ci: fix pyright errors (#5392)

* ci: fix pyright errors

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix error in oauth 1 source

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove redundant blueprint fixtures

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/core/api/propertymappings.py

@@ -93,7 +93,6 @@ class PropertyMappingViewSet(
                 {
                     "name": subclass._meta.verbose_name,
                     "description": subclass.__doc__,
-                    # pyright: reportGeneralTypeIssues=false
                     "component": subclass().component,
                     "model_name": subclass._meta.model_name,
                 }

authentik/core/api/providers.py

@@ -25,7 +25,6 @@ class ProviderSerializer(ModelSerializer, MetaNameSerializer):
 
     def get_component(self, obj: Provider) -> str:  # pragma: no cover
         """Get object component so that we know how to edit the object"""
-        # pyright: reportGeneralTypeIssues=false
         if obj.__class__ == Provider:
             return ""
         return obj.component

authentik/core/api/sources.py

@@ -40,7 +40,6 @@ class SourceSerializer(ModelSerializer, MetaNameSerializer):
 
     def get_component(self, obj: Source) -> str:
         """Get object component so that we know how to edit the object"""
-        # pyright: reportGeneralTypeIssues=false
         if obj.__class__ == Source:
             return ""
         return obj.component
@@ -139,7 +138,6 @@ class SourceViewSet(
                 component = subclass.__bases__[0]().component
             else:
                 component = subclass().component
-            # pyright: reportGeneralTypeIssues=false
             data.append(
                 {
                     "name": subclass._meta.verbose_name,

authentik/core/api/used_by.py

@@ -56,7 +56,6 @@ class UsedByMixin:
     # pylint: disable=too-many-locals
     def used_by(self, request: Request, *args, **kwargs) -> Response:
         """Get a list of all objects that use this object"""
-        # pyright: reportGeneralTypeIssues=false
         model: Model = self.get_object()
         used_by = []
         shadows = []

authentik/crypto/tests.py

@@ -246,7 +246,6 @@ class TestCrypto(APITestCase):
             with open(f"{temp_dir}/foo.bar/privkey.pem", "w+", encoding="utf-8") as _key:
                 _key.write(builder.private_key)
             with CONFIG.patch("cert_discovery_dir", temp_dir):
-                # pyright: reportGeneralTypeIssues=false
                 certificate_discovery()  # pylint: disable=no-value-for-parameter
         keypair: CertificateKeyPair = CertificateKeyPair.objects.filter(
             managed=MANAGED_DISCOVERED % "foo"

authentik/events/models.py

@@ -453,7 +453,6 @@ class NotificationTransport(SerializerModel):
         try:
             from authentik.stages.email.tasks import send_mail
 
-            # pyright: reportGeneralTypeIssues=false
             return send_mail(mail.__dict__)  # pylint: disable=no-value-for-parameter
         except (SMTPException, ConnectionError, OSError) as exc:
             raise NotificationTransportError(exc) from exc

authentik/flows/api/stages.py

@@ -27,7 +27,6 @@ class StageSerializer(ModelSerializer, MetaNameSerializer):
 
     def get_component(self, obj: Stage) -> str:
         """Get object type so that we know how to edit the object"""
-        # pyright: reportGeneralTypeIssues=false
         if obj.__class__ == Stage:
             return ""
         return obj.component

authentik/flows/challenge.py

@@ -182,5 +182,4 @@ class HttpChallengeResponse(JsonResponse):
     """Subclass of JsonResponse that uses the `DataclassEncoder`"""
 
     def __init__(self, challenge, **kwargs) -> None:
-        # pyright: reportGeneralTypeIssues=false
         super().__init__(challenge.data, encoder=DataclassEncoder, **kwargs)

authentik/lib/config.py

@@ -177,7 +177,6 @@ class ConfigLoader:
         # Walk each component of the path
         path_parts = path.split(sep)
         for comp in path_parts[:-1]:
-            # pyright: reportGeneralTypeIssues=false
             if comp not in root:
                 root[comp] = {}
             root = root.get(comp, {})

authentik/outposts/api/service_connections.py

@@ -31,7 +31,6 @@ class ServiceConnectionSerializer(ModelSerializer, MetaNameSerializer):
 
     def get_component(self, obj: OutpostServiceConnection) -> str:
         """Get object type so that we know how to edit the object"""
-        # pyright: reportGeneralTypeIssues=false
         if obj.__class__ == OutpostServiceConnection:
             return ""
         return obj.component
@@ -77,7 +76,6 @@ class ServiceConnectionViewSet(
         data = []
         for subclass in all_subclasses(self.queryset.model):
             subclass: OutpostServiceConnection
-            # pyright: reportGeneralTypeIssues=false
             data.append(
                 {
                     "name": subclass._meta.verbose_name,

authentik/policies/api/policies.py

@@ -40,7 +40,6 @@ class PolicySerializer(ModelSerializer, MetaNameSerializer):
 
     def get_component(self, obj: Policy) -> str:  # pragma: no cover
         """Get object component so that we know how to edit the object"""
-        # pyright: reportGeneralTypeIssues=false
         if obj.__class__ == Policy:
             return ""
         return obj.component
@@ -50,7 +49,6 @@ class PolicySerializer(ModelSerializer, MetaNameSerializer):
         return obj.bindings.count() + obj.promptstage_set.count()
 
     def to_representation(self, instance: Policy):
-        # pyright: reportGeneralTypeIssues=false
         if instance.__class__ == Policy or not self._resolve_inheritance:
             return super().to_representation(instance)
         return dict(instance.serializer(instance=instance, resolve_inheritance=False).data)

authentik/policies/denied.py

@@ -19,7 +19,6 @@ class AccessDeniedResponse(TemplateResponse):
     error_message: Optional[str] = None
     policy_result: Optional[PolicyResult] = None
 
-    # pyright: reportGeneralTypeIssues=false
     def __init__(self, request: HttpRequest, template="policies/denied.html") -> None:
         super().__init__(request, template)
         self.title = _("Access denied")

authentik/policies/engine.py

@@ -74,7 +74,6 @@ class PolicyEngine:
 
     def _check_policy_type(self, binding: PolicyBinding):
         """Check policy type, make sure it's not the root class as that has no logic implemented"""
-        # pyright: reportGeneralTypeIssues=false
         if binding.policy is not None and binding.policy.__class__ == Policy:
             raise PolicyEngineException(f"Policy '{binding.policy}' is root type")
 

authentik/policies/models.py

@@ -19,9 +19,7 @@ from authentik.policies.types import PolicyRequest, PolicyResult
 class PolicyEngineMode(models.TextChoices):
     """Decide how results of multiple policies should be combined."""
 
-    # pyright: reportGeneralTypeIssues=false
     MODE_ALL = "all", _("ALL, all policies must pass")  # type: "PolicyEngineMode"
-    # pyright: reportGeneralTypeIssues=false
     MODE_ANY = "any", _("ANY, any policy must pass")  # type: "PolicyEngineMode"
 
 

authentik/providers/oauth2/utils.py

@@ -202,5 +202,4 @@ class HttpResponseRedirectScheme(HttpResponseRedirect):
         **kwargs: Any,
     ) -> None:
         self.allowed_schemes = allowed_schemes or ["http", "https", "ftp"]
-        # pyright: reportGeneralTypeIssues=false
         super().__init__(redirect_to, *args, **kwargs)

authentik/root/messages/storage.py

@@ -14,7 +14,6 @@ class ChannelsStorage(SessionStorage):
     """Send contrib.messages over websocket"""
 
     def __init__(self, request: HttpRequest) -> None:
-        # pyright: reportGeneralTypeIssues=false
         super().__init__(request)
         self.channel = get_channel_layer()
 

authentik/sources/oauth/clients/oauth1.py

@@ -66,7 +66,7 @@ class OAuthClient(BaseOAuthClient):
             response.raise_for_status()
         except RequestException as exc:
             raise OAuthSourceException(
-                response=exc.response.text if exc.response else str(exc),
+                exc.response.text if exc.response else str(exc),
             ) from exc
         return response.text
 

authentik/sources/oauth/types/apple.py

@@ -59,7 +59,6 @@ class AppleOAuthClient(OAuth2Client):
             "aud": "https://appleid.apple.com",
             "sub": parts[0].strip(),
         }
-        # pyright: reportGeneralTypeIssues=false
         jwt = encode(payload, self.source.consumer_secret, "ES256", {"kid": parts[2].strip()})
         LOGGER.debug("signing payload as secret key", payload=payload, jwt=jwt)
         return jwt

authentik/stages/email/management/commands/test_email.py

@@ -33,7 +33,6 @@ class Command(BaseCommand):
             template_context={},
         )
         try:
-            # pyright: reportGeneralTypeIssues=false
             send_mail(message.__dict__, stage.pk)
         finally:
             if delete_stage:

authentik/stages/email/tests/test_api.py

@@ -24,7 +24,6 @@ class TestEmailStageAPI(APITestCase):
     def test_validate(self):
         """Test EmailStage's validation"""
         self.assertEqual(
-            # pyright: reportGeneralTypeIssues=false
             EmailStageSerializer().validate_template(EmailTemplates.ACCOUNT_CONFIRM),
             EmailTemplates.ACCOUNT_CONFIRM,
         )

lifecycle/migrate.py

@@ -69,7 +69,6 @@ if __name__ == "__main__":
             if not spec:
                 continue
             mod = module_from_spec(spec)
-            # pyright: reportGeneralTypeIssues=false
             spec.loader.exec_module(mod)
 
             for name, sub in getmembers(mod, isclass):

tests/e2e/test_provider_oauth2_github.py

@@ -62,7 +62,6 @@ class TestProviderOAuth2Github(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
@@ -119,7 +118,6 @@ class TestProviderOAuth2Github(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
         "system/providers-oauth2.yaml",
@@ -194,7 +192,6 @@ class TestProviderOAuth2Github(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
     def test_denied(self):

tests/e2e/test_provider_oauth2_grafana.py

@@ -67,7 +67,6 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
@@ -116,7 +115,6 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
@@ -178,7 +176,6 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
@@ -250,7 +247,6 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
         "system/providers-oauth2.yaml",
@@ -330,7 +326,6 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
         "system/providers-oauth2.yaml",

tests/e2e/test_provider_oidc.py

@@ -63,7 +63,6 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
@@ -109,7 +108,6 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
@@ -165,7 +163,6 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
     @apply_blueprint("system/providers-oauth2.yaml")
@@ -235,7 +232,6 @@ class TestProviderOAuth2OIDC(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
     def test_authorization_denied(self):

tests/e2e/test_provider_oidc_implicit.py

@@ -63,7 +63,6 @@ class TestProviderOAuth2OIDCImplicit(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
@@ -109,7 +108,6 @@ class TestProviderOAuth2OIDCImplicit(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
@@ -160,7 +158,6 @@ class TestProviderOAuth2OIDCImplicit(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
     @apply_blueprint("system/providers-oauth2.yaml")
@@ -226,7 +223,6 @@ class TestProviderOAuth2OIDCImplicit(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
     def test_authorization_denied(self):

tests/e2e/test_provider_proxy.py

@@ -60,7 +60,6 @@ class TestProviderProxy(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
@@ -126,7 +125,6 @@ class TestProviderProxy(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
@@ -203,7 +201,6 @@ class TestProviderProxyConnect(ChannelsLiveServerTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @reconcile_app("authentik_crypto")
@@ -244,7 +241,7 @@ class TestProviderProxyConnect(ChannelsLiveServerTestCase):
             sleep(0.5)
 
         state = outpost.state
-        self.assertTrue(len(state) >= 1)
+        self.assertEqual(len(state), 1)
 
         # Make sure to delete the outpost to remove the container
         outpost.delete()

tests/e2e/test_provider_saml.py

@@ -62,7 +62,6 @@ class TestProviderSAML(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
@@ -132,7 +131,6 @@ class TestProviderSAML(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
         "system/providers-saml.yaml",
@@ -216,7 +214,6 @@ class TestProviderSAML(SeleniumTestCase):
     )
     @apply_blueprint(
         "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
         "system/providers-saml.yaml",
@@ -299,7 +296,6 @@ class TestProviderSAML(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
@@ -374,7 +370,6 @@ class TestProviderSAML(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(
@@ -423,7 +418,6 @@ class TestProviderSAML(SeleniumTestCase):
         "default/flow-default-invalidation-flow.yaml",
     )
     @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
         "default/flow-default-provider-authorization-implicit-consent.yaml",
     )
     @apply_blueprint(

tests/e2e/test_source_oauth.py

@@ -146,10 +146,6 @@ class TestSourceOAuth2(SeleniumTestCase):
         "default/flow-default-authentication-flow.yaml",
         "default/flow-default-invalidation-flow.yaml",
     )
-    @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
-    )
     @apply_blueprint(
         "default/flow-default-source-authentication.yaml",
         "default/flow-default-source-enrollment.yaml",
@@ -199,14 +195,6 @@ class TestSourceOAuth2(SeleniumTestCase):
         self.assert_user(User(username="foo", name="admin", email="admin@example.com"))
 
     @retry()
-    @apply_blueprint(
-        "default/flow-default-authentication-flow.yaml",
-        "default/flow-default-invalidation-flow.yaml",
-    )
-    @apply_blueprint(
-        "default/flow-default-provider-authorization-explicit-consent.yaml",
-        "default/flow-default-provider-authorization-implicit-consent.yaml",
-    )
     def test_oauth_enroll_auth(self):
         """test OAuth Source With With OIDC (enroll and authenticate again)"""
         self.test_oauth_enroll()