authentik/authentik/lib/tests/test_http.py

"""Test HTTP Helpers"""
from django.test import RequestFactory, TestCase

from authentik.core.models import Token, TokenIntents, UserTypes
from authentik.core.tests.utils import create_test_admin_user
from authentik.lib.views import bad_request_message
from authentik.root.middleware import ClientIPMiddleware


class TestHTTP(TestCase):
    """Test HTTP Helpers"""

    def setUp(self) -> None:
        self.user = create_test_admin_user()
        self.factory = RequestFactory()

    def test_bad_request_message(self):
        """test bad_request_message"""
        request = self.factory.get("/")
        self.assertEqual(bad_request_message(request, "foo").status_code, 400)

    def test_normal(self):
        """Test normal request"""
        request = self.factory.get("/")
        self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1")

    def test_forward_for(self):
        """Test x-forwarded-for request"""
        request = self.factory.get("/", HTTP_X_FORWARDED_FOR="127.0.0.2")
        self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.2")

    def test_fake_outpost(self):
        """Test faked IP which is overridden by an outpost"""
        token = Token.objects.create(
            identifier="test", user=self.user, intent=TokenIntents.INTENT_API
        )
        # Invalid, non-existent token
        request = self.factory.get(
            "/",
            **{
                ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4",
                ClientIPMiddleware.outpost_token_header: "abc",
            },
        )
        self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1")
        # Invalid, user doesn't have permissions
        request = self.factory.get(
            "/",
            **{
                ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4",
                ClientIPMiddleware.outpost_token_header: token.key,
            },
        )
        self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1")
        # Valid
        self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT
        self.user.save()
        request = self.factory.get(
            "/",
            **{
                ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4",
                ClientIPMiddleware.outpost_token_header: token.key,
            },
        )
        self.assertEqual(ClientIPMiddleware.get_client_ip(request), "1.2.3.4")
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`"""Test HTTP Helpers"""`
			`from django.test import RequestFactory, TestCase`

enterprise: initial enterprise (#5721) * initial Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add external users Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ui, add more logic, add public JWT validation key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * revert to not use install_id as session jwt signing key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * switch to PKI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more licensing stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add install ID to form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use x5c correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * license checks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use production CA Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to summary Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale, improve ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add direct button Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update link Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove old attributes from ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove is_enterprise_licensed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix admin interface styling issue Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update authentik/core/models.py Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * fix default case Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> 2023-07-17 15:57:08 +00:00			`from authentik.core.models import Token, TokenIntents, UserTypes`
root: Random tests (#1825) * root: add pytest-randomly to randomise tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : generate flows for testing instead of relying on existing ones Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> : generate users for testing instead of relying on existing ones Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> : use generated certificate Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> tests/e2e: keep containers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: use websockets test case Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-22 21:56:02 +00:00			`from authentik.core.tests.utils import create_test_admin_user`
*: fix multiple tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-16 09:34:51 +00:00			`from authentik.lib.views import bad_request_message`
flows: add "require outpost" authentication_requirement (#7921) * migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-12-19 12:32:10 +00:00			`from authentik.root.middleware import ClientIPMiddleware`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00

			`class TestHTTP(TestCase):`
			`"""Test HTTP Helpers"""`

			`def setUp(self) -> None:`
root: Random tests (#1825) * root: add pytest-randomly to randomise tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * : generate flows for testing instead of relying on existing ones Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> : generate users for testing instead of relying on existing ones Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> : use generated certificate Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> tests/e2e: keep containers Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: use websockets test case Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-22 21:56:02 +00:00			`self.user = create_test_admin_user()`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`self.factory = RequestFactory()`

*: fix multiple tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-16 09:34:51 +00:00			`def test_bad_request_message(self):`
			`"""test bad_request_message"""`
			`request = self.factory.get("/")`
			`self.assertEqual(bad_request_message(request, "foo").status_code, 400)`

lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`def test_normal(self):`
			`"""Test normal request"""`
			`request = self.factory.get("/")`
flows: add "require outpost" authentication_requirement (#7921) * migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-12-19 12:32:10 +00:00			`self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1")`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00
			`def test_forward_for(self):`
			`"""Test x-forwarded-for request"""`
			`request = self.factory.get("/", HTTP_X_FORWARDED_FOR="127.0.0.2")`
flows: add "require outpost" authentication_requirement (#7921) * migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-12-19 12:32:10 +00:00			`self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.2")`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00
			`def test_fake_outpost(self):`
			`"""Test faked IP which is overridden by an outpost"""`
			`token = Token.objects.create(`
			`identifier="test", user=self.user, intent=TokenIntents.INTENT_API`
			`)`
*: fix typos in code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-24 22:01:11 +00:00			`# Invalid, non-existent token`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`request = self.factory.get(`
			`"/",`
			`**{`
flows: add "require outpost" authentication_requirement (#7921) * migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-12-19 12:32:10 +00:00			`ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4",`
			`ClientIPMiddleware.outpost_token_header: "abc",`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`},`
			`)`
flows: add "require outpost" authentication_requirement (#7921) * migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-12-19 12:32:10 +00:00			`self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1")`
*: fix typos in code Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-24 22:01:11 +00:00			`# Invalid, user doesn't have permissions`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`request = self.factory.get(`
			`"/",`
			`**{`
flows: add "require outpost" authentication_requirement (#7921) * migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-12-19 12:32:10 +00:00			`ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4",`
			`ClientIPMiddleware.outpost_token_header: token.key,`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`},`
			`)`
flows: add "require outpost" authentication_requirement (#7921) * migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-12-19 12:32:10 +00:00			`self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1")`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`# Valid`
enterprise: initial enterprise (#5721) * initial Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user type Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add external users Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ui, add more logic, add public JWT validation key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * revert to not use install_id as session jwt signing key Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * switch to PKI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more licensing stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add install ID to form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use x5c correctly Signed-off-by: Jens Langhammer <jens@goauthentik.io> * license checks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use production CA Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more UI stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to summary Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale, improve ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add direct button Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update link Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove old attributes from ldap Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove is_enterprise_licensed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix admin interface styling issue Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update authentik/core/models.py Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Jens L. <jens@beryju.org> * fix default case Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> 2023-07-17 15:57:08 +00:00			`self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`self.user.save()`
			`request = self.factory.get(`
			`"/",`
			`**{`
flows: add "require outpost" authentication_requirement (#7921) * migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-12-19 12:32:10 +00:00			`ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4",`
			`ClientIPMiddleware.outpost_token_header: token.key,`
lib: fix outpost fake-ip not working, add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:10:25 +00:00			`},`
			`)`
flows: add "require outpost" authentication_requirement (#7921) * migrate get_client_ip to middleware Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use middleware directly without wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add require_outpost setting for flows Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update schema Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * improve fallback Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-12-19 12:32:10 +00:00			`self.assertEqual(ClientIPMiddleware.get_client_ip(request), "1.2.3.4")`