providers/oauth2: fix grant_type password raising an exception (#6333)
This commit is contained in:
parent
e0564b3770
commit
a728dad166
|
@ -17,6 +17,7 @@ def migrate_user_type_v2(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
user.type = UserTypes.INTERNAL
|
user.type = UserTypes.INTERNAL
|
||||||
user.save()
|
user.save()
|
||||||
|
|
||||||
|
|
||||||
class Migration(migrations.Migration):
|
class Migration(migrations.Migration):
|
||||||
dependencies = [
|
dependencies = [
|
||||||
("authentik_core", "0030_user_type"),
|
("authentik_core", "0030_user_type"),
|
||||||
|
|
|
@ -11,6 +11,7 @@ from authentik.core.tests.utils import create_test_admin_user, create_test_cert,
|
||||||
from authentik.policies.models import PolicyBinding
|
from authentik.policies.models import PolicyBinding
|
||||||
from authentik.providers.oauth2.constants import (
|
from authentik.providers.oauth2.constants import (
|
||||||
GRANT_TYPE_CLIENT_CREDENTIALS,
|
GRANT_TYPE_CLIENT_CREDENTIALS,
|
||||||
|
GRANT_TYPE_PASSWORD,
|
||||||
SCOPE_OPENID,
|
SCOPE_OPENID,
|
||||||
SCOPE_OPENID_EMAIL,
|
SCOPE_OPENID_EMAIL,
|
||||||
SCOPE_OPENID_PROFILE,
|
SCOPE_OPENID_PROFILE,
|
||||||
|
@ -150,3 +151,28 @@ class TestTokenClientCredentials(OAuthTestCase):
|
||||||
)
|
)
|
||||||
self.assertEqual(jwt["given_name"], self.user.name)
|
self.assertEqual(jwt["given_name"], self.user.name)
|
||||||
self.assertEqual(jwt["preferred_username"], self.user.username)
|
self.assertEqual(jwt["preferred_username"], self.user.username)
|
||||||
|
|
||||||
|
def test_successful_password(self):
|
||||||
|
"""test successful (password grant)"""
|
||||||
|
response = self.client.post(
|
||||||
|
reverse("authentik_providers_oauth2:token"),
|
||||||
|
{
|
||||||
|
"grant_type": GRANT_TYPE_PASSWORD,
|
||||||
|
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
|
||||||
|
"client_id": self.provider.client_id,
|
||||||
|
"username": "sa",
|
||||||
|
"password": self.token.key,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
self.assertEqual(response.status_code, 200)
|
||||||
|
body = loads(response.content.decode())
|
||||||
|
self.assertEqual(body["token_type"], TOKEN_TYPE)
|
||||||
|
_, alg = self.provider.jwt_key
|
||||||
|
jwt = decode(
|
||||||
|
body["access_token"],
|
||||||
|
key=self.provider.signing_key.public_key,
|
||||||
|
algorithms=[alg],
|
||||||
|
audience=self.provider.client_id,
|
||||||
|
)
|
||||||
|
self.assertEqual(jwt["given_name"], self.user.name)
|
||||||
|
self.assertEqual(jwt["preferred_username"], self.user.username)
|
||||||
|
|
|
@ -459,13 +459,13 @@ class TokenView(View):
|
||||||
if self.params.grant_type == GRANT_TYPE_REFRESH_TOKEN:
|
if self.params.grant_type == GRANT_TYPE_REFRESH_TOKEN:
|
||||||
LOGGER.debug("Refreshing refresh token")
|
LOGGER.debug("Refreshing refresh token")
|
||||||
return TokenResponse(self.create_refresh_response())
|
return TokenResponse(self.create_refresh_response())
|
||||||
if self.params.grant_type == GRANT_TYPE_CLIENT_CREDENTIALS:
|
if self.params.grant_type in [GRANT_TYPE_CLIENT_CREDENTIALS, GRANT_TYPE_PASSWORD]:
|
||||||
LOGGER.debug("Client credentials grant")
|
LOGGER.debug("Client credentials/password grant")
|
||||||
return TokenResponse(self.create_client_credentials_response())
|
return TokenResponse(self.create_client_credentials_response())
|
||||||
if self.params.grant_type == GRANT_TYPE_DEVICE_CODE:
|
if self.params.grant_type == GRANT_TYPE_DEVICE_CODE:
|
||||||
LOGGER.debug("Device code grant")
|
LOGGER.debug("Device code grant")
|
||||||
return TokenResponse(self.create_device_code_response())
|
return TokenResponse(self.create_device_code_response())
|
||||||
raise ValueError(f"Invalid grant_type: {self.params.grant_type}")
|
raise TokenError("unsupported_grant_type")
|
||||||
except (TokenError, DeviceCodeError) as error:
|
except (TokenError, DeviceCodeError) as error:
|
||||||
return TokenResponse(error.create_dict(), status=400)
|
return TokenResponse(error.create_dict(), status=400)
|
||||||
except UserAuthError as error:
|
except UserAuthError as error:
|
||||||
|
|
Reference in New Issue