trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/tests/e2e/test_provider_saml.py

316 lines
12 KiB
Python
Raw Permalink Normal View History

e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
"""test SAML Provider flow"""
e2e: update for new saml-test-sp, pull image before run
2020-09-29 09:55:10 +00:00
from json import loads
pytest (#209)
2020-09-11 21:21:11 +00:00
from sys import platform
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
from time import sleep
pytest (#209)
2020-09-11 21:21:11 +00:00
from unittest.case import skipUnless
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
root: automate system migrations, move docker to lifecycle folder
2020-09-09 22:14:59 +00:00
from docker import DockerClient, from_env
from docker.models.containers import Container
from docker.types import Healthcheck
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
from selenium.webdriver.common.by import By
e2e: update e2e tests for new AccessDenied response
2020-09-15 08:29:59 +00:00
from selenium.webdriver.support import expected_conditions as ec
build(deps): bump structlog from 20.1.0 to 20.2.0 (#445) * build(deps): bump structlog from 20.1.0 to 20.2.0 Bumps [structlog](https://github.com/hynek/structlog) from 20.1.0 to 20.2.0. - [Release notes](https://github.com/hynek/structlog/releases) - [Changelog](https://github.com/hynek/structlog/blob/master/CHANGELOG.rst) - [Commits](https://github.com/hynek/structlog/compare/20.1.0...20.2.0) Signed-off-by: dependabot[bot] <support@github.com> * *: use structlog.stdlib instead of structlog for type-hints Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-01-01 14:39:43 +00:00
from structlog.stdlib import get_logger
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
from authentik.core.models import Application
from authentik.crypto.models import CertificateKeyPair
from authentik.flows.models import Flow
from authentik.policies.expression.models import ExpressionPolicy
from authentik.policies.models import PolicyBinding
root: reformat to 100 line width Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 15:45:16 +00:00
from authentik.providers.saml.models import SAMLBindings, SAMLPropertyMapping, SAMLProvider
from tests.e2e.utils import USER, SeleniumTestCase, apply_migration, object_manager, retry
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
e2e: fix typo, log when docker healthcheck fails
2020-08-14 16:09:49 +00:00
LOGGER = get_logger()
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
pytest (#209)
2020-09-11 21:21:11 +00:00
@skipUnless(platform.startswith("linux"), "requires local docker")
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
class TestProviderSAML(SeleniumTestCase):
"""test SAML Provider flow"""
container: Container
def setup_client(self, provider: SAMLProvider) -> Container:
"""Setup client saml-sp container which we test SAML against"""
client: DockerClient = from_env()
container = client.containers.run(
tests/e2e: switch to ghcr images Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-08 13:32:23 +00:00
image="ghcr.io/beryju/saml-test-sp:latest",
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
detach=True,
network_mode="host",
auto_remove=True,
healthcheck=Healthcheck(
test=["CMD", "wget", "--spider", "http://localhost:9009/health"],
interval=5 * 100 * 1000000,
start_period=1 * 100 * 1000000,
),
environment={
"SP_ENTITY_ID": provider.issuer,
"SP_SSO_BINDING": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"SP_METADATA_URL": (
e2e: SeleniumTestCase: add url() to reverse into full URL
2020-06-20 21:56:35 +00:00
self.url(
providers/saml: fix metadata download not being unauthenticated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-01 18:16:07 +00:00
"authentik_api:samlprovider-metadata",
pk=provider.pk,
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
)
providers/saml: fix metadata download not being unauthenticated Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-01 18:16:07 +00:00
+ "?download"
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
),
},
)
while True:
container.reload()
status = container.attrs.get("State", {}).get("Health", {}).get("Status")
if status == "healthy":
return container
e2e: fix typo, log when docker healthcheck fails
2020-08-14 16:09:49 +00:00
LOGGER.info("Container failed healthcheck")
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
sleep(1)
e2e: add @retry decorator to make e2e tests more reliable
2020-10-20 16:42:26 +00:00
@retry()
tests/e2e: fix other provider tests
2021-02-27 23:08:57 +00:00
@apply_migration("authentik_core", "0003_default_user")
@apply_migration("authentik_flows", "0008_default_flows")
tests/e2e: fix flow titles not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 07:48:45 +00:00
@apply_migration("authentik_flows", "0011_flow_title")
tests/e2e: fix other provider tests
2021-02-27 23:08:57 +00:00
@apply_migration("authentik_flows", "0010_provider_flows")
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
@object_manager
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
def test_sp_initiated_implicit(self):
"""test SAML Provider flow SP-initiated flow (implicit consent)"""
# Bootstrap all needed objects
authorization_flow = Flow.objects.get(
slug="default-provider-authorization-implicit-consent"
)
provider: SAMLProvider = SAMLProvider.objects.create(
name="saml-test",
acs_url="http://localhost:9009/saml/acs",
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
audience="authentik-e2e",
issuer="authentik-e2e",
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
sp_binding=SAMLBindings.POST,
authorization_flow=authorization_flow,
signing_kp=CertificateKeyPair.objects.first(),
)
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
provider.save()
Application.objects.create(
*: apply new black styling
2020-09-30 17:34:22 +00:00
name="SAML",
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
slug="authentik-saml",
*: apply new black styling
2020-09-30 17:34:22 +00:00
provider=provider,
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
)
self.container = self.setup_client(provider)
self.driver.get("http://localhost:9009")
tests/e2e: fix URLs, use self.login()
2021-02-27 17:48:41 +00:00
self.login()
e2e: saml provider: wait for URL
2020-06-29 20:11:50 +00:00
self.wait_for_url("http://localhost:9009/")
e2e: update for new saml-test-sp, pull image before run
2020-09-29 09:55:10 +00:00
body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
Managed objects (#519) * managed: add base manager and Ops * core: use ManagedModel for Token and PropertyMapping * providers/saml: implement managed objects for SAML Provider * sources/ldap: migrate to managed * providers/oauth2: migrate to managed * providers/proxy: migrate to managed * *: load .managed in apps * managed: add reconcile task, run on startup * providers/oauth2: fix import path for managed * providers/saml: don't set FriendlyName when mapping is none * *: use ObjectManager in tests to ensure objects exist * ci: use vmImage ubuntu-latest * providers/saml: add new mapping for username and user id * tests: remove docker proxy * tests/e2e: use updated attribute names * docs: update SAML docs * tests/e2e: fix remaining saml cases * outposts: make tokens as managed * *: make PropertyMapping SerializerModel * web: add page for property-mappings * web: add codemirror to common_styles because codemirror * docs: fix member-of in nextcloud * docs: nextcloud add admin * web: fix refresh reloading data two times * web: add loading lock to table to prevent double loads * web: add ability to use null in QueryArgs (value will be skipped) * web: add hide option to property mappings * web: fix linting
2021-02-03 20:18:31 +00:00
self.assertEqual(
body["attr"]["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"],
[USER().name],
)
self.assertEqual(
body["attr"][
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"
],
[USER().username],
)
self.assertEqual(
body["attr"]["http://schemas.goauthentik.io/2021/02/saml/username"],
[USER().username],
)
self.assertEqual(
body["attr"]["http://schemas.goauthentik.io/2021/02/saml/uid"],
[str(USER().pk)],
)
self.assertEqual(
root: reformat to 100 line width Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 15:45:16 +00:00
body["attr"]["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"],
Managed objects (#519) * managed: add base manager and Ops * core: use ManagedModel for Token and PropertyMapping * providers/saml: implement managed objects for SAML Provider * sources/ldap: migrate to managed * providers/oauth2: migrate to managed * providers/proxy: migrate to managed * *: load .managed in apps * managed: add reconcile task, run on startup * providers/oauth2: fix import path for managed * providers/saml: don't set FriendlyName when mapping is none * *: use ObjectManager in tests to ensure objects exist * ci: use vmImage ubuntu-latest * providers/saml: add new mapping for username and user id * tests: remove docker proxy * tests/e2e: use updated attribute names * docs: update SAML docs * tests/e2e: fix remaining saml cases * outposts: make tokens as managed * *: make PropertyMapping SerializerModel * web: add page for property-mappings * web: add codemirror to common_styles because codemirror * docs: fix member-of in nextcloud * docs: nextcloud add admin * web: fix refresh reloading data two times * web: add loading lock to table to prevent double loads * web: add ability to use null in QueryArgs (value will be skipped) * web: add hide option to property mappings * web: fix linting
2021-02-03 20:18:31 +00:00
[USER().email],
)
self.assertEqual(
body["attr"]["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"],
[USER().email],
)
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
e2e: add @retry decorator to make e2e tests more reliable
2020-10-20 16:42:26 +00:00
@retry()
tests/e2e: fix other provider tests
2021-02-27 23:08:57 +00:00
@apply_migration("authentik_core", "0003_default_user")
@apply_migration("authentik_flows", "0008_default_flows")
tests/e2e: fix flow titles not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 07:48:45 +00:00
@apply_migration("authentik_flows", "0011_flow_title")
tests/e2e: fix other provider tests
2021-02-27 23:08:57 +00:00
@apply_migration("authentik_flows", "0010_provider_flows")
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
@object_manager
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
def test_sp_initiated_explicit(self):
"""test SAML Provider flow SP-initiated flow (explicit consent)"""
# Bootstrap all needed objects
authorization_flow = Flow.objects.get(
slug="default-provider-authorization-explicit-consent"
)
provider: SAMLProvider = SAMLProvider.objects.create(
name="saml-test",
acs_url="http://localhost:9009/saml/acs",
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
audience="authentik-e2e",
issuer="authentik-e2e",
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
sp_binding=SAMLBindings.POST,
authorization_flow=authorization_flow,
signing_kp=CertificateKeyPair.objects.first(),
)
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
provider.save()
app = Application.objects.create(
*: apply new black styling
2020-09-30 17:34:22 +00:00
name="SAML",
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
slug="authentik-saml",
*: apply new black styling
2020-09-30 17:34:22 +00:00
provider=provider,
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
)
self.container = self.setup_client(provider)
self.driver.get("http://localhost:9009")
tests/e2e: fix URLs, use self.login()
2021-02-27 17:48:41 +00:00
self.login()
tests/e2e: fix more test, add requirements for crypto
2021-02-27 22:33:15 +00:00
root: reformat to 100 line width Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 15:45:16 +00:00
self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
tests/e2e: fix more test, add requirements for crypto
2021-02-27 22:33:15 +00:00
flow_executor = self.get_shadow_root("ak-flow-executor")
consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
self.assertIn(
*: apply new black styling
2020-09-30 17:34:22 +00:00
app.name,
tests/e2e: fix more test, add requirements for crypto
2021-02-27 22:33:15 +00:00
consent_stage.find_element(By.CSS_SELECTOR, "#header-text").text,
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
)
tests/e2e: fix more test, add requirements for crypto
2021-02-27 22:33:15 +00:00
consent_stage.find_element(
By.CSS_SELECTOR,
("[type=submit]"),
).click()
e2e: saml provider: wait for URL
2020-06-29 20:11:50 +00:00
self.wait_for_url("http://localhost:9009/")
e2e: update for new saml-test-sp, pull image before run
2020-09-29 09:55:10 +00:00
body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
Managed objects (#519) * managed: add base manager and Ops * core: use ManagedModel for Token and PropertyMapping * providers/saml: implement managed objects for SAML Provider * sources/ldap: migrate to managed * providers/oauth2: migrate to managed * providers/proxy: migrate to managed * *: load .managed in apps * managed: add reconcile task, run on startup * providers/oauth2: fix import path for managed * providers/saml: don't set FriendlyName when mapping is none * *: use ObjectManager in tests to ensure objects exist * ci: use vmImage ubuntu-latest * providers/saml: add new mapping for username and user id * tests: remove docker proxy * tests/e2e: use updated attribute names * docs: update SAML docs * tests/e2e: fix remaining saml cases * outposts: make tokens as managed * *: make PropertyMapping SerializerModel * web: add page for property-mappings * web: add codemirror to common_styles because codemirror * docs: fix member-of in nextcloud * docs: nextcloud add admin * web: fix refresh reloading data two times * web: add loading lock to table to prevent double loads * web: add ability to use null in QueryArgs (value will be skipped) * web: add hide option to property mappings * web: fix linting
2021-02-03 20:18:31 +00:00
self.assertEqual(
body["attr"]["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"],
[USER().name],
)
self.assertEqual(
body["attr"][
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"
],
[USER().username],
)
self.assertEqual(
body["attr"]["http://schemas.goauthentik.io/2021/02/saml/username"],
[USER().username],
)
self.assertEqual(
body["attr"]["http://schemas.goauthentik.io/2021/02/saml/uid"],
[str(USER().pk)],
)
self.assertEqual(
root: reformat to 100 line width Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 15:45:16 +00:00
body["attr"]["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"],
Managed objects (#519) * managed: add base manager and Ops * core: use ManagedModel for Token and PropertyMapping * providers/saml: implement managed objects for SAML Provider * sources/ldap: migrate to managed * providers/oauth2: migrate to managed * providers/proxy: migrate to managed * *: load .managed in apps * managed: add reconcile task, run on startup * providers/oauth2: fix import path for managed * providers/saml: don't set FriendlyName when mapping is none * *: use ObjectManager in tests to ensure objects exist * ci: use vmImage ubuntu-latest * providers/saml: add new mapping for username and user id * tests: remove docker proxy * tests/e2e: use updated attribute names * docs: update SAML docs * tests/e2e: fix remaining saml cases * outposts: make tokens as managed * *: make PropertyMapping SerializerModel * web: add page for property-mappings * web: add codemirror to common_styles because codemirror * docs: fix member-of in nextcloud * docs: nextcloud add admin * web: fix refresh reloading data two times * web: add loading lock to table to prevent double loads * web: add ability to use null in QueryArgs (value will be skipped) * web: add hide option to property mappings * web: fix linting
2021-02-03 20:18:31 +00:00
[USER().email],
)
self.assertEqual(
body["attr"]["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"],
[USER().email],
)
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
e2e: add @retry decorator to make e2e tests more reliable
2020-10-20 16:42:26 +00:00
@retry()
tests/e2e: fix other provider tests
2021-02-27 23:08:57 +00:00
@apply_migration("authentik_core", "0003_default_user")
@apply_migration("authentik_flows", "0008_default_flows")
tests/e2e: fix flow titles not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 07:48:45 +00:00
@apply_migration("authentik_flows", "0011_flow_title")
tests/e2e: fix other provider tests
2021-02-27 23:08:57 +00:00
@apply_migration("authentik_flows", "0010_provider_flows")
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
@object_manager
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
def test_idp_initiated_implicit(self):
"""test SAML Provider flow IdP-initiated flow (implicit consent)"""
# Bootstrap all needed objects
authorization_flow = Flow.objects.get(
slug="default-provider-authorization-implicit-consent"
)
provider: SAMLProvider = SAMLProvider.objects.create(
name="saml-test",
acs_url="http://localhost:9009/saml/acs",
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
audience="authentik-e2e",
issuer="authentik-e2e",
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
sp_binding=SAMLBindings.POST,
authorization_flow=authorization_flow,
signing_kp=CertificateKeyPair.objects.first(),
)
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
provider.save()
Application.objects.create(
*: apply new black styling
2020-09-30 17:34:22 +00:00
name="SAML",
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
slug="authentik-saml",
*: apply new black styling
2020-09-30 17:34:22 +00:00
provider=provider,
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
)
self.container = self.setup_client(provider)
self.driver.get(
e2e: SeleniumTestCase: add url() to reverse into full URL
2020-06-20 21:56:35 +00:00
self.url(
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
"authentik_providers_saml:sso-init",
e2e: SeleniumTestCase: add url() to reverse into full URL
2020-06-20 21:56:35 +00:00
application_slug=provider.application.slug,
e2e: add tests for oauth and saml provider
2020-06-20 21:53:05 +00:00
)
)
tests/e2e: fix URLs, use self.login()
2021-02-27 17:48:41 +00:00
self.login()
admin: fix get_form_class
2020-09-29 09:42:34 +00:00
sleep(1)
e2e: saml provider: wait for URL
2020-06-29 20:11:50 +00:00
self.wait_for_url("http://localhost:9009/")
e2e: update for new saml-test-sp, pull image before run
2020-09-29 09:55:10 +00:00
body = loads(self.driver.find_element(By.CSS_SELECTOR, "pre").text)
Managed objects (#519) * managed: add base manager and Ops * core: use ManagedModel for Token and PropertyMapping * providers/saml: implement managed objects for SAML Provider * sources/ldap: migrate to managed * providers/oauth2: migrate to managed * providers/proxy: migrate to managed * *: load .managed in apps * managed: add reconcile task, run on startup * providers/oauth2: fix import path for managed * providers/saml: don't set FriendlyName when mapping is none * *: use ObjectManager in tests to ensure objects exist * ci: use vmImage ubuntu-latest * providers/saml: add new mapping for username and user id * tests: remove docker proxy * tests/e2e: use updated attribute names * docs: update SAML docs * tests/e2e: fix remaining saml cases * outposts: make tokens as managed * *: make PropertyMapping SerializerModel * web: add page for property-mappings * web: add codemirror to common_styles because codemirror * docs: fix member-of in nextcloud * docs: nextcloud add admin * web: fix refresh reloading data two times * web: add loading lock to table to prevent double loads * web: add ability to use null in QueryArgs (value will be skipped) * web: add hide option to property mappings * web: fix linting
2021-02-03 20:18:31 +00:00
self.assertEqual(
body["attr"]["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"],
[USER().name],
)
self.assertEqual(
body["attr"][
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"
],
[USER().username],
)
self.assertEqual(
body["attr"]["http://schemas.goauthentik.io/2021/02/saml/username"],
[USER().username],
)
self.assertEqual(
body["attr"]["http://schemas.goauthentik.io/2021/02/saml/uid"],
[str(USER().pk)],
)
self.assertEqual(
root: reformat to 100 line width Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 15:45:16 +00:00
body["attr"]["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"],
Managed objects (#519) * managed: add base manager and Ops * core: use ManagedModel for Token and PropertyMapping * providers/saml: implement managed objects for SAML Provider * sources/ldap: migrate to managed * providers/oauth2: migrate to managed * providers/proxy: migrate to managed * *: load .managed in apps * managed: add reconcile task, run on startup * providers/oauth2: fix import path for managed * providers/saml: don't set FriendlyName when mapping is none * *: use ObjectManager in tests to ensure objects exist * ci: use vmImage ubuntu-latest * providers/saml: add new mapping for username and user id * tests: remove docker proxy * tests/e2e: use updated attribute names * docs: update SAML docs * tests/e2e: fix remaining saml cases * outposts: make tokens as managed * *: make PropertyMapping SerializerModel * web: add page for property-mappings * web: add codemirror to common_styles because codemirror * docs: fix member-of in nextcloud * docs: nextcloud add admin * web: fix refresh reloading data two times * web: add loading lock to table to prevent double loads * web: add ability to use null in QueryArgs (value will be skipped) * web: add hide option to property mappings * web: fix linting
2021-02-03 20:18:31 +00:00
[USER().email],
)
self.assertEqual(
body["attr"]["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"],
[USER().email],
)
e2e/provider/saml: add negative case
2020-07-02 11:48:21 +00:00
e2e: add @retry decorator to make e2e tests more reliable
2020-10-20 16:42:26 +00:00
@retry()
tests/e2e: fix other provider tests
2021-02-27 23:08:57 +00:00
@apply_migration("authentik_core", "0003_default_user")
@apply_migration("authentik_flows", "0008_default_flows")
tests/e2e: fix flow titles not being set Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-25 07:48:45 +00:00
@apply_migration("authentik_flows", "0011_flow_title")
tests/e2e: fix other provider tests
2021-02-27 23:08:57 +00:00
@apply_migration("authentik_flows", "0010_provider_flows")
@apply_migration("authentik_crypto", "0002_create_self_signed_kp")
@object_manager
e2e/provider/saml: add negative case
2020-07-02 11:48:21 +00:00
def test_sp_initiated_denied(self):
"""test SAML Provider flow SP-initiated flow (Policy denies access)"""
# Bootstrap all needed objects
authorization_flow = Flow.objects.get(
slug="default-provider-authorization-implicit-consent"
)
negative_policy = ExpressionPolicy.objects.create(
name="negative-static", expression="return False"
)
provider: SAMLProvider = SAMLProvider.objects.create(
name="saml-test",
acs_url="http://localhost:9009/saml/acs",
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
audience="authentik-e2e",
issuer="authentik-e2e",
e2e/provider/saml: add negative case
2020-07-02 11:48:21 +00:00
sp_binding=SAMLBindings.POST,
authorization_flow=authorization_flow,
signing_kp=CertificateKeyPair.objects.first(),
)
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
provider.save()
app = Application.objects.create(
*: apply new black styling
2020-09-30 17:34:22 +00:00
name="SAML",
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 21:08:42 +00:00
slug="authentik-saml",
*: apply new black styling
2020-09-30 17:34:22 +00:00
provider=provider,
e2e/provider/saml: add negative case
2020-07-02 11:48:21 +00:00
)
PolicyBinding.objects.create(target=app, policy=negative_policy, order=0)
self.container = self.setup_client(provider)
self.driver.get("http://localhost:9009/")
tests/e2e: fix URLs, use self.login()
2021-02-27 17:48:41 +00:00
self.login()
e2e: update e2e tests for new AccessDenied response
2020-09-15 08:29:59 +00:00
root: reformat to 100 line width Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 15:45:16 +00:00
self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "header > h1")))
e2e/provider/saml: add negative case
2020-07-02 11:48:21 +00:00
self.assertEqual(
e2e: add tests for OAuth Source, update tests for new base templates
2020-07-08 22:41:14 +00:00
self.driver.find_element(By.CSS_SELECTOR, "header > h1").text,
e2e/provider/saml: add negative case
2020-07-02 11:48:21 +00:00
"Permission denied",
)