providers/saml: fix metadata being inaccessible without authentication
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
d70b81fe43
commit
f875149983
|
@ -2,7 +2,8 @@
|
||||||
from xml.etree.ElementTree import ParseError # nosec
|
from xml.etree.ElementTree import ParseError # nosec
|
||||||
|
|
||||||
from defusedxml.ElementTree import fromstring
|
from defusedxml.ElementTree import fromstring
|
||||||
from django.http.response import HttpResponse
|
from django.http.response import Http404, HttpResponse
|
||||||
|
from django.shortcuts import get_object_or_404
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from drf_spectacular.types import OpenApiTypes
|
from drf_spectacular.types import OpenApiTypes
|
||||||
|
@ -114,7 +115,11 @@ class SAMLProviderViewSet(UsedByMixin, ModelViewSet):
|
||||||
# pylint: disable=invalid-name, unused-argument
|
# pylint: disable=invalid-name, unused-argument
|
||||||
def metadata(self, request: Request, pk: int) -> Response:
|
def metadata(self, request: Request, pk: int) -> Response:
|
||||||
"""Return metadata as XML string"""
|
"""Return metadata as XML string"""
|
||||||
provider = self.get_object()
|
# We don't use self.get_object() on purpose as this view is un-authenticated
|
||||||
|
try:
|
||||||
|
provider = get_object_or_404(SAMLProvider, pk=pk)
|
||||||
|
except ValueError:
|
||||||
|
raise Http404
|
||||||
try:
|
try:
|
||||||
metadata = MetadataProcessor(provider, request).build_entity_descriptor()
|
metadata = MetadataProcessor(provider, request).build_entity_descriptor()
|
||||||
if "download" in request._request.GET:
|
if "download" in request._request.GET:
|
||||||
|
|
|
@ -20,6 +20,7 @@ class TestSAMLProviderAPI(APITestCase):
|
||||||
|
|
||||||
def test_metadata(self):
|
def test_metadata(self):
|
||||||
"""Test metadata export (normal)"""
|
"""Test metadata export (normal)"""
|
||||||
|
self.client.logout()
|
||||||
provider = SAMLProvider.objects.create(
|
provider = SAMLProvider.objects.create(
|
||||||
name="test",
|
name="test",
|
||||||
authorization_flow=Flow.objects.get(
|
authorization_flow=Flow.objects.get(
|
||||||
|
@ -34,6 +35,7 @@ class TestSAMLProviderAPI(APITestCase):
|
||||||
|
|
||||||
def test_metadata_download(self):
|
def test_metadata_download(self):
|
||||||
"""Test metadata export (download)"""
|
"""Test metadata export (download)"""
|
||||||
|
self.client.logout()
|
||||||
provider = SAMLProvider.objects.create(
|
provider = SAMLProvider.objects.create(
|
||||||
name="test",
|
name="test",
|
||||||
authorization_flow=Flow.objects.get(
|
authorization_flow=Flow.objects.get(
|
||||||
|
@ -50,6 +52,7 @@ class TestSAMLProviderAPI(APITestCase):
|
||||||
|
|
||||||
def test_metadata_invalid(self):
|
def test_metadata_invalid(self):
|
||||||
"""Test metadata export (invalid)"""
|
"""Test metadata export (invalid)"""
|
||||||
|
self.client.logout()
|
||||||
# Provider without application
|
# Provider without application
|
||||||
provider = SAMLProvider.objects.create(
|
provider = SAMLProvider.objects.create(
|
||||||
name="test",
|
name="test",
|
||||||
|
@ -61,6 +64,10 @@ class TestSAMLProviderAPI(APITestCase):
|
||||||
reverse("authentik_api:samlprovider-metadata", kwargs={"pk": provider.pk}),
|
reverse("authentik_api:samlprovider-metadata", kwargs={"pk": provider.pk}),
|
||||||
)
|
)
|
||||||
self.assertEqual(200, response.status_code)
|
self.assertEqual(200, response.status_code)
|
||||||
|
response = self.client.get(
|
||||||
|
reverse("authentik_api:samlprovider-metadata", kwargs={"pk": "abc"}),
|
||||||
|
)
|
||||||
|
self.assertEqual(404, response.status_code)
|
||||||
|
|
||||||
def test_import_success(self):
|
def test_import_success(self):
|
||||||
"""Test metadata import (success case)"""
|
"""Test metadata import (success case)"""
|
||||||
|
|
Reference in a new issue