providers/ldap: fix Outpost provider listing excluding backchannel providers (#5933)

* providers/ldap: fix Outpost provider listing excluding backchannel providers

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/providers/ldap/api.py

@@ -105,7 +105,9 @@ class LDAPOutpostConfigSerializer(ModelSerializer):
 class LDAPOutpostConfigViewSet(ReadOnlyModelViewSet):
     """LDAPProvider Viewset"""
 
-    queryset = LDAPProvider.objects.filter(application__isnull=False)
+    queryset = LDAPProvider.objects.filter(
+        Q(application__isnull=False) | Q(backchannel_application__isnull=False)
+    )
     serializer_class = LDAPOutpostConfigSerializer
     ordering = ["name"]
     search_fields = ["name"]

authentik/providers/ldap/tests/test_api.py

@@ -0,0 +1,52 @@
+"""LDAP Provider API tests"""
+from json import loads
+
+from django.urls import reverse
+from rest_framework.test import APITestCase
+
+from authentik.core.models import Application
+from authentik.core.tests.utils import create_test_admin_user, create_test_flow
+from authentik.lib.generators import generate_id
+from authentik.providers.ldap.models import LDAPProvider
+
+
+class TestLDAPProviderAPI(APITestCase):
+    """LDAP Provider API tests"""
+
+    def test_outpost_application(self):
+        """Test outpost-like provider retrieval (direct connection)"""
+        provider = LDAPProvider.objects.create(
+            name=generate_id(),
+            authorization_flow=create_test_flow(),
+        )
+        Application.objects.create(
+            name=generate_id(),
+            slug=generate_id(),
+            provider=provider,
+        )
+        user = create_test_admin_user()
+        self.client.force_login(user)
+        res = self.client.get(reverse("authentik_api:ldapprovideroutpost-list"))
+        self.assertEqual(res.status_code, 200)
+        data = loads(res.content.decode())
+        self.assertEqual(data["pagination"]["count"], 1)
+        self.assertEqual(len(data["results"]), 1)
+
+    def test_outpost_application_backchannel(self):
+        """Test outpost-like provider retrieval (backchannel connection)"""
+        provider = LDAPProvider.objects.create(
+            name=generate_id(),
+            authorization_flow=create_test_flow(),
+        )
+        app: Application = Application.objects.create(
+            name=generate_id(),
+            slug=generate_id(),
+        )
+        app.backchannel_providers.add(provider)
+        user = create_test_admin_user()
+        self.client.force_login(user)
+        res = self.client.get(reverse("authentik_api:ldapprovideroutpost-list"))
+        self.assertEqual(res.status_code, 200)
+        data = loads(res.content.decode())
+        self.assertEqual(data["pagination"]["count"], 1)
+        self.assertEqual(len(data["results"]), 1)

authentik/providers/ldap/urls.py

@@ -2,6 +2,6 @@
 from authentik.providers.ldap.api import LDAPOutpostConfigViewSet, LDAPProviderViewSet
 
 api_urlpatterns = [
-    ("outposts/ldap", LDAPOutpostConfigViewSet),
+    ("outposts/ldap", LDAPOutpostConfigViewSet, "ldapprovideroutpost"),
     ("providers/ldap", LDAPProviderViewSet),
 ]

authentik/providers/proxy/urls.py

@@ -2,6 +2,6 @@
 from authentik.providers.proxy.api import ProxyOutpostConfigViewSet, ProxyProviderViewSet
 
 api_urlpatterns = [
-    ("outposts/proxy", ProxyOutpostConfigViewSet),
+    ("outposts/proxy", ProxyOutpostConfigViewSet, "proxyprovideroutpost"),
     ("providers/proxy", ProxyProviderViewSet),
 ]

authentik/providers/radius/urls.py

@@ -2,6 +2,6 @@
 from authentik.providers.radius.api import RadiusOutpostConfigViewSet, RadiusProviderViewSet
 
 api_urlpatterns = [
-    ("outposts/radius", RadiusOutpostConfigViewSet),
+    ("outposts/radius", RadiusOutpostConfigViewSet, "radiusprovideroutpost"),
     ("providers/radius", RadiusProviderViewSet),
 ]