*: don't return values in test suites

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-11-22 11:38:24 +01:00
parent 8599eba863
commit 1a39754fe9
3 changed files with 55 additions and 12 deletions

View file

@ -202,10 +202,10 @@ class ResponseProcessor:
"""Get all attributes sent"""
attributes = {}
assertion = self._root.find(f"{{{NS_SAML_ASSERTION}}}Assertion")
if not assertion:
if assertion is None:
raise ValueError("Assertion element not found")
attribute_statement = assertion.find(f"{{{NS_SAML_ASSERTION}}}AttributeStatement")
if not attribute_statement:
if attribute_statement is None:
raise ValueError("Attribute statement element not found")
# Get all attributes and their values into a dict
for attribute in attribute_statement.iterchildren():

View file

@ -1,7 +1,6 @@
"""Test validator stage"""
from datetime import datetime, timedelta
from hashlib import sha256
from http.cookies import SimpleCookie
from time import sleep
from django.conf import settings
@ -76,7 +75,7 @@ class AuthenticatorValidateStageTOTPTests(FlowTestCase):
component="ak-stage-authenticator-validate",
)
def test_last_auth_threshold_valid(self) -> SimpleCookie:
def test_last_auth_threshold_valid(self):
"""Test last_auth_threshold"""
ident_stage = IdentificationStage.objects.create(
name=generate_id(),
@ -115,12 +114,47 @@ class AuthenticatorValidateStageTOTPTests(FlowTestCase):
)
self.assertIn(COOKIE_NAME_MFA, response.cookies)
self.assertStageResponse(response, component="xak-flow-redirect", to="/")
return response.cookies
def test_last_auth_skip(self):
"""Test valid cookie"""
cookies = self.test_last_auth_threshold_valid()
mfa_cookie = cookies[COOKIE_NAME_MFA]
ident_stage = IdentificationStage.objects.create(
name=generate_id(),
user_fields=[
UserFields.USERNAME,
],
)
device: TOTPDevice = TOTPDevice.objects.create(
user=self.user,
confirmed=True,
)
stage = AuthenticatorValidateStage.objects.create(
name=generate_id(),
last_auth_threshold="hours=1",
not_configured_action=NotConfiguredAction.CONFIGURE,
device_classes=[DeviceClasses.TOTP],
)
stage.configuration_stages.set([ident_stage])
FlowStageBinding.objects.create(target=self.flow, stage=ident_stage, order=0)
FlowStageBinding.objects.create(target=self.flow, stage=stage, order=1)
response = self.client.post(
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
{"uid_field": self.user.username},
)
self.assertEqual(response.status_code, 302)
response = self.client.get(
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
)
# Verify token once here to set last_t etc
totp = TOTP(device.bin_key)
sleep(1)
response = self.client.post(
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
{"code": str(totp.token())},
)
self.assertIn(COOKIE_NAME_MFA, response.cookies)
self.assertStageResponse(response, component="xak-flow-redirect", to="/")
mfa_cookie = response.cookies[COOKIE_NAME_MFA]
self.client.logout()
self.client.cookies[COOKIE_NAME_MFA] = mfa_cookie
response = self.client.post(

View file

@ -137,7 +137,7 @@ class TestPromptStage(FlowTestCase):
self.assertIn(prompt.label, response.content.decode())
self.assertIn(prompt.placeholder, response.content.decode())
def test_valid_challenge_with_policy(self) -> PromptChallengeResponse:
def test_valid_challenge_with_policy(self):
"""Test challenge_response validation"""
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
expr = (
@ -151,9 +151,8 @@ class TestPromptStage(FlowTestCase):
None, stage=self.stage, plan=plan, data=self.prompt_data
)
self.assertEqual(challenge_response.is_valid(), True)
return challenge_response
def test_invalid_challenge(self) -> PromptChallengeResponse:
def test_invalid_challenge(self):
"""Test challenge_response validation"""
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
expr = "False"
@ -164,7 +163,6 @@ class TestPromptStage(FlowTestCase):
None, stage=self.stage, plan=plan, data=self.prompt_data
)
self.assertEqual(challenge_response.is_valid(), False)
return challenge_response
def test_valid_challenge_request(self):
"""Test a request with valid challenge_response data"""
@ -173,7 +171,18 @@ class TestPromptStage(FlowTestCase):
session[SESSION_KEY_PLAN] = plan
session.save()
challenge_response = self.test_valid_challenge_with_policy()
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
expr = (
"return request.context['prompt_data']['password_prompt'] "
"== request.context['prompt_data']['password2_prompt']"
)
expr_policy = ExpressionPolicy.objects.create(name="validate-form", expression=expr)
self.stage.validation_policies.set([expr_policy])
self.stage.save()
challenge_response = PromptChallengeResponse(
None, stage=self.stage, plan=plan, data=self.prompt_data
)
self.assertEqual(challenge_response.is_valid(), True)
with patch("authentik.flows.views.executor.FlowExecutorView.cancel", MagicMock()):
response = self.client.post(