From 4b8b800648a9510e2caab1f941f1c6e37376a710 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Mon, 15 Nov 2021 20:41:37 +0100
Subject: [PATCH] stages/*: add more tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/core/tests/test_models.py           |  4 +--
 authentik/crypto/tests.py                     |  8 ++----
 .../stages/authenticator_validate/tests.py    |  4 +++
 authentik/stages/deny/tests.py                | 28 ++++++++++++++++++-
 authentik/stages/prompt/tests.py              |  2 ++
 authentik/stages/user_delete/tests.py         | 23 +++++++++++++++
 authentik/stages/user_login/tests.py          | 24 +++++++++++++++-
 authentik/stages/user_logout/tests.py         | 27 +++++++++++++++++-
 8 files changed, 109 insertions(+), 11 deletions(-)

diff --git a/authentik/core/tests/test_models.py b/authentik/core/tests/test_models.py
index 25b658af5..9dc17d724 100644
--- a/authentik/core/tests/test_models.py
+++ b/authentik/core/tests/test_models.py
@@ -59,6 +59,6 @@ def provider_tester_factory(test_model: Type[Stage]) -> Callable:
 
 
 for model in all_subclasses(Source):
-    setattr(TestModels, f"test_model_{model.__name__}", source_tester_factory(model))
+    setattr(TestModels, f"test_source_{model.__name__}", source_tester_factory(model))
 for model in all_subclasses(Provider):
-    setattr(TestModels, f"test_model_{model.__name__}", provider_tester_factory(model))
+    setattr(TestModels, f"test_provider_{model.__name__}", provider_tester_factory(model))
diff --git a/authentik/crypto/tests.py b/authentik/crypto/tests.py
index 24325740c..8ab5704ae 100644
--- a/authentik/crypto/tests.py
+++ b/authentik/crypto/tests.py
@@ -66,13 +66,9 @@ class TestCrypto(APITestCase):
     def test_builder_api(self):
         """Test Builder (via API)"""
         self.client.force_login(User.objects.get(username="akadmin"))
-        response = self.client.post(
+        self.client.post(
             reverse("authentik_api:certificatekeypair-generate"),
-            data={
-                "common_name": "foo",
-                "subject_alt_name": "bar,baz",
-                "validity_days": 3
-            },
+            data={"common_name": "foo", "subject_alt_name": "bar,baz", "validity_days": 3},
         )
         self.assertTrue(CertificateKeyPair.objects.filter(name="foo").exists())
 
diff --git a/authentik/stages/authenticator_validate/tests.py b/authentik/stages/authenticator_validate/tests.py
index a215aca4a..7a5dbca7a 100644
--- a/authentik/stages/authenticator_validate/tests.py
+++ b/authentik/stages/authenticator_validate/tests.py
@@ -87,6 +87,10 @@ class AuthenticatorValidateStageTests(APITestCase):
         )
         self.assertFalse(serializer.is_valid())
         self.assertIn("not_configured_action", serializer.errors)
+        serializer = AuthenticatorValidateStageSerializer(
+            data={"name": "foo", "not_configured_action": NotConfiguredAction.DENY}
+        )
+        self.assertTrue(serializer.is_valid())
 
     def test_device_challenge_totp(self):
         """Test device challenge"""
diff --git a/authentik/stages/deny/tests.py b/authentik/stages/deny/tests.py
index 2a7278ba7..b87559158 100644
--- a/authentik/stages/deny/tests.py
+++ b/authentik/stages/deny/tests.py
@@ -27,7 +27,7 @@ class TestUserDenyStage(APITestCase):
         self.stage = DenyStage.objects.create(name="logout")
         self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
 
-    def test_valid_password(self):
+    def test_valid_get(self):
         """Test with a valid pending user and backend"""
         plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
         session = self.client.session
@@ -52,3 +52,29 @@ class TestUserDenyStage(APITestCase):
                 "type": ChallengeTypes.NATIVE.value,
             },
         )
+
+    def test_valid_post(self):
+        """Test with a valid pending user and backend"""
+        plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
+        session = self.client.session
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        response = self.client.post(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
+        )
+
+        self.assertEqual(response.status_code, 200)
+        self.assertJSONEqual(
+            force_str(response.content),
+            {
+                "component": "ak-stage-access-denied",
+                "error_message": None,
+                "flow_info": {
+                    "background": self.flow.background_url,
+                    "cancel_url": reverse("authentik_flows:cancel"),
+                    "title": "",
+                },
+                "type": ChallengeTypes.NATIVE.value,
+            },
+        )
diff --git a/authentik/stages/prompt/tests.py b/authentik/stages/prompt/tests.py
index c55a7caee..b109cc4ce 100644
--- a/authentik/stages/prompt/tests.py
+++ b/authentik/stages/prompt/tests.py
@@ -216,6 +216,7 @@ class TestPromptStage(APITestCase):
     def test_static_hidden_overwrite(self):
         """Test that static and hidden fields ignore any value sent to them"""
         plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
+        plan.context[PLAN_CONTEXT_PROMPT] = {"hidden_prompt": "hidden"}
         self.prompt_data["hidden_prompt"] = "foo"
         self.prompt_data["static_prompt"] = "foo"
         challenge_response = PromptChallengeResponse(
@@ -223,4 +224,5 @@ class TestPromptStage(APITestCase):
         )
         self.assertEqual(challenge_response.is_valid(), True)
         self.assertNotEqual(challenge_response.validated_data["hidden_prompt"], "foo")
+        self.assertEqual(challenge_response.validated_data["hidden_prompt"], "hidden")
         self.assertNotEqual(challenge_response.validated_data["static_prompt"], "foo")
diff --git a/authentik/stages/user_delete/tests.py b/authentik/stages/user_delete/tests.py
index 4813fda06..2b40eceb9 100644
--- a/authentik/stages/user_delete/tests.py
+++ b/authentik/stages/user_delete/tests.py
@@ -82,3 +82,26 @@ class TestUserDeleteStage(APITestCase):
         )
 
         self.assertFalse(User.objects.filter(username=self.username).exists())
+
+    def test_user_delete_post(self):
+        """Test Form render"""
+        plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
+        plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
+        session = self.client.session
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        response = self.client.post(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
+        )
+        self.assertEqual(response.status_code, 200)
+        self.assertJSONEqual(
+            force_str(response.content),
+            {
+                "component": "xak-flow-redirect",
+                "to": reverse("authentik_core:root-redirect"),
+                "type": ChallengeTypes.REDIRECT.value,
+            },
+        )
+
+        self.assertFalse(User.objects.filter(username=self.username).exists())
diff --git a/authentik/stages/user_login/tests.py b/authentik/stages/user_login/tests.py
index c20509452..e44c6e937 100644
--- a/authentik/stages/user_login/tests.py
+++ b/authentik/stages/user_login/tests.py
@@ -31,7 +31,7 @@ class TestUserLoginStage(APITestCase):
         self.stage = UserLoginStage.objects.create(name="login")
         self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
 
-    def test_valid_password(self):
+    def test_valid_get(self):
         """Test with a valid pending user and backend"""
         plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
         plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
@@ -53,6 +53,28 @@ class TestUserLoginStage(APITestCase):
             },
         )
 
+    def test_valid_post(self):
+        """Test with a valid pending user and backend"""
+        plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
+        plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
+        session = self.client.session
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        response = self.client.post(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
+        )
+
+        self.assertEqual(response.status_code, 200)
+        self.assertJSONEqual(
+            force_str(response.content),
+            {
+                "component": "xak-flow-redirect",
+                "to": reverse("authentik_core:root-redirect"),
+                "type": ChallengeTypes.REDIRECT.value,
+            },
+        )
+
     def test_expiry(self):
         """Test with expiry"""
         self.stage.session_duration = "seconds=2"
diff --git a/authentik/stages/user_logout/tests.py b/authentik/stages/user_logout/tests.py
index 814c7a26d..0d137f2f8 100644
--- a/authentik/stages/user_logout/tests.py
+++ b/authentik/stages/user_logout/tests.py
@@ -29,7 +29,7 @@ class TestUserLogoutStage(APITestCase):
         self.stage = UserLogoutStage.objects.create(name="logout")
         self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
 
-    def test_valid_password(self):
+    def test_valid_get(self):
         """Test with a valid pending user and backend"""
         plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
         plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
@@ -53,3 +53,28 @@ class TestUserLogoutStage(APITestCase):
                 "type": ChallengeTypes.REDIRECT.value,
             },
         )
+
+    def test_valid_post(self):
+        """Test with a valid pending user and backend"""
+        plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
+        plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
+        plan.context[PLAN_CONTEXT_AUTHENTICATION_BACKEND] = BACKEND_INBUILT
+        session = self.client.session
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        response = self.client.post(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
+        )
+
+        # pylint: disable=no-member
+        self.assertEqual(response.status_code, 200)
+        self.assertJSONEqual(
+            # pylint: disable=no-member
+            force_str(response.content),
+            {
+                "component": "xak-flow-redirect",
+                "to": reverse("authentik_core:root-redirect"),
+                "type": ChallengeTypes.REDIRECT.value,
+            },
+        )