From 51f4d4646c0a7b0747774599a8539d8b5ec38507 Mon Sep 17 00:00:00 2001 From: Jens L Date: Mon, 12 Jun 2023 11:28:00 +0200 Subject: [PATCH] providers/ldap: fix Outpost provider listing excluding backchannel providers (#5933) * providers/ldap: fix Outpost provider listing excluding backchannel providers Signed-off-by: Jens Langhammer * add tests Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- authentik/providers/ldap/api.py | 4 +- authentik/providers/ldap/tests/__init__.py | 0 authentik/providers/ldap/tests/test_api.py | 52 ++++++++++++++++++++++ authentik/providers/ldap/urls.py | 2 +- authentik/providers/proxy/urls.py | 2 +- authentik/providers/radius/urls.py | 2 +- 6 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 authentik/providers/ldap/tests/__init__.py create mode 100644 authentik/providers/ldap/tests/test_api.py diff --git a/authentik/providers/ldap/api.py b/authentik/providers/ldap/api.py index 96b3a5926..870d66ee5 100644 --- a/authentik/providers/ldap/api.py +++ b/authentik/providers/ldap/api.py @@ -105,7 +105,9 @@ class LDAPOutpostConfigSerializer(ModelSerializer): class LDAPOutpostConfigViewSet(ReadOnlyModelViewSet): """LDAPProvider Viewset""" - queryset = LDAPProvider.objects.filter(application__isnull=False) + queryset = LDAPProvider.objects.filter( + Q(application__isnull=False) | Q(backchannel_application__isnull=False) + ) serializer_class = LDAPOutpostConfigSerializer ordering = ["name"] search_fields = ["name"] diff --git a/authentik/providers/ldap/tests/__init__.py b/authentik/providers/ldap/tests/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/providers/ldap/tests/test_api.py b/authentik/providers/ldap/tests/test_api.py new file mode 100644 index 000000000..1271f7640 --- /dev/null +++ b/authentik/providers/ldap/tests/test_api.py @@ -0,0 +1,52 @@ +"""LDAP Provider API tests""" +from json import loads + +from django.urls import reverse +from rest_framework.test import APITestCase + +from authentik.core.models import Application +from authentik.core.tests.utils import create_test_admin_user, create_test_flow +from authentik.lib.generators import generate_id +from authentik.providers.ldap.models import LDAPProvider + + +class TestLDAPProviderAPI(APITestCase): + """LDAP Provider API tests""" + + def test_outpost_application(self): + """Test outpost-like provider retrieval (direct connection)""" + provider = LDAPProvider.objects.create( + name=generate_id(), + authorization_flow=create_test_flow(), + ) + Application.objects.create( + name=generate_id(), + slug=generate_id(), + provider=provider, + ) + user = create_test_admin_user() + self.client.force_login(user) + res = self.client.get(reverse("authentik_api:ldapprovideroutpost-list")) + self.assertEqual(res.status_code, 200) + data = loads(res.content.decode()) + self.assertEqual(data["pagination"]["count"], 1) + self.assertEqual(len(data["results"]), 1) + + def test_outpost_application_backchannel(self): + """Test outpost-like provider retrieval (backchannel connection)""" + provider = LDAPProvider.objects.create( + name=generate_id(), + authorization_flow=create_test_flow(), + ) + app: Application = Application.objects.create( + name=generate_id(), + slug=generate_id(), + ) + app.backchannel_providers.add(provider) + user = create_test_admin_user() + self.client.force_login(user) + res = self.client.get(reverse("authentik_api:ldapprovideroutpost-list")) + self.assertEqual(res.status_code, 200) + data = loads(res.content.decode()) + self.assertEqual(data["pagination"]["count"], 1) + self.assertEqual(len(data["results"]), 1) diff --git a/authentik/providers/ldap/urls.py b/authentik/providers/ldap/urls.py index fc32e4954..ae916f9f7 100644 --- a/authentik/providers/ldap/urls.py +++ b/authentik/providers/ldap/urls.py @@ -2,6 +2,6 @@ from authentik.providers.ldap.api import LDAPOutpostConfigViewSet, LDAPProviderViewSet api_urlpatterns = [ - ("outposts/ldap", LDAPOutpostConfigViewSet), + ("outposts/ldap", LDAPOutpostConfigViewSet, "ldapprovideroutpost"), ("providers/ldap", LDAPProviderViewSet), ] diff --git a/authentik/providers/proxy/urls.py b/authentik/providers/proxy/urls.py index fa4706de6..384cc1d6f 100644 --- a/authentik/providers/proxy/urls.py +++ b/authentik/providers/proxy/urls.py @@ -2,6 +2,6 @@ from authentik.providers.proxy.api import ProxyOutpostConfigViewSet, ProxyProviderViewSet api_urlpatterns = [ - ("outposts/proxy", ProxyOutpostConfigViewSet), + ("outposts/proxy", ProxyOutpostConfigViewSet, "proxyprovideroutpost"), ("providers/proxy", ProxyProviderViewSet), ] diff --git a/authentik/providers/radius/urls.py b/authentik/providers/radius/urls.py index b0c1bd33f..9cbef52ef 100644 --- a/authentik/providers/radius/urls.py +++ b/authentik/providers/radius/urls.py @@ -2,6 +2,6 @@ from authentik.providers.radius.api import RadiusOutpostConfigViewSet, RadiusProviderViewSet api_urlpatterns = [ - ("outposts/radius", RadiusOutpostConfigViewSet), + ("outposts/radius", RadiusOutpostConfigViewSet, "radiusprovideroutpost"), ("providers/radius", RadiusProviderViewSet), ]