stages/password: fix failed_attempts_before_cancel allowing one too m… (#6763)

* stages/password: fix failed_attempts_before_cancel allowing one too many tries

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-09-05 21:58:11 +02:00 committed by Jens Langhammer
parent 7e9e2ec53d
commit aa209efa90
No known key found for this signature in database
2 changed files with 8 additions and 2 deletions

View File

@ -111,7 +111,7 @@ class PasswordStageView(ChallengeStageView):
current_stage: PasswordStage = self.executor.current_stage current_stage: PasswordStage = self.executor.current_stage
if ( if (
self.request.session[SESSION_KEY_INVALID_TRIES] self.request.session[SESSION_KEY_INVALID_TRIES]
> current_stage.failed_attempts_before_cancel >= current_stage.failed_attempts_before_cancel
): ):
self.logger.debug("User has exceeded maximum tries") self.logger.debug("User has exceeded maximum tries")
del self.request.session[SESSION_KEY_INVALID_TRIES] del self.request.session[SESSION_KEY_INVALID_TRIES]

View File

@ -108,7 +108,7 @@ class TestPasswordStage(FlowTestCase):
session[SESSION_KEY_PLAN] = plan session[SESSION_KEY_PLAN] = plan
session.save() session.save()
for _ in range(self.stage.failed_attempts_before_cancel): for _ in range(self.stage.failed_attempts_before_cancel - 1):
response = self.client.post( response = self.client.post(
reverse( reverse(
"authentik_api:flow-executor", "authentik_api:flow-executor",
@ -118,6 +118,11 @@ class TestPasswordStage(FlowTestCase):
{"password": self.user.username + "test"}, {"password": self.user.username + "test"},
) )
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertStageResponse(
response,
flow=self.flow,
response_errors={"password": [{"string": "Invalid password", "code": "invalid"}]},
)
response = self.client.post( response = self.client.post(
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}), reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
@ -127,6 +132,7 @@ class TestPasswordStage(FlowTestCase):
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
# To ensure the plan has been cancelled, check SESSION_KEY_PLAN # To ensure the plan has been cancelled, check SESSION_KEY_PLAN
self.assertNotIn(SESSION_KEY_PLAN, self.client.session) self.assertNotIn(SESSION_KEY_PLAN, self.client.session)
self.assertStageResponse(response, flow=self.flow, error_message="Unknown error")
@patch( @patch(
"authentik.flows.views.executor.to_stage_response", "authentik.flows.views.executor.to_stage_response",