From 6916c59483d078917febb08111ad0112b68d46fd Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 30 Mar 2021 17:12:50 +0200 Subject: [PATCH] policies: fix test API not working, add tests Signed-off-by: Jens Langhammer --- authentik/policies/api/policies.py | 12 +++++------- authentik/policies/tests/test_api.py | 28 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 authentik/policies/tests/test_api.py diff --git a/authentik/policies/api/policies.py b/authentik/policies/api/policies.py index 39771027e..012fe262d 100644 --- a/authentik/policies/api/policies.py +++ b/authentik/policies/api/policies.py @@ -1,6 +1,5 @@ """policy API Views""" from django.core.cache import cache -from django.http.response import HttpResponseBadRequest from django.urls import reverse from drf_yasg.utils import no_body, swagger_auto_schema from guardian.shortcuts import get_objects_for_user @@ -127,8 +126,6 @@ class PolicyViewSet( @action(detail=False, methods=["POST"]) def cache_clear(self, request: Request) -> Response: """Clear policy cache""" - if not request.user.is_superuser: - return HttpResponseBadRequest() keys = cache.keys("policy_*") cache.delete_many(keys) LOGGER.debug("Cleared Policy cache", keys=len(keys)) @@ -143,16 +140,17 @@ class PolicyViewSet( responses={200: PolicyTestResultSerializer()}, ) @action(detail=True, methods=["POST"]) - def test(self, request: Request) -> Response: + # pylint: disable=unused-argument, invalid-name + def test(self, request: Request, pk: str) -> Response: """Test policy""" policy = self.get_object() - test_params = PolicyTestSerializer(request.data) + test_params = PolicyTestSerializer(data=request.data) if not test_params.is_valid(): return Response(test_params.errors, status=400) # User permission check, only allow policy testing for users that are readable users = get_objects_for_user(request.user, "authentik_core.view_user").filter( - pk=test_params["user"] + pk=test_params.validated_data["user"].pk ) if not users.exists(): raise PermissionDenied() @@ -165,4 +163,4 @@ class PolicyViewSet( proc = PolicyProcess(PolicyBinding(policy=policy), p_request, None) result = proc.execute() response = PolicyTestResultSerializer(result) - return Response(response) + return Response(response.data) diff --git a/authentik/policies/tests/test_api.py b/authentik/policies/tests/test_api.py new file mode 100644 index 000000000..8c3abc941 --- /dev/null +++ b/authentik/policies/tests/test_api.py @@ -0,0 +1,28 @@ +"""Test policies API""" +from django.urls import reverse +from rest_framework.test import APITestCase + +from authentik.core.models import User +from authentik.policies.dummy.models import DummyPolicy + + +class TestPoliciesAPI(APITestCase): + """Test policies API""" + + def setUp(self) -> None: + super().setUp() + self.policy = DummyPolicy.objects.create(name="dummy", result=True) + self.user = User.objects.get(username="akadmin") + self.client.force_login(self.user) + + def test_test_call(self): + """Test Policy's test endpoint""" + response = self.client.post( + reverse("authentik_api:policy-test", kwargs={"pk": self.policy.pk}), + data={ + "user": self.user.pk, + }, + ) + self.assertJSONEqual( + response.content.decode(), {"passing": True, "messages": ["dummy"]} + )