trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

fix tests

Browse source
This commit is contained in:
Stanislav Dimov 2024-01-16 01:39:08 +00:00
parent 51b229387b
commit 5eb25240c3
No known key found for this signature in database
GPG key ID: 52C3CE2B376F25D2
10 changed files with 129 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
authentik/providers/oauth2/tests/test_authorize.py
View file

@ -260,13 +260,15 @@ class TestAuthorize(OAuthTestCase):
redirect_uris="foo://localhost",
access_code_validity="seconds=100",
)
Application.objects.create(name="app", slug="app", provider=provider)
app = Application.objects.create(name="app", slug="app", provider=provider)
state = generate_id()
user = create_test_admin_user()
self.client.force_login(user)
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse("authentik_providers_oauth2:authorize"),
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
data={
"response_type": "code",
"client_id": "test",
@ -302,7 +304,7 @@ class TestAuthorize(OAuthTestCase):
redirect_uris="http://localhost",
signing_key=self.keypair,
)
Application.objects.create(name="app", slug="app", provider=provider)
app = Application.objects.create(name="app", slug="app", provider=provider)
state = generate_id()
user = create_test_admin_user()
self.client.force_login(user)
@ -318,7 +320,9 @@ class TestAuthorize(OAuthTestCase):
):
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse("authentik_providers_oauth2:authorize"),
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
data={
"response_type": "id_token",
"client_id": "test",
@ -364,7 +368,7 @@ class TestAuthorize(OAuthTestCase):
redirect_uris="http://localhost",
signing_key=self.keypair,
)
Application.objects.create(name="app", slug="app", provider=provider)
app = Application.objects.create(name="app", slug="app", provider=provider)
state = generate_id()
user = create_test_admin_user()
self.client.force_login(user)
@ -380,7 +384,9 @@ class TestAuthorize(OAuthTestCase):
):
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse("authentik_providers_oauth2:authorize"),
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
data={
"response_type": "code",
"response_mode": "fragment",
@ -425,7 +431,9 @@ class TestAuthorize(OAuthTestCase):
self.client.force_login(user)
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse("authentik_providers_oauth2:authorize"),
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
data={
"response_type": "id_token",
"response_mode": "form_post",
@ -474,7 +482,9 @@ class TestAuthorize(OAuthTestCase):
self.client.force_login(user)
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse("authentik_providers_oauth2:authorize"),
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
data={
"response_type": "code",
"response_mode": "form_post",

16
authentik/providers/oauth2/tests/test_device_backchannel.py
View file

@ -28,21 +28,27 @@ class TesOAuth2DeviceBackchannel(OAuthTestCase):
def test_backchannel_invalid(self):
"""Test backchannel"""
res = self.client.post(
reverse("authentik_providers_oauth2:device"),
reverse(
"authentik_providers_oauth2:device",
kwargs={"application_slug": self.application.slug}),
data={
"client_id": "foo",
},
)
self.assertEqual(res.status_code, 400)
res = self.client.post(
reverse("authentik_providers_oauth2:device"),
reverse(
"authentik_providers_oauth2:device",
kwargs={"application_slug": self.application.slug}),
)
self.assertEqual(res.status_code, 400)
# test without application
self.application.provider = None
self.application.save()
res = self.client.post(
reverse("authentik_providers_oauth2:device"),
reverse(
"authentik_providers_oauth2:device",
kwargs={"application_slug": self.application.slug}),
data={
"client_id": "test",
},
@ -52,7 +58,9 @@ class TesOAuth2DeviceBackchannel(OAuthTestCase):
def test_backchannel(self):
"""Test backchannel"""
res = self.client.post(
reverse("authentik_providers_oauth2:device"),
reverse(
"authentik_providers_oauth2:device",
kwargs={"application_slug": self.application.slug}),
data={
"client_id": self.provider.client_id,
},

16
authentik/providers/oauth2/tests/test_introspect.py
View file

@ -49,7 +49,9 @@ class TesOAuth2Introspection(OAuthTestCase):
),
)
res = self.client.post(
reverse("authentik_providers_oauth2:token-introspection"),
reverse(
"authentik_providers_oauth2:token-introspection",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={"token": token.token},
)
@ -81,7 +83,9 @@ class TesOAuth2Introspection(OAuthTestCase):
),
)
res = self.client.post(
reverse("authentik_providers_oauth2:token-introspection"),
reverse(
"authentik_providers_oauth2:token-introspection",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={"token": token.token},
)
@ -101,7 +105,9 @@ class TesOAuth2Introspection(OAuthTestCase):
def test_introspect_invalid_token(self):
"""Test introspect (invalid token)"""
res = self.client.post(
reverse("authentik_providers_oauth2:token-introspection"),
reverse(
"authentik_providers_oauth2:token-introspection",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={"token": generate_id(), "token_type_hint": "refresh_token"},
)
@ -116,7 +122,9 @@ class TesOAuth2Introspection(OAuthTestCase):
def test_introspect_invalid_auth(self):
"""Test introspect (invalid auth)"""
res = self.client.post(
reverse("authentik_providers_oauth2:token-introspection"),
reverse(
"authentik_providers_oauth2:token-introspection",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION="Basic qwerqrwe",
data={"token": generate_id(), "token_type_hint": "refresh_token"},
)

16
authentik/providers/oauth2/tests/test_revoke.py
View file

@ -48,7 +48,9 @@ class TesOAuth2Revoke(OAuthTestCase):
),
)
res = self.client.post(
reverse("authentik_providers_oauth2:token-revoke"),
reverse(
"authentik_providers_oauth2:token-revoke",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={
"token": token.token,
@ -71,7 +73,9 @@ class TesOAuth2Revoke(OAuthTestCase):
),
)
res = self.client.post(
reverse("authentik_providers_oauth2:token-revoke"),
reverse(
"authentik_providers_oauth2:token-revoke",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={
"token": token.token,
@ -82,7 +86,9 @@ class TesOAuth2Revoke(OAuthTestCase):
def test_revoke_invalid(self):
"""Test revoke (invalid token)"""
res = self.client.post(
reverse("authentik_providers_oauth2:token-revoke"),
reverse(
"authentik_providers_oauth2:token-revoke",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={
"token": generate_id(),
@ -93,7 +99,9 @@ class TesOAuth2Revoke(OAuthTestCase):
def test_revoke_invalid_auth(self):
"""Test revoke (invalid auth)"""
res = self.client.post(
reverse("authentik_providers_oauth2:token-revoke"),
reverse(
"authentik_providers_oauth2:token-revoke",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION="Basic fqewr",
data={
"token": generate_id(),

24
authentik/providers/oauth2/tests/test_token.py
View file

@ -127,7 +127,9 @@ class TestToken(OAuthTestCase):
code="foobar", provider=provider, user=user, auth_time=timezone.now()
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_AUTHORIZATION_CODE,
"code": code.code,
@ -172,7 +174,9 @@ class TestToken(OAuthTestCase):
auth_time=timezone.now(),
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": token.token,
@ -219,7 +223,9 @@ class TestToken(OAuthTestCase):
auth_time=timezone.now(),
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": token.token,
@ -269,7 +275,9 @@ class TestToken(OAuthTestCase):
)
# Create initial refresh token
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": token.token,
@ -283,7 +291,9 @@ class TestToken(OAuthTestCase):
# Post again with initial token -> get new refresh token
# and revoke old one
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": new_token.token,
@ -294,7 +304,9 @@ class TestToken(OAuthTestCase):
self.assertEqual(response.status_code, 200)
# Post again with old token, is now revoked and should error
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": new_token.token,

24
authentik/providers/oauth2/tests/test_token_cc.py
View file

@ -50,7 +50,9 @@ class TestTokenClientCredentials(OAuthTestCase):
def test_wrong_user(self):
"""test invalid username"""
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": SCOPE_OPENID,
@ -68,7 +70,9 @@ class TestTokenClientCredentials(OAuthTestCase):
def test_wrong_token(self):
"""test invalid token"""
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": SCOPE_OPENID,
@ -88,7 +92,9 @@ class TestTokenClientCredentials(OAuthTestCase):
self.app.provider = None
self.app.save()
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": SCOPE_OPENID,
@ -112,7 +118,9 @@ class TestTokenClientCredentials(OAuthTestCase):
order=0,
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": SCOPE_OPENID,
@ -130,7 +138,9 @@ class TestTokenClientCredentials(OAuthTestCase):
def test_successful(self):
"""test successful"""
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -163,7 +173,9 @@ class TestTokenClientCredentials(OAuthTestCase):
def test_successful_password(self):
"""test successful (password grant)"""
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_PASSWORD,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",

28
authentik/providers/oauth2/tests/test_token_cc_jwt_source.py
View file

@ -63,7 +63,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
def test_invalid_type(self):
"""test invalid type"""
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -79,7 +81,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
def test_invalid_jwt(self):
"""test invalid JWT"""
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -101,7 +105,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -123,7 +129,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -147,7 +155,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -175,7 +185,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -197,7 +209,9 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",

12
authentik/providers/oauth2/tests/test_token_device.py
View file

@ -33,7 +33,9 @@ class TestTokenDeviceCode(OAuthTestCase):
def test_code_no_code(self):
"""Test code without code"""
res = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
data={
"client_id": self.provider.client_id,
"grant_type": GRANT_TYPE_DEVICE_CODE,
@ -51,7 +53,9 @@ class TestTokenDeviceCode(OAuthTestCase):
device_code=generate_id(),
)
res = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
data={
"client_id": self.provider.client_id,
"grant_type": GRANT_TYPE_DEVICE_CODE,
@ -71,7 +75,9 @@ class TestTokenDeviceCode(OAuthTestCase):
user=self.user,
)
res = self.client.post(
reverse("authentik_providers_oauth2:token"),
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
data={
"client_id": self.provider.client_id,
"grant_type": GRANT_TYPE_DEVICE_CODE,

8
authentik/providers/oauth2/tests/test_userinfo.py
View file

@ -48,7 +48,9 @@ class TestUserinfo(OAuthTestCase):
def test_userinfo_normal(self):
"""test user info with all normal scopes"""
res = self.client.get(
reverse("authentik_providers_oauth2:userinfo"),
reverse(
"authentik_providers_oauth2:userinfo",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION=f"Bearer {self.token.token}",
)
self.assertJSONEqual(
@ -70,7 +72,9 @@ class TestUserinfo(OAuthTestCase):
self.provider.property_mappings.add(scope)
res = self.client.get(
reverse("authentik_providers_oauth2:userinfo"),
reverse(
"authentik_providers_oauth2:userinfo",
kwargs={"application_slug": self.app.slug}),
HTTP_AUTHORIZATION=f"Bearer {self.token.token}",
)
self.assertJSONEqual(

6
tests/e2e/test_provider_oauth2_grafana.py
View file

@ -50,9 +50,9 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
"GF_AUTH_GENERIC_OAUTH_CLIENT_ID": self.client_id,
"GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET": self.client_secret,
"GF_AUTH_GENERIC_OAUTH_SCOPES": "openid email profile",
"GF_AUTH_GENERIC_OAUTH_AUTH_URL": self.url("authentik_providers_oauth2:authorize"),
"GF_AUTH_GENERIC_OAUTH_TOKEN_URL": self.url("authentik_providers_oauth2:token"),
"GF_AUTH_GENERIC_OAUTH_API_URL": self.url("authentik_providers_oauth2:userinfo"),
"GF_AUTH_GENERIC_OAUTH_AUTH_URL": self.url("authentik_providers_oauth2:authorize", application_slug=self.app_slug),
"GF_AUTH_GENERIC_OAUTH_TOKEN_URL": self.url("authentik_providers_oauth2:token", application_slug=self.app_slug),
"GF_AUTH_GENERIC_OAUTH_API_URL": self.url("authentik_providers_oauth2:userinfo", application_slug=self.app_slug),
"GF_AUTH_SIGNOUT_REDIRECT_URL": self.url(
"authentik_providers_oauth2:end-session",
application_slug=self.app_slug,