flow, stage=login_stage, defaults={"order": 2,},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -67,24 +63,19 @@ def create_default_invalidation_flow(
|
||||||
UserLogoutStage = apps.get_model("passbook_stages_user_logout", "UserLogoutStage")
|
UserLogoutStage = apps.get_model("passbook_stages_user_logout", "UserLogoutStage")
|
||||||
db_alias = schema_editor.connection.alias
|
db_alias = schema_editor.connection.alias
|
||||||
|
|
||||||
if (
|
UserLogoutStage.objects.using(db_alias).update_or_create(
|
||||||
Flow.objects.using(db_alias)
|
name="default-invalidation-logout"
|
||||||
.filter(designation=FlowDesignation.INVALIDATION)
|
)
|
||||||
.exists()
|
|
||||||
):
|
|
||||||
# Only create default flow when none exist
|
|
||||||
return
|
|
||||||
|
|
||||||
if not UserLogoutStage.objects.using(db_alias).exists():
|
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||||
UserLogoutStage.objects.using(db_alias).create(name="logout")
|
|
||||||
|
|
||||||
flow = Flow.objects.using(db_alias).create(
|
|
||||||
name="default-invalidation-flow",
|
|
||||||
slug="default-invalidation-flow",
|
slug="default-invalidation-flow",
|
||||||
designation=FlowDesignation.INVALIDATION,
|
designation=FlowDesignation.INVALIDATION,
|
||||||
|
defaults={"name": "Logout",},
|
||||||
)
|
)
|
||||||
FlowStageBinding.objects.using(db_alias).create(
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
flow=flow, stage=UserLogoutStage.objects.using(db_alias).first(), order=0,
|
flow=flow,
|
||||||
|
stage=UserLogoutStage.objects.using(db_alias).first(),
|
||||||
|
defaults={"order": 0,},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -34,60 +34,63 @@ def create_default_source_enrollment_flow(
|
||||||
db_alias = schema_editor.connection.alias
|
db_alias = schema_editor.connection.alias
|
||||||
|
|
||||||
# Create a policy that only allows this flow when doing an SSO Request
|
# Create a policy that only allows this flow when doing an SSO Request
|
||||||
flow_policy = ExpressionPolicy.objects.using(db_alias).create(
|
flow_policy, _ = ExpressionPolicy.objects.using(db_alias).update_or_create(
|
||||||
name="default-source-enrollment-if-sso", expression=FLOW_POLICY_EXPRESSION
|
name="default-source-enrollment-if-sso",
|
||||||
|
defaults={"expression": FLOW_POLICY_EXPRESSION},
|
||||||
)
|
)
|
||||||
|
|
||||||
# This creates a Flow used by sources to enroll users
|
# This creates a Flow used by sources to enroll users
|
||||||
# It makes sure that a username is set, and if not, prompts the user for a Username
|
# It makes sure that a username is set, and if not, prompts the user for a Username
|
||||||
flow = Flow.objects.using(db_alias).create(
|
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||||
name="default-source-enrollment",
|
|
||||||
slug="default-source-enrollment",
|
slug="default-source-enrollment",
|
||||||
designation=FlowDesignation.ENROLLMENT,
|
designation=FlowDesignation.ENROLLMENT,
|
||||||
|
defaults={"name": "Welcome to passbook!",},
|
||||||
)
|
)
|
||||||
PolicyBinding.objects.using(db_alias).create(
|
PolicyBinding.objects.using(db_alias).update_or_create(
|
||||||
policy=flow_policy, target=flow, order=0
|
policy=flow_policy, target=flow, defaults={"order": 0}
|
||||||
)
|
)
|
||||||
|
|
||||||
# PromptStage to ask user for their username
|
# PromptStage to ask user for their username
|
||||||
prompt_stage = PromptStage.objects.using(db_alias).create(
|
prompt_stage, _ = PromptStage.objects.using(db_alias).update_or_create(
|
||||||
name="default-source-enrollment-username-prompt",
|
name="default-source-enrollment-username-prompt",
|
||||||
)
|
)
|
||||||
prompt_stage.fields.add(
|
prompt, _ = Prompt.objects.using(db_alias).update_or_create(
|
||||||
Prompt.objects.using(db_alias).create(
|
field_key="username",
|
||||||
field_key="username",
|
defaults={
|
||||||
label="Username",
|
"label": "Username",
|
||||||
type=FieldTypes.TEXT,
|
"type": FieldTypes.TEXT,
|
||||||
required=True,
|
"required": True,
|
||||||
placeholder="Username",
|
"placeholder": "Username",
|
||||||
)
|
},
|
||||||
)
|
)
|
||||||
|
prompt_stage.fields.add(prompt)
|
||||||
|
|
||||||
# Policy to only trigger prompt when no username is given
|
# Policy to only trigger prompt when no username is given
|
||||||
prompt_policy = ExpressionPolicy.objects.using(db_alias).create(
|
prompt_policy, _ = ExpressionPolicy.objects.using(db_alias).update_or_create(
|
||||||
name="default-source-enrollment-if-username",
|
name="default-source-enrollment-if-username",
|
||||||
expression=PROMPT_POLICY_EXPRESSION,
|
defaults={"expression": PROMPT_POLICY_EXPRESSION},
|
||||||
)
|
)
|
||||||
|
|
||||||
# UserWrite stage to create the user, and login stage to log user in
|
# UserWrite stage to create the user, and login stage to log user in
|
||||||
user_write = UserWriteStage.objects.using(db_alias).create(
|
user_write, _ = UserWriteStage.objects.using(db_alias).update_or_create(
|
||||||
name="default-source-enrollment-write"
|
name="default-source-enrollment-write"
|
||||||
)
|
)
|
||||||
user_login = UserLoginStage.objects.using(db_alias).create(
|
user_login, _ = UserLoginStage.objects.using(db_alias).update_or_create(
|
||||||
name="default-source-enrollment-login"
|
name="default-source-enrollment-login"
|
||||||
)
|
)
|
||||||
|
|
||||||
binding = FlowStageBinding.objects.using(db_alias).create(
|
binding, _ = FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
flow=flow, stage=prompt_stage, order=0
|
flow=flow, stage=prompt_stage, defaults={"order": 0}
|
||||||
)
|
)
|
||||||
PolicyBinding.objects.using(db_alias).create(
|
PolicyBinding.objects.using(db_alias).update_or_create(
|
||||||
policy=prompt_policy, target=binding, order=0
|
policy=prompt_policy, target=binding, defaults={"order": 0}
|
||||||
)
|
)
|
||||||
|
|
||||||
FlowStageBinding.objects.using(db_alias).create(
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
flow=flow, stage=user_write, order=1
|
flow=flow, stage=user_write, defaults={"order": 1}
|
||||||
)
|
)
|
||||||
FlowStageBinding.objects.using(db_alias).create(
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
flow=flow, stage=user_login, order=2
|
flow=flow, stage=user_login, defaults={"order": 2}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -107,25 +110,26 @@ def create_default_source_authentication_flow(
|
||||||
db_alias = schema_editor.connection.alias
|
db_alias = schema_editor.connection.alias
|
||||||
|
|
||||||
# Create a policy that only allows this flow when doing an SSO Request
|
# Create a policy that only allows this flow when doing an SSO Request
|
||||||
flow_policy = ExpressionPolicy.objects.using(db_alias).create(
|
flow_policy, _ = ExpressionPolicy.objects.using(db_alias).update_or_create(
|
||||||
name="default-source-authentication-if-sso", expression=FLOW_POLICY_EXPRESSION
|
name="default-source-authentication-if-sso",
|
||||||
|
defaults={"expression": FLOW_POLICY_EXPRESSION,},
|
||||||
)
|
)
|
||||||
|
|
||||||
# This creates a Flow used by sources to authenticate users
|
# This creates a Flow used by sources to authenticate users
|
||||||
flow = Flow.objects.using(db_alias).create(
|
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||||
name="default-source-authentication",
|
|
||||||
slug="default-source-authentication",
|
slug="default-source-authentication",
|
||||||
designation=FlowDesignation.AUTHENTICATION,
|
designation=FlowDesignation.AUTHENTICATION,
|
||||||
|
defaults={"name": "Welcome to passbook!",},
|
||||||
)
|
)
|
||||||
PolicyBinding.objects.using(db_alias).create(
|
PolicyBinding.objects.using(db_alias).update_or_create(
|
||||||
policy=flow_policy, target=flow, order=0
|
policy=flow_policy, target=flow, defaults={"order": 0}
|
||||||
)
|
)
|
||||||
|
|
||||||
user_login = UserLoginStage.objects.using(db_alias).create(
|
user_login, _ = UserLoginStage.objects.using(db_alias).update_or_create(
|
||||||
name="default-source-authentication-login"
|
name="default-source-authentication-login"
|
||||||
)
|
)
|
||||||
FlowStageBinding.objects.using(db_alias).create(
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
flow=flow, stage=user_login, order=0
|
flow=flow, stage=user_login, defaults={"order": 0}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
||||||
from passbook.flows.models import FlowDesignation
|
from passbook.flows.models import FlowDesignation
|
||||||
|
|
||||||
|
|
||||||
def create_default_provider_authz_flow(
|
def create_default_provider_authorization_flow(
|
||||||
apps: Apps, schema_editor: BaseDatabaseSchemaEditor
|
apps: Apps, schema_editor: BaseDatabaseSchemaEditor
|
||||||
):
|
):
|
||||||
Flow = apps.get_model("passbook_flows", "Flow")
|
Flow = apps.get_model("passbook_flows", "Flow")
|
||||||
|
@ -18,22 +18,24 @@ def create_default_provider_authz_flow(
|
||||||
db_alias = schema_editor.connection.alias
|
db_alias = schema_editor.connection.alias
|
||||||
|
|
||||||
# Empty flow for providers where consent is implicitly given
|
# Empty flow for providers where consent is implicitly given
|
||||||
Flow.objects.using(db_alias).create(
|
Flow.objects.using(db_alias).update_or_create(
|
||||||
name="Authorize Application",
|
|
||||||
slug="default-provider-authorization-implicit-consent",
|
slug="default-provider-authorization-implicit-consent",
|
||||||
designation=FlowDesignation.AUTHORIZATION,
|
designation=FlowDesignation.AUTHORIZATION,
|
||||||
|
defaults={"name": "Authorize Application"},
|
||||||
)
|
)
|
||||||
|
|
||||||
# Flow with consent form to obtain explicit user consent
|
# Flow with consent form to obtain explicit user consent
|
||||||
flow = Flow.objects.using(db_alias).create(
|
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||||
name="Authorize Application",
|
|
||||||
slug="default-provider-authorization-explicit-consent",
|
slug="default-provider-authorization-explicit-consent",
|
||||||
designation=FlowDesignation.AUTHORIZATION,
|
designation=FlowDesignation.AUTHORIZATION,
|
||||||
|
defaults={"name": "Authorize Application"},
|
||||||
)
|
)
|
||||||
stage = ConsentStage.objects.using(db_alias).create(
|
stage, _ = ConsentStage.objects.using(db_alias).update_or_create(
|
||||||
name="default-provider-authorization-consent"
|
name="default-provider-authorization-consent"
|
||||||
)
|
)
|
||||||
FlowStageBinding.objects.using(db_alias).create(flow=flow, stage=stage, order=0)
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
|
flow=flow, stage=stage, defaults={"order": 0}
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class Migration(migrations.Migration):
|
class Migration(migrations.Migration):
|
||||||
|
@ -43,4 +45,4 @@ class Migration(migrations.Migration):
|
||||||
("passbook_stages_consent", "0001_initial"),
|
("passbook_stages_consent", "0001_initial"),
|
||||||
]
|
]
|
||||||
|
|
||||||
operations = [migrations.RunPython(create_default_provider_authz_flow)]
|
operations = [migrations.RunPython(create_default_provider_authorization_flow)]
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
# Generated by Django 3.0.7 on 2020-06-29 08:57
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("passbook_flows", "0005_provider_flows"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="flow",
|
||||||
|
name="designation",
|
||||||
|
field=models.CharField(
|
||||||
|
choices=[
|
||||||
|
("authentication", "Authentication"),
|
||||||
|
("authorization", "Authorization"),
|
||||||
|
("invalidation", "Invalidation"),
|
||||||
|
("enrollment", "Enrollment"),
|
||||||
|
("unenrollment", "Unrenollment"),
|
||||||
|
("recovery", "Recovery"),
|
||||||
|
("stage_setup", "Stage Setup"),
|
||||||
|
],
|
||||||
|
max_length=100,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
|
@ -25,7 +25,7 @@ class FlowDesignation(models.TextChoices):
|
||||||
ENROLLMENT = "enrollment"
|
ENROLLMENT = "enrollment"
|
||||||
UNRENOLLMENT = "unenrollment"
|
UNRENOLLMENT = "unenrollment"
|
||||||
RECOVERY = "recovery"
|
RECOVERY = "recovery"
|
||||||
PASSWORD_CHANGE = "password_change" # nosec # noqa
|
STAGE_SETUP = "stage_setup"
|
||||||
|
|
||||||
|
|
||||||
class Stage(models.Model):
|
class Stage(models.Model):
|
||||||
|
|
|
@ -36,11 +36,6 @@ urlpatterns = [
|
||||||
ToDefaultFlow.as_view(designation=FlowDesignation.UNRENOLLMENT),
|
ToDefaultFlow.as_view(designation=FlowDesignation.UNRENOLLMENT),
|
||||||
name="default-unenrollment",
|
name="default-unenrollment",
|
||||||
),
|
),
|
||||||
path(
|
|
||||||
"-/default/password_change/",
|
|
||||||
ToDefaultFlow.as_view(designation=FlowDesignation.PASSWORD_CHANGE),
|
|
||||||
name="default-password-change",
|
|
||||||
),
|
|
||||||
path("b/<slug:flow_slug>/", FlowExecutorView.as_view(), name="flow-executor"),
|
path("b/<slug:flow_slug>/", FlowExecutorView.as_view(), name="flow-executor"),
|
||||||
path(
|
path(
|
||||||
"<slug:flow_slug>/", FlowExecutorShellView.as_view(), name="flow-executor-shell"
|
"<slug:flow_slug>/", FlowExecutorShellView.as_view(), name="flow-executor-shell"
|
||||||
|
|
|
@ -15,6 +15,7 @@ from django.views.decorators.clickjacking import xframe_options_sameorigin
|
||||||
from django.views.generic import TemplateView, View
|
from django.views.generic import TemplateView, View
|
||||||
from structlog import get_logger
|
from structlog import get_logger
|
||||||
|
|
||||||
|
from passbook.audit.models import cleanse_dict
|
||||||
from passbook.core.views.utils import PermissionDeniedView
|
from passbook.core.views.utils import PermissionDeniedView
|
||||||
from passbook.flows.exceptions import EmptyFlowException, FlowNonApplicableException
|
from passbook.flows.exceptions import EmptyFlowException, FlowNonApplicableException
|
||||||
from passbook.flows.models import Flow, FlowDesignation, Stage
|
from passbook.flows.models import Flow, FlowDesignation, Stage
|
||||||
|
@ -161,7 +162,7 @@ class FlowExecutorView(View):
|
||||||
LOGGER.debug(
|
LOGGER.debug(
|
||||||
"f(exec): User passed all stages",
|
"f(exec): User passed all stages",
|
||||||
flow_slug=self.flow.slug,
|
flow_slug=self.flow.slug,
|
||||||
context=self.plan.context,
|
context=cleanse_dict(self.plan.context),
|
||||||
)
|
)
|
||||||
return self._flow_done()
|
return self._flow_done()
|
||||||
|
|
||||||
|
|
|
@ -62,15 +62,9 @@ class OAuthSource(Source):
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def ui_user_settings(self) -> UIUserSettings:
|
def ui_user_settings(self) -> UIUserSettings:
|
||||||
icon_type = self.provider_type
|
|
||||||
if icon_type == "azure ad":
|
|
||||||
icon_type = "windows"
|
|
||||||
icon_class = f"fab fa-{icon_type}"
|
|
||||||
view_name = "passbook_sources_oauth:oauth-client-user"
|
view_name = "passbook_sources_oauth:oauth-client-user"
|
||||||
return UIUserSettings(
|
return UIUserSettings(
|
||||||
name=self.name,
|
name=self.name, url=reverse(view_name, kwargs={"source_slug": self.slug}),
|
||||||
icon=icon_class,
|
|
||||||
view_name=reverse((view_name), kwargs={"source_slug": self.slug}),
|
|
||||||
)
|
)
|
||||||
|
|
||||||
def __str__(self) -> str:
|
def __str__(self) -> str:
|
||||||
|
|
|
@ -153,7 +153,7 @@ class Processor:
|
||||||
self, request: HttpRequest, flow: Flow, **kwargs
|
self, request: HttpRequest, flow: Flow, **kwargs
|
||||||
) -> HttpResponse:
|
) -> HttpResponse:
|
||||||
kwargs[PLAN_CONTEXT_SSO] = True
|
kwargs[PLAN_CONTEXT_SSO] = True
|
||||||
request.session[SESSION_KEY_PLAN] = FlowPlanner(flow).plan(request, kwargs,)
|
request.session[SESSION_KEY_PLAN] = FlowPlanner(flow).plan(request, kwargs)
|
||||||
return redirect_with_qs(
|
return redirect_with_qs(
|
||||||
"passbook_flows:flow-executor-shell", request.GET, flow_slug=flow.slug,
|
"passbook_flows:flow-executor-shell", request.GET, flow_slug=flow.slug,
|
||||||
)
|
)
|
||||||
|
|
|
@ -5,6 +5,7 @@ from django.core.validators import validate_email
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from structlog import get_logger
|
from structlog import get_logger
|
||||||
|
|
||||||
|
from passbook.flows.models import Flow, FlowDesignation
|
||||||
from passbook.lib.utils.ui import human_list
|
from passbook.lib.utils.ui import human_list
|
||||||
from passbook.stages.identification.models import IdentificationStage, UserFields
|
from passbook.stages.identification.models import IdentificationStage, UserFields
|
||||||
|
|
||||||
|
@ -14,6 +15,15 @@ LOGGER = get_logger()
|
||||||
class IdentificationStageForm(forms.ModelForm):
|
class IdentificationStageForm(forms.ModelForm):
|
||||||
"""Form to create/edit IdentificationStage instances"""
|
"""Form to create/edit IdentificationStage instances"""
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super().__init__(*args, **kwargs)
|
||||||
|
self.fields["enrollment_flow"].queryset = Flow.objects.filter(
|
||||||
|
designation=FlowDesignation.ENROLLMENT
|
||||||
|
)
|
||||||
|
self.fields["recovery_flow"].queryset = Flow.objects.filter(
|
||||||
|
designation=FlowDesignation.RECOVERY
|
||||||
|
)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = IdentificationStage
|
model = IdentificationStage
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
"""OTP Stage"""
|
"""OTP Stage"""
|
||||||
from django.db import models
|
from django.db import models
|
||||||
|
from django.urls import reverse
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
|
||||||
from passbook.core.types import UIUserSettings
|
from passbook.core.types import UIUserSettings
|
||||||
|
@ -20,9 +21,7 @@ class OTPStage(Stage):
|
||||||
@property
|
@property
|
||||||
def ui_user_settings(self) -> UIUserSettings:
|
def ui_user_settings(self) -> UIUserSettings:
|
||||||
return UIUserSettings(
|
return UIUserSettings(
|
||||||
name="OTP",
|
name="OTP", url=reverse("passbook_stages_otp:otp-user-settings"),
|
||||||
icon="pficon-locked",
|
|
||||||
view_name="passbook_stages_otp:otp-user-settings",
|
|
||||||
)
|
)
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
|
|
|
@ -8,3 +8,4 @@ class PassbookStagePasswordConfig(AppConfig):
|
||||||
name = "passbook.stages.password"
|
name = "passbook.stages.password"
|
||||||
label = "passbook_stages_password"
|
label = "passbook_stages_password"
|
||||||
verbose_name = "passbook Stages.Password"
|
verbose_name = "passbook Stages.Password"
|
||||||
|
mountpoint = "-/user/stage/password/"
|
||||||
|
|
|
@ -3,6 +3,7 @@ from django import forms
|
||||||
from django.contrib.admin.widgets import FilteredSelectMultiple
|
from django.contrib.admin.widgets import FilteredSelectMultiple
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
|
||||||
|
from passbook.flows.models import Flow, FlowDesignation
|
||||||
from passbook.stages.password.models import PasswordStage
|
from passbook.stages.password.models import PasswordStage
|
||||||
|
|
||||||
|
|
||||||
|
@ -40,14 +41,19 @@ class PasswordForm(forms.Form):
|
||||||
class PasswordStageForm(forms.ModelForm):
|
class PasswordStageForm(forms.ModelForm):
|
||||||
"""Form to create/edit Password Stages"""
|
"""Form to create/edit Password Stages"""
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super().__init__(*args, **kwargs)
|
||||||
|
self.fields["change_flow"].queryset = Flow.objects.filter(
|
||||||
|
designation=FlowDesignation.STAGE_SETUP
|
||||||
|
)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = PasswordStage
|
model = PasswordStage
|
||||||
fields = ["name", "backends"]
|
fields = ["name", "backends", "change_flow"]
|
||||||
widgets = {
|
widgets = {
|
||||||
"name": forms.TextInput(),
|
"name": forms.TextInput(),
|
||||||
"backends": FilteredSelectMultiple(
|
"backends": FilteredSelectMultiple(
|
||||||
_("backends"), False, choices=get_authentication_backends()
|
_("backends"), False, choices=get_authentication_backends()
|
||||||
),
|
),
|
||||||
"password_policies": FilteredSelectMultiple(_("password policies"), False),
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,126 @@
|
||||||
|
# Generated by Django 3.0.7 on 2020-06-29 08:51
|
||||||
|
|
||||||
|
import django.db.models.deletion
|
||||||
|
from django.apps.registry import Apps
|
||||||
|
from django.db import migrations, models
|
||||||
|
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
||||||
|
|
||||||
|
from passbook.flows.models import FlowDesignation
|
||||||
|
from passbook.stages.prompt.models import FieldTypes
|
||||||
|
|
||||||
|
PROMPT_POLICY_EXPRESSION = """# Check that both passwords are equal.
|
||||||
|
return request.context['password'] == request.context['password_repeat']"""
|
||||||
|
|
||||||
|
|
||||||
|
def create_default_password_change(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
|
Flow = apps.get_model("passbook_flows", "Flow")
|
||||||
|
FlowStageBinding = apps.get_model("passbook_flows", "FlowStageBinding")
|
||||||
|
|
||||||
|
PolicyBinding = apps.get_model("passbook_policies", "PolicyBinding")
|
||||||
|
|
||||||
|
ExpressionPolicy = apps.get_model(
|
||||||
|
"passbook_policies_expression", "ExpressionPolicy"
|
||||||
|
)
|
||||||
|
|
||||||
|
PromptStage = apps.get_model("passbook_stages_prompt", "PromptStage")
|
||||||
|
Prompt = apps.get_model("passbook_stages_prompt", "Prompt")
|
||||||
|
|
||||||
|
UserWriteStage = apps.get_model("passbook_stages_user_write", "UserWriteStage")
|
||||||
|
|
||||||
|
db_alias = schema_editor.connection.alias
|
||||||
|
|
||||||
|
flow, _ = Flow.objects.using(db_alias).update_or_create(
|
||||||
|
slug="default-password-change",
|
||||||
|
designation=FlowDesignation.STAGE_SETUP,
|
||||||
|
defaults={"name": "Change Password"},
|
||||||
|
)
|
||||||
|
|
||||||
|
prompt_stage, _ = PromptStage.objects.using(db_alias).update_or_create(
|
||||||
|
name="default-password-change-prompt",
|
||||||
|
)
|
||||||
|
password_prompt, _ = Prompt.objects.using(db_alias).update_or_create(
|
||||||
|
field_key="password",
|
||||||
|
defaults={
|
||||||
|
"label": "Password",
|
||||||
|
"type": FieldTypes.PASSWORD,
|
||||||
|
"required": True,
|
||||||
|
"placeholder": "Password",
|
||||||
|
"order": 0,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
password_rep_prompt, _ = Prompt.objects.using(db_alias).update_or_create(
|
||||||
|
field_key="password_repeat",
|
||||||
|
defaults={
|
||||||
|
"label": "Password (repeat)",
|
||||||
|
"type": FieldTypes.PASSWORD,
|
||||||
|
"required": True,
|
||||||
|
"placeholder": "Password (repeat)",
|
||||||
|
"order": 1,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
prompt_stage.fields.add(password_prompt)
|
||||||
|
prompt_stage.fields.add(password_rep_prompt)
|
||||||
|
|
||||||
|
# Policy to only trigger prompt when no username is given
|
||||||
|
prompt_policy, _ = ExpressionPolicy.objects.using(db_alias).update_or_create(
|
||||||
|
name="default-password-change-password-equal",
|
||||||
|
defaults={"expression": PROMPT_POLICY_EXPRESSION},
|
||||||
|
)
|
||||||
|
PolicyBinding.objects.using(db_alias).update_or_create(
|
||||||
|
policy=prompt_policy, target=prompt_stage, defaults={"order": 0}
|
||||||
|
)
|
||||||
|
|
||||||
|
user_write, _ = UserWriteStage.objects.using(db_alias).update_or_create(
|
||||||
|
name="default-password-change-write"
|
||||||
|
)
|
||||||
|
|
||||||
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
|
flow=flow, stage=prompt_stage, defaults={"order": 0}
|
||||||
|
)
|
||||||
|
FlowStageBinding.objects.using(db_alias).update_or_create(
|
||||||
|
flow=flow, stage=user_write, defaults={"order": 1}
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def update_default_stage_change(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
|
PasswordStage = apps.get_model("passbook_stages_password", "PasswordStage")
|
||||||
|
Flow = apps.get_model("passbook_flows", "Flow")
|
||||||
|
|
||||||
|
flow = Flow.objects.get(
|
||||||
|
slug="default-password-change", designation=FlowDesignation.STAGE_SETUP,
|
||||||
|
)
|
||||||
|
|
||||||
|
stages = PasswordStage.objects.filter(name="default-authentication-password")
|
||||||
|
if not stages.exists():
|
||||||
|
return
|
||||||
|
stage = stages.first()
|
||||||
|
stage.change_flow = flow
|
||||||
|
stage.save()
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("passbook_flows", "0006_auto_20200629_0857"),
|
||||||
|
("passbook_policies_expression", "0001_initial"),
|
||||||
|
("passbook_policies", "0001_initial"),
|
||||||
|
("passbook_stages_password", "0001_initial"),
|
||||||
|
("passbook_stages_prompt", "0004_auto_20200618_1735"),
|
||||||
|
("passbook_stages_user_write", "0001_initial"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="passwordstage",
|
||||||
|
name="change_flow",
|
||||||
|
field=models.ForeignKey(
|
||||||
|
blank=True,
|
||||||
|
help_text="Flow used by an authenticated user to change their password. If empty, user will be unable to change their password.",
|
||||||
|
null=True,
|
||||||
|
on_delete=django.db.models.deletion.SET_NULL,
|
||||||
|
to="passbook_flows.Flow",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
migrations.RunPython(create_default_password_change),
|
||||||
|
migrations.RunPython(update_default_stage_change),
|
||||||
|
]
|
|
@ -1,9 +1,15 @@
|
||||||
"""password stage models"""
|
"""password stage models"""
|
||||||
|
from typing import Optional
|
||||||
|
|
||||||
from django.contrib.postgres.fields import ArrayField
|
from django.contrib.postgres.fields import ArrayField
|
||||||
from django.db import models
|
from django.db import models
|
||||||
|
from django.shortcuts import reverse
|
||||||
|
from django.utils.http import urlencode
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
|
||||||
from passbook.flows.models import Stage
|
from passbook.core.types import UIUserSettings
|
||||||
|
from passbook.flows.models import Flow, Stage
|
||||||
|
from passbook.flows.views import NEXT_ARG_NAME
|
||||||
|
|
||||||
|
|
||||||
class PasswordStage(Stage):
|
class PasswordStage(Stage):
|
||||||
|
@ -14,9 +20,32 @@ class PasswordStage(Stage):
|
||||||
help_text=_("Selection of backends to test the password against."),
|
help_text=_("Selection of backends to test the password against."),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
change_flow = models.ForeignKey(
|
||||||
|
Flow,
|
||||||
|
on_delete=models.SET_NULL,
|
||||||
|
null=True,
|
||||||
|
blank=True,
|
||||||
|
help_text=_(
|
||||||
|
(
|
||||||
|
"Flow used by an authenticated user to change their password. "
|
||||||
|
"If empty, user will be unable to change their password."
|
||||||
|
)
|
||||||
|
),
|
||||||
|
)
|
||||||
|
|
||||||
type = "passbook.stages.password.stage.PasswordStage"
|
type = "passbook.stages.password.stage.PasswordStage"
|
||||||
form = "passbook.stages.password.forms.PasswordStageForm"
|
form = "passbook.stages.password.forms.PasswordStageForm"
|
||||||
|
|
||||||
|
@property
|
||||||
|
def ui_user_settings(self) -> Optional[UIUserSettings]:
|
||||||
|
if not self.change_flow:
|
||||||
|
return None
|
||||||
|
base_url = reverse(
|
||||||
|
"passbook_stages_password:change", kwargs={"stage_uuid": self.pk}
|
||||||
|
)
|
||||||
|
args = urlencode({NEXT_ARG_NAME: reverse("passbook_core:user-settings")})
|
||||||
|
return UIUserSettings(name=_("Change password"), url=f"{base_url}?{args}")
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return f"Password Stage {self.name}"
|
return f"Password Stage {self.name}"
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
"""password stage URLs"""
|
||||||
|
from django.urls import path
|
||||||
|
|
||||||
|
from passbook.stages.password.views import ChangeFlowInitView
|
||||||
|
|
||||||
|
urlpatterns = [
|
||||||
|
path("<uuid:stage_uuid>/change/", ChangeFlowInitView.as_view(), name="change")
|
||||||
|
]
|
|
@ -0,0 +1,32 @@
|
||||||
|
"""password stage views"""
|
||||||
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
|
from django.http import Http404, HttpRequest, HttpResponse
|
||||||
|
from django.shortcuts import get_object_or_404
|
||||||
|
from django.views import View
|
||||||
|
|
||||||
|
from passbook.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner
|
||||||
|
from passbook.flows.views import SESSION_KEY_PLAN
|
||||||
|
from passbook.lib.utils.urls import redirect_with_qs
|
||||||
|
from passbook.stages.password.models import PasswordStage
|
||||||
|
|
||||||
|
|
||||||
|
class ChangeFlowInitView(LoginRequiredMixin, View):
|
||||||
|
"""Initiate planner for selected change flow and redirect to flow executor,
|
||||||
|
or raise Http404 if no change_flow has been set."""
|
||||||
|
|
||||||
|
def get(self, request: HttpRequest, stage_uuid: str) -> HttpResponse:
|
||||||
|
"""Initiate planner for selected change flow and redirect to flow executor,
|
||||||
|
or raise Http404 if no change_flow has been set."""
|
||||||
|
stage: PasswordStage = get_object_or_404(PasswordStage, pk=stage_uuid)
|
||||||
|
if not stage.change_flow:
|
||||||
|
raise Http404
|
||||||
|
|
||||||
|
plan = FlowPlanner(stage.change_flow).plan(
|
||||||
|
request, {PLAN_CONTEXT_PENDING_USER: request.user}
|
||||||
|
)
|
||||||
|
request.session[SESSION_KEY_PLAN] = plan
|
||||||
|
return redirect_with_qs(
|
||||||
|
"passbook_flows:flow-executor-shell",
|
||||||
|
self.request.GET,
|
||||||
|
flow_slug=stage.change_flow.slug,
|
||||||
|
)
|
|
@ -1,5 +1,7 @@
|
||||||
"""Prompt forms"""
|
"""Prompt forms"""
|
||||||
from django import forms
|
from django import forms
|
||||||
|
from django.contrib.admin.widgets import FilteredSelectMultiple
|
||||||
|
from django.utils.translation import gettext_lazy as _
|
||||||
from guardian.shortcuts import get_anonymous_user
|
from guardian.shortcuts import get_anonymous_user
|
||||||
|
|
||||||
from passbook.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
|
from passbook.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
|
||||||
|
@ -16,6 +18,7 @@ class PromptStageForm(forms.ModelForm):
|
||||||
fields = ["name", "fields"]
|
fields = ["name", "fields"]
|
||||||
widgets = {
|
widgets = {
|
||||||
"name": forms.TextInput(),
|
"name": forms.TextInput(),
|
||||||
|
"fields": FilteredSelectMultiple(_("prompts"), False),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
"""Write stage logic"""
|
"""Write stage logic"""
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
|
from django.contrib.auth import update_session_auth_hash
|
||||||
from django.contrib.auth.backends import ModelBackend
|
from django.contrib.auth.backends import ModelBackend
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
@ -48,6 +49,10 @@ class UserWriteStageView(StageView):
|
||||||
else:
|
else:
|
||||||
user.attributes[key] = value
|
user.attributes[key] = value
|
||||||
user.save()
|
user.save()
|
||||||
|
# Check if the password has been updated, and update the session auth hash
|
||||||
|
if any(["password" in x for x in data.keys()]):
|
||||||
|
update_session_auth_hash(self.request, user)
|
||||||
|
LOGGER.debug("Updated session hash", user=user)
|
||||||
LOGGER.debug(
|
LOGGER.debug(
|
||||||
"Updated existing user", user=user, flow_slug=self.executor.flow.slug,
|
"Updated existing user", user=user, flow_slug=self.executor.flow.slug,
|
||||||
)
|
)
|
||||||
|
|
|
@ -5177,7 +5177,7 @@ definitions:
|
||||||
- enrollment
|
- enrollment
|
||||||
- unenrollment
|
- unenrollment
|
||||||
- recovery
|
- recovery
|
||||||
- password_change
|
- stage_setup
|
||||||
stages:
|
stages:
|
||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
|
|
Reference in New Issue