trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

lint

Browse source
This commit is contained in:
Stanislav Dimov 2024-01-16 02:01:23 +00:00
parent 9faa899846
commit 8178b6e97d
No known key found for this signature in database
GPG key ID: 52C3CE2B376F25D2
11 changed files with 78 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
authentik/providers/oauth2/tests/test_authorize.py
View file

@ -297,9 +297,7 @@ class TestAuthorize(OAuthTestCase):
self.client.force_login(user)
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
reverse("authentik_providers_oauth2:authorize", kwargs={"application_slug": app.slug}),
data={
"response_type": "code",
"client_id": "test",
@ -362,8 +360,8 @@ class TestAuthorize(OAuthTestCase):
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
"authentik_providers_oauth2:authorize", kwargs={"application_slug": app.slug}
),
data={
"response_type": "id_token",
"client_id": "test",
@ -426,8 +424,8 @@ class TestAuthorize(OAuthTestCase):
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
"authentik_providers_oauth2:authorize", kwargs={"application_slug": app.slug}
),
data={
"response_type": "code",
"response_mode": "fragment",
@ -482,9 +480,7 @@ class TestAuthorize(OAuthTestCase):
self.client.force_login(user)
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
reverse("authentik_providers_oauth2:authorize", kwargs={"application_slug": app.slug}),
data={
"response_type": "id_token",
"response_mode": "form_post",
@ -534,9 +530,7 @@ class TestAuthorize(OAuthTestCase):
self.client.force_login(user)
# Step 1, initiate params and get redirect to flow
self.client.get(
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": app.slug}),
reverse("authentik_providers_oauth2:authorize", kwargs={"application_slug": app.slug}),
data={
"response_type": "code",
"response_mode": "form_post",

12
authentik/providers/oauth2/tests/test_device_backchannel.py
View file

@ -30,7 +30,8 @@ class TesOAuth2DeviceBackchannel(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:device",
kwargs={"application_slug": self.application.slug}),
kwargs={"application_slug": self.application.slug},
),
data={
"client_id": "foo",
},
@ -39,7 +40,8 @@ class TesOAuth2DeviceBackchannel(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:device",
kwargs={"application_slug": self.application.slug}),
kwargs={"application_slug": self.application.slug},
),
)
self.assertEqual(res.status_code, 400)
# test without application
@ -48,7 +50,8 @@ class TesOAuth2DeviceBackchannel(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:device",
kwargs={"application_slug": self.application.slug}),
kwargs={"application_slug": self.application.slug},
),
data={
"client_id": "test",
},
@ -60,7 +63,8 @@ class TesOAuth2DeviceBackchannel(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:device",
kwargs={"application_slug": self.application.slug}),
kwargs={"application_slug": self.application.slug},
),
data={
"client_id": self.provider.client_id,
},

12
authentik/providers/oauth2/tests/test_introspect.py
View file

@ -51,7 +51,8 @@ class TesOAuth2Introspection(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:token-introspection",
kwargs={"application_slug": self.app.slug}),
kwargs={"application_slug": self.app.slug},
),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={"token": token.token},
)
@ -85,7 +86,8 @@ class TesOAuth2Introspection(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:token-introspection",
kwargs={"application_slug": self.app.slug}),
kwargs={"application_slug": self.app.slug},
),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={"token": token.token},
)
@ -107,7 +109,8 @@ class TesOAuth2Introspection(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:token-introspection",
kwargs={"application_slug": self.app.slug}),
kwargs={"application_slug": self.app.slug},
),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={"token": generate_id(), "token_type_hint": "refresh_token"},
)
@ -124,7 +127,8 @@ class TesOAuth2Introspection(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:token-introspection",
kwargs={"application_slug": self.app.slug}),
kwargs={"application_slug": self.app.slug},
),
HTTP_AUTHORIZATION="Basic qwerqrwe",
data={"token": generate_id(), "token_type_hint": "refresh_token"},
)

12
authentik/providers/oauth2/tests/test_revoke.py
View file

@ -50,7 +50,8 @@ class TesOAuth2Revoke(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:token-revoke",
kwargs={"application_slug": self.app.slug}),
kwargs={"application_slug": self.app.slug},
),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={
"token": token.token,
@ -75,7 +76,8 @@ class TesOAuth2Revoke(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:token-revoke",
kwargs={"application_slug": self.app.slug}),
kwargs={"application_slug": self.app.slug},
),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={
"token": token.token,
@ -88,7 +90,8 @@ class TesOAuth2Revoke(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:token-revoke",
kwargs={"application_slug": self.app.slug}),
kwargs={"application_slug": self.app.slug},
),
HTTP_AUTHORIZATION=f"Basic {self.auth}",
data={
"token": generate_id(),
@ -101,7 +104,8 @@ class TesOAuth2Revoke(OAuthTestCase):
res = self.client.post(
reverse(
"authentik_providers_oauth2:token-revoke",
kwargs={"application_slug": self.app.slug}),
kwargs={"application_slug": self.app.slug},
),
HTTP_AUTHORIZATION="Basic fqewr",
data={
"token": generate_id(),

24
authentik/providers/oauth2/tests/test_token.py
View file

@ -129,9 +129,7 @@ class TestToken(OAuthTestCase):
code="foobar", provider=provider, user=user, auth_time=timezone.now()
)
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_AUTHORIZATION_CODE,
"code": code.code,
@ -186,9 +184,7 @@ class TestToken(OAuthTestCase):
_scope="offline_access",
)
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": token.token,
@ -247,9 +243,7 @@ class TestToken(OAuthTestCase):
_scope="offline_access",
)
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": token.token,
@ -311,9 +305,7 @@ class TestToken(OAuthTestCase):
)
# Create initial refresh token
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": token.token,
@ -327,9 +319,7 @@ class TestToken(OAuthTestCase):
# Post again with initial token -> get new refresh token
# and revoke old one
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": new_token.token,
@ -340,9 +330,7 @@ class TestToken(OAuthTestCase):
self.assertEqual(response.status_code, 200)
# Post again with old token, is now revoked and should error
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
data={
"grant_type": GRANT_TYPE_REFRESH_TOKEN,
"refresh_token": new_token.token,

24
authentik/providers/oauth2/tests/test_token_cc.py
View file

@ -50,9 +50,7 @@ class TestTokenClientCredentials(OAuthTestCase):
def test_wrong_user(self):
"""test invalid username"""
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": SCOPE_OPENID,
@ -70,9 +68,7 @@ class TestTokenClientCredentials(OAuthTestCase):
def test_wrong_token(self):
"""test invalid token"""
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": SCOPE_OPENID,
@ -92,9 +88,7 @@ class TestTokenClientCredentials(OAuthTestCase):
self.app.provider = None
self.app.save()
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": SCOPE_OPENID,
@ -118,9 +112,7 @@ class TestTokenClientCredentials(OAuthTestCase):
order=0,
)
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": SCOPE_OPENID,
@ -138,9 +130,7 @@ class TestTokenClientCredentials(OAuthTestCase):
def test_successful(self):
"""test successful"""
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -173,9 +163,7 @@ class TestTokenClientCredentials(OAuthTestCase):
def test_successful_password(self):
"""test successful (password grant)"""
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_PASSWORD,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",

28
authentik/providers/oauth2/tests/test_token_cc_jwt_source.py
View file

@ -63,9 +63,7 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
def test_invalid_type(self):
"""test invalid type"""
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -81,9 +79,7 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
def test_invalid_jwt(self):
"""test invalid JWT"""
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -105,9 +101,7 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -129,9 +123,7 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -155,9 +147,7 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -185,9 +175,7 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",
@ -209,9 +197,7 @@ class TestTokenClientCredentialsJWTSource(OAuthTestCase):
}
)
response = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
{
"grant_type": GRANT_TYPE_CLIENT_CREDENTIALS,
"scope": f"{SCOPE_OPENID} {SCOPE_OPENID_EMAIL} {SCOPE_OPENID_PROFILE}",

12
authentik/providers/oauth2/tests/test_token_device.py
View file

@ -33,9 +33,7 @@ class TestTokenDeviceCode(OAuthTestCase):
def test_code_no_code(self):
"""Test code without code"""
res = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
data={
"client_id": self.provider.client_id,
"grant_type": GRANT_TYPE_DEVICE_CODE,
@ -53,9 +51,7 @@ class TestTokenDeviceCode(OAuthTestCase):
device_code=generate_id(),
)
res = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
data={
"client_id": self.provider.client_id,
"grant_type": GRANT_TYPE_DEVICE_CODE,
@ -75,9 +71,7 @@ class TestTokenDeviceCode(OAuthTestCase):
user=self.user,
)
res = self.client.post(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": self.app.slug}),
reverse("authentik_providers_oauth2:token", kwargs={"application_slug": self.app.slug}),
data={
"client_id": self.provider.client_id,
"grant_type": GRANT_TYPE_DEVICE_CODE,

8
authentik/providers/oauth2/tests/test_userinfo.py
View file

@ -49,8 +49,8 @@ class TestUserinfo(OAuthTestCase):
"""test user info with all normal scopes"""
res = self.client.get(
reverse(
"authentik_providers_oauth2:userinfo",
kwargs={"application_slug": self.app.slug}),
"authentik_providers_oauth2:userinfo", kwargs={"application_slug": self.app.slug}
),
HTTP_AUTHORIZATION=f"Bearer {self.token.token}",
)
self.assertJSONEqual(
@ -73,8 +73,8 @@ class TestUserinfo(OAuthTestCase):
res = self.client.get(
reverse(
"authentik_providers_oauth2:userinfo",
kwargs={"application_slug": self.app.slug}),
"authentik_providers_oauth2:userinfo", kwargs={"application_slug": self.app.slug}
),
HTTP_AUTHORIZATION=f"Bearer {self.token.token}",
)
self.assertJSONEqual(

18
authentik/providers/oauth2/views/provider.py
View file

@ -50,17 +50,20 @@ class ProviderInfoView(View):
"authorization_endpoint": self.request.build_absolute_uri(
reverse(
"authentik_providers_oauth2:authorize",
kwargs={"application_slug": provider.application.slug})
kwargs={"application_slug": provider.application.slug},
)
),
"token_endpoint": self.request.build_absolute_uri(
reverse(
"authentik_providers_oauth2:token",
kwargs={"application_slug": provider.application.slug})
kwargs={"application_slug": provider.application.slug},
)
),
"userinfo_endpoint": self.request.build_absolute_uri(
reverse(
"authentik_providers_oauth2:userinfo",
kwargs={"application_slug": provider.application.slug})
kwargs={"application_slug": provider.application.slug},
)
),
"end_session_endpoint": self.request.build_absolute_uri(
reverse(
@ -71,17 +74,20 @@ class ProviderInfoView(View):
"introspection_endpoint": self.request.build_absolute_uri(
reverse(
"authentik_providers_oauth2:token-introspection",
kwargs={"application_slug": provider.application.slug})
kwargs={"application_slug": provider.application.slug},
)
),
"revocation_endpoint": self.request.build_absolute_uri(
reverse(
"authentik_providers_oauth2:token-revoke",
kwargs={"application_slug": provider.application.slug})
kwargs={"application_slug": provider.application.slug},
)
),
"device_authorization_endpoint": self.request.build_absolute_uri(
reverse(
"authentik_providers_oauth2:device",
kwargs={"application_slug": provider.application.slug})
kwargs={"application_slug": provider.application.slug},
)
),
"response_types_supported": [
ResponseTypes.CODE,

12
tests/e2e/test_provider_oauth2_grafana.py
View file

@ -50,9 +50,15 @@ class TestProviderOAuth2OAuth(SeleniumTestCase):
"GF_AUTH_GENERIC_OAUTH_CLIENT_ID": self.client_id,
"GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET": self.client_secret,
"GF_AUTH_GENERIC_OAUTH_SCOPES": "openid email profile",
"GF_AUTH_GENERIC_OAUTH_AUTH_URL": self.url("authentik_providers_oauth2:authorize", application_slug=self.app_slug),
"GF_AUTH_GENERIC_OAUTH_TOKEN_URL": self.url("authentik_providers_oauth2:token", application_slug=self.app_slug),
"GF_AUTH_GENERIC_OAUTH_API_URL": self.url("authentik_providers_oauth2:userinfo", application_slug=self.app_slug),
"GF_AUTH_GENERIC_OAUTH_AUTH_URL": self.url(
"authentik_providers_oauth2:authorize", application_slug=self.app_slug
),
"GF_AUTH_GENERIC_OAUTH_TOKEN_URL": self.url(
"authentik_providers_oauth2:token", application_slug=self.app_slug
),
"GF_AUTH_GENERIC_OAUTH_API_URL": self.url(
"authentik_providers_oauth2:userinfo", application_slug=self.app_slug
),
"GF_AUTH_SIGNOUT_REDIRECT_URL": self.url(
"authentik_providers_oauth2:end-session",
application_slug=self.app_slug,