stages/password: fix failed_attempts_before_cancel allowing one too m… (#6763)

* stages/password: fix failed_attempts_before_cancel allowing one too many tries

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-09-05 21:58:11 +02:00 committed by GitHub
parent 15ac26edb8
commit 7cbce1bb3d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions

View file

@ -111,7 +111,7 @@ class PasswordStageView(ChallengeStageView):
current_stage: PasswordStage = self.executor.current_stage
if (
self.request.session[SESSION_KEY_INVALID_TRIES]
> current_stage.failed_attempts_before_cancel
>= current_stage.failed_attempts_before_cancel
):
self.logger.debug("User has exceeded maximum tries")
del self.request.session[SESSION_KEY_INVALID_TRIES]

View file

@ -108,7 +108,7 @@ class TestPasswordStage(FlowTestCase):
session[SESSION_KEY_PLAN] = plan
session.save()
for _ in range(self.stage.failed_attempts_before_cancel):
for _ in range(self.stage.failed_attempts_before_cancel - 1):
response = self.client.post(
reverse(
"authentik_api:flow-executor",
@ -118,6 +118,11 @@ class TestPasswordStage(FlowTestCase):
{"password": self.user.username + "test"},
)
self.assertEqual(response.status_code, 200)
self.assertStageResponse(
response,
flow=self.flow,
response_errors={"password": [{"string": "Invalid password", "code": "invalid"}]},
)
response = self.client.post(
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
@ -127,6 +132,7 @@ class TestPasswordStage(FlowTestCase):
self.assertEqual(response.status_code, 200)
# To ensure the plan has been cancelled, check SESSION_KEY_PLAN
self.assertNotIn(SESSION_KEY_PLAN, self.client.session)
self.assertStageResponse(response, flow=self.flow, error_message="Unknown error")
@patch(
"authentik.flows.views.executor.to_stage_response",