From 5eb25240c32a1b13717ae93f4c6f36862dd5793d Mon Sep 17 00:00:00 2001 From: Stanislav Dimov Date: Tue, 16 Jan 2024 01:39:08 +0000 Subject: [PATCH] fix tests --- .../providers/oauth2/tests/test_authorize.py | 26 +++++++++++------ .../oauth2/tests/test_device_backchannel.py | 16 ++++++++--- .../providers/oauth2/tests/test_introspect.py | 16 ++++++++--- .../providers/oauth2/tests/test_revoke.py | 16 ++++++++--- .../providers/oauth2/tests/test_token.py | 24 ++++++++++++---- .../providers/oauth2/tests/test_token_cc.py | 24 ++++++++++++---- .../oauth2/tests/test_token_cc_jwt_source.py | 28 ++++++++++++++----- .../oauth2/tests/test_token_device.py | 12 ++++++-- .../providers/oauth2/tests/test_userinfo.py | 8 ++++-- tests/e2e/test_provider_oauth2_grafana.py | 6 ++-- 10 files changed, 129 insertions(+), 47 deletions(-) diff --git a/authentik/providers/oauth2/tests/test_authorize.py b/authentik/providers/oauth2/tests/test_authorize.py index 91cdc330a..e61c5b038 100644 --- a/authentik/providers/oauth2/tests/test_authorize.py +++ b/authentik/providers/oauth2/tests/test_authorize.py @@ -260,13 +260,15 @@ class TestAuthorize(OAuthTestCase): redirect_uris="foo://localhost", access_code_validity="seconds=100", ) - Application.objects.create(name="app", slug="app", provider=provider) + app = Application.objects.create(name="app", slug="app", provider=provider) state = generate_id() user = create_test_admin_user() self.client.force_login(user) # Step 1, initiate params and get redirect to flow self.client.get( - reverse("authentik_providers_oauth2:authorize"), + reverse( + "authentik_providers_oauth2:authorize", + kwargs={"application_slug": app.slug}), data={ "response_type": "code", "client_id": "test", @@ -302,7 +304,7 @@ class TestAuthorize(OAuthTestCase): redirect_uris="http://localhost", signing_key=self.keypair, ) - Application.objects.create(name="app", slug="app", provider=provider) + app = Application.objects.create(name="app", slug="app", provider=provider) state = generate_id() user = create_test_admin_user() self.client.force_login(user) @@ -318,7 +320,9 @@ class TestAuthorize(OAuthTestCase): ): # Step 1, initiate params and get redirect to flow self.client.get( - reverse("authentik_providers_oauth2:authorize"), + reverse( + "authentik_providers_oauth2:authorize", + kwargs={"application_slug": app.slug}), data={ "response_type": "id_token", "client_id": "test", @@ -364,7 +368,7 @@ class TestAuthorize(OAuthTestCase): redirect_uris="http://localhost", signing_key=self.keypair, ) - Application.objects.create(name="app", slug="app", provider=provider) + app = Application.objects.create(name="app", slug="app", provider=provider) state = generate_id() user = create_test_admin_user() self.client.force_login(user) @@ -380,7 +384,9 @@ class TestAuthorize(OAuthTestCase): ): # Step 1, initiate params and get redirect to flow self.client.get( - reverse("authentik_providers_oauth2:authorize"), + reverse( + "authentik_providers_oauth2:authorize", + kwargs={"application_slug": app.slug}), data={ "response_type": "code", "response_mode": "fragment", @@ -425,7 +431,9 @@ class TestAuthorize(OAuthTestCase): self.client.force_login(user) # Step 1, initiate params and get redirect to flow self.client.get( - reverse("authentik_providers_oauth2:authorize"), + reverse( + "authentik_providers_oauth2:authorize", + kwargs={"application_slug": app.slug}), data={ "response_type": "id_token", "response_mode": "form_post", @@ -474,7 +482,9 @@ class TestAuthorize(OAuthTestCase): self.client.force_login(user) # Step 1, initiate params and get redirect to flow self.client.get( - reverse("authentik_providers_oauth2:authorize"), + reverse( + "authentik_providers_oauth2:authorize", + kwargs={"application_slug": app.slug}), data={ "response_type": "code", "response_mode": "form_post", diff --git a/authentik/providers/oauth2/tests/test_device_backchannel.py b/authentik/providers/oauth2/tests/test_device_backchannel.py index a191e128b..3a3207e69 100644 --- a/authentik/providers/oauth2/tests/test_device_backchannel.py +++ b/authentik/providers/oauth2/tests/test_device_backchannel.py @@ -28,21 +28,27 @@ class TesOAuth2DeviceBackchannel(OAuthTestCase): def test_backchannel_invalid(self): """Test backchannel""" res = self.client.post( - reverse("authentik_providers_oauth2:device"), + reverse( + "authentik_providers_oauth2:device", + kwargs={"application_slug": self.application.slug}), data={ "client_id": "foo", }, ) self.assertEqual(res.status_code, 400) res = self.client.post( - reverse("authentik_providers_oauth2:device"), + reverse( + "authentik_providers_oauth2:device", + kwargs={"application_slug": self.application.slug}), ) self.assertEqual(res.status_code, 400) # test without application self.application.provider = None self.application.save() res = self.client.post( - reverse("authentik_providers_oauth2:device"), + reverse( + "authentik_providers_oauth2:device", + kwargs={"application_slug": self.application.slug}), data={ "client_id": "test", }, @@ -52,7 +58,9 @@ class TesOAuth2DeviceBackchannel(OAuthTestCase): def test_backchannel(self): """Test backchannel""" res = self.client.post( - reverse("authentik_providers_oauth2:device"), + reverse( + "authentik_providers_oauth2:device", + kwargs={"application_slug": self.application.slug}), data={ "client_id": self.provider.client_id, }, diff --git a/authentik/providers/oauth2/tests/test_introspect.py b/authentik/providers/oauth2/tests/test_introspect.py index dd35d5f6f..d92855c02 100644 --- a/authentik/providers/oauth2/tests/test_introspect.py +++ b/authentik/providers/oauth2/tests/test_introspect.py @@ -49,7 +49,9 @@ class TesOAuth2Introspection(OAuthTestCase): ), ) res = self.client.post( - reverse("authentik_providers_oauth2:token-introspection"), + reverse( + "authentik_providers_oauth2:token-introspection", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION=f"Basic {self.auth}", data={"token": token.token}, ) @@ -81,7 +83,9 @@ class TesOAuth2Introspection(OAuthTestCase): ), ) res = self.client.post( - reverse("authentik_providers_oauth2:token-introspection"), + reverse( + "authentik_providers_oauth2:token-introspection", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION=f"Basic {self.auth}", data={"token": token.token}, ) @@ -101,7 +105,9 @@ class TesOAuth2Introspection(OAuthTestCase): def test_introspect_invalid_token(self): """Test introspect (invalid token)""" res = self.client.post( - reverse("authentik_providers_oauth2:token-introspection"), + reverse( + "authentik_providers_oauth2:token-introspection", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION=f"Basic {self.auth}", data={"token": generate_id(), "token_type_hint": "refresh_token"}, ) @@ -116,7 +122,9 @@ class TesOAuth2Introspection(OAuthTestCase): def test_introspect_invalid_auth(self): """Test introspect (invalid auth)""" res = self.client.post( - reverse("authentik_providers_oauth2:token-introspection"), + reverse( + "authentik_providers_oauth2:token-introspection", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION="Basic qwerqrwe", data={"token": generate_id(), "token_type_hint": "refresh_token"}, ) diff --git a/authentik/providers/oauth2/tests/test_revoke.py b/authentik/providers/oauth2/tests/test_revoke.py index 74acbec02..2be299f71 100644 --- a/authentik/providers/oauth2/tests/test_revoke.py +++ b/authentik/providers/oauth2/tests/test_revoke.py @@ -48,7 +48,9 @@ class TesOAuth2Revoke(OAuthTestCase): ), ) res = self.client.post( - reverse("authentik_providers_oauth2:token-revoke"), + reverse( + "authentik_providers_oauth2:token-revoke", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION=f"Basic {self.auth}", data={ "token": token.token, @@ -71,7 +73,9 @@ class TesOAuth2Revoke(OAuthTestCase): ), ) res = self.client.post( - reverse("authentik_providers_oauth2:token-revoke"), + reverse( + "authentik_providers_oauth2:token-revoke", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION=f"Basic {self.auth}", data={ "token": token.token, @@ -82,7 +86,9 @@ class TesOAuth2Revoke(OAuthTestCase): def test_revoke_invalid(self): """Test revoke (invalid token)""" res = self.client.post( - reverse("authentik_providers_oauth2:token-revoke"), + reverse( + "authentik_providers_oauth2:token-revoke", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION=f"Basic {self.auth}", data={ "token": generate_id(), @@ -93,7 +99,9 @@ class TesOAuth2Revoke(OAuthTestCase): def test_revoke_invalid_auth(self): """Test revoke (invalid auth)""" res = self.client.post( - reverse("authentik_providers_oauth2:token-revoke"), + reverse( + "authentik_providers_oauth2:token-revoke", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION="Basic fqewr", data={ "token": generate_id(), diff --git a/authentik/providers/oauth2/tests/test_token.py b/authentik/providers/oauth2/tests/test_token.py index 79b3b13fe..71bdebca4 100644 --- a/authentik/providers/oauth2/tests/test_token.py +++ b/authentik/providers/oauth2/tests/test_token.py @@ -127,7 +127,9 @@ class TestToken(OAuthTestCase): code="foobar", provider=provider, user=user, auth_time=timezone.now() ) response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), data={ "grant_type": GRANT_TYPE_AUTHORIZATION_CODE, "code": code.code, @@ -172,7 +174,9 @@ class TestToken(OAuthTestCase): auth_time=timezone.now(), ) response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), data={ "grant_type": GRANT_TYPE_REFRESH_TOKEN, "refresh_token": token.token, @@ -219,7 +223,9 @@ class TestToken(OAuthTestCase): auth_time=timezone.now(), ) response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), data={ "grant_type": GRANT_TYPE_REFRESH_TOKEN, "refresh_token": token.token, @@ -269,7 +275,9 @@ class TestToken(OAuthTestCase): ) # Create initial refresh token response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), data={ "grant_type": GRANT_TYPE_REFRESH_TOKEN, "refresh_token": token.token, @@ -283,7 +291,9 @@ class TestToken(OAuthTestCase): # Post again with initial token -> get new refresh token # and revoke old one response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), data={ "grant_type": GRANT_TYPE_REFRESH_TOKEN, "refresh_token": new_token.token, @@ -294,7 +304,9 @@ class TestToken(OAuthTestCase): self.assertEqual(response.status_code, 200) # Post again with old token, is now revoked and should error response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), data={ "grant_type": GRANT_TYPE_REFRESH_TOKEN, "refresh_token": new_token.token, diff --git a/authentik/providers/oauth2/tests/test_token_cc.py b/authentik/providers/oauth2/tests/test_token_cc.py index 81f595d63..19abd5d75 100644 --- a/authentik/providers/oauth2/tests/test_token_cc.py +++ b/authentik/providers/oauth2/tests/test_token_cc.py @@ -50,7 +50,9 @@ class TestTokenClientCredentials(OAuthTestCase): def test_wrong_user(self): """test invalid username""" response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": SCOPE_OPENID, @@ -68,7 +70,9 @@ class TestTokenClientCredentials(OAuthTestCase): def test_wrong_token(self): """test invalid token""" response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": SCOPE_OPENID, @@ -88,7 +92,9 @@ class TestTokenClientCredentials(OAuthTestCase): self.app.provider = None self.app.save() response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": SCOPE_OPENID, @@ -112,7 +118,9 @@ class TestTokenClientCredentials(OAuthTestCase): order=0, ) response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": SCOPE_OPENID, @@ -130,7 +138,9 @@ class TestTokenClientCredentials(OAuthTestCase): def test_successful(self): """test successful""" response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", @@ -163,7 +173,9 @@ class TestTokenClientCredentials(OAuthTestCase): def test_successful_password(self): """test successful (password grant)""" response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_PASSWORD, "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", diff --git a/authentik/providers/oauth2/tests/test_token_cc_jwt_source.py b/authentik/providers/oauth2/tests/test_token_cc_jwt_source.py index a95c7c3a5..d2ecff9b9 100644 --- a/authentik/providers/oauth2/tests/test_token_cc_jwt_source.py +++ b/authentik/providers/oauth2/tests/test_token_cc_jwt_source.py @@ -63,7 +63,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase): def test_invalid_type(self): """test invalid type""" response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", @@ -79,7 +81,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase): def test_invalid_jwt(self): """test invalid JWT""" response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", @@ -101,7 +105,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase): } ) response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", @@ -123,7 +129,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase): } ) response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", @@ -147,7 +155,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase): } ) response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", @@ -175,7 +185,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase): } ) response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", @@ -197,7 +209,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase): } ) response = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), { "grant_type": GRANT_TYPE_CLIENT_CREDENTIALS, "scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}", diff --git a/authentik/providers/oauth2/tests/test_token_device.py b/authentik/providers/oauth2/tests/test_token_device.py index 0d7474f92..0fdb7f80d 100644 --- a/authentik/providers/oauth2/tests/test_token_device.py +++ b/authentik/providers/oauth2/tests/test_token_device.py @@ -33,7 +33,9 @@ class TestTokenDeviceCode(OAuthTestCase): def test_code_no_code(self): """Test code without code""" res = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), data={ "client_id": self.provider.client_id, "grant_type": GRANT_TYPE_DEVICE_CODE, @@ -51,7 +53,9 @@ class TestTokenDeviceCode(OAuthTestCase): device_code=generate_id(), ) res = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), data={ "client_id": self.provider.client_id, "grant_type": GRANT_TYPE_DEVICE_CODE, @@ -71,7 +75,9 @@ class TestTokenDeviceCode(OAuthTestCase): user=self.user, ) res = self.client.post( - reverse("authentik_providers_oauth2:token"), + reverse( + "authentik_providers_oauth2:token", + kwargs={"application_slug": self.app.slug}), data={ "client_id": self.provider.client_id, "grant_type": GRANT_TYPE_DEVICE_CODE, diff --git a/authentik/providers/oauth2/tests/test_userinfo.py b/authentik/providers/oauth2/tests/test_userinfo.py index 431b2f18f..2feba5aa7 100644 --- a/authentik/providers/oauth2/tests/test_userinfo.py +++ b/authentik/providers/oauth2/tests/test_userinfo.py @@ -48,7 +48,9 @@ class TestUserinfo(OAuthTestCase): def test_userinfo_normal(self): """test user info with all normal scopes""" res = self.client.get( - reverse("authentik_providers_oauth2:userinfo"), + reverse( + "authentik_providers_oauth2:userinfo", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION=f"Bearer {self.token.token}", ) self.assertJSONEqual( @@ -70,7 +72,9 @@ class TestUserinfo(OAuthTestCase): self.provider.property_mappings.add(scope) res = self.client.get( - reverse("authentik_providers_oauth2:userinfo"), + reverse( + "authentik_providers_oauth2:userinfo", + kwargs={"application_slug": self.app.slug}), HTTP_AUTHORIZATION=f"Bearer {self.token.token}", ) self.assertJSONEqual( diff --git a/tests/e2e/test_provider_oauth2_grafana.py b/tests/e2e/test_provider_oauth2_grafana.py index d096a3483..b2487f5a1 100644 --- a/tests/e2e/test_provider_oauth2_grafana.py +++ b/tests/e2e/test_provider_oauth2_grafana.py @@ -50,9 +50,9 @@ class TestProviderOAuth2OAuth(SeleniumTestCase): "GF_AUTH_GENERIC_OAUTH_CLIENT_ID": self.client_id, "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET": self.client_secret, "GF_AUTH_GENERIC_OAUTH_SCOPES": "openid email profile", - "GF_AUTH_GENERIC_OAUTH_AUTH_URL": self.url("authentik_providers_oauth2:authorize"), - "GF_AUTH_GENERIC_OAUTH_TOKEN_URL": self.url("authentik_providers_oauth2:token"), - "GF_AUTH_GENERIC_OAUTH_API_URL": self.url("authentik_providers_oauth2:userinfo"), + "GF_AUTH_GENERIC_OAUTH_AUTH_URL": self.url("authentik_providers_oauth2:authorize", application_slug=self.app_slug), + "GF_AUTH_GENERIC_OAUTH_TOKEN_URL": self.url("authentik_providers_oauth2:token", application_slug=self.app_slug), + "GF_AUTH_GENERIC_OAUTH_API_URL": self.url("authentik_providers_oauth2:userinfo", application_slug=self.app_slug), "GF_AUTH_SIGNOUT_REDIRECT_URL": self.url( "authentik_providers_oauth2:end-session", application_slug=self.app_slug,