From 02b51522a82d30c49c13b59fd063896cf722fbf6 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Thu, 11 Jan 2024 20:20:40 +0100 Subject: [PATCH] add tests for recovery api Signed-off-by: Marc 'risson' Schmitt --- authentik/tenants/tests/test_recovery.py | 88 ++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 authentik/tenants/tests/test_recovery.py diff --git a/authentik/tenants/tests/test_recovery.py b/authentik/tenants/tests/test_recovery.py new file mode 100644 index 000000000..3570e9d48 --- /dev/null +++ b/authentik/tenants/tests/test_recovery.py @@ -0,0 +1,88 @@ +"""Test Tenant Recovery API""" +from json import loads + +from django.urls import reverse +from django_tenants.utils import get_public_schema_name + +from authentik.core.models import Token, TokenIntents, User +from authentik.lib.config import CONFIG +from authentik.lib.generators import generate_id +from authentik.tenants.models import Tenant +from authentik.tenants.tests.utils import TenantAPITestCase + +TENANTS_API_KEY = generate_id() +HEADERS = {"Authorization": f"Bearer {TENANTS_API_KEY}"} + + +class TestAPI(TenantAPITestCase): + """Test api view""" + + def setUp(self): + super().setUp() + self.tenant = Tenant.objects.get(schema_name=get_public_schema_name()) + self.user: User = User.objects.create_user(username="recovery-test-user") + + @CONFIG.patch("outposts.disable_embedded_outpost", True) + @CONFIG.patch("tenants.enabled", True) + @CONFIG.patch("tenants.api_key", TENANTS_API_KEY) + def test_recovery_admin_group(self): + """Test creation of admin group""" + response = self.client.post( + reverse( + "authentik_api:tenant-create-admin-group", + args=[self.tenant.tenant_uuid], + ), + data={"user": self.user.username}, + headers=HEADERS, + ) + self.assertEqual(response.status_code, 200) + self.assertTrue(self.user.is_superuser) + + @CONFIG.patch("outposts.disable_embedded_outpost", True) + @CONFIG.patch("tenants.enabled", True) + @CONFIG.patch("tenants.api_key", TENANTS_API_KEY) + def test_recovery_admin_group_invalid(self): + """Test invalid creation of admin group""" + response = self.client.post( + reverse( + "authentik_api:tenant-create-admin-group", + args=[self.tenant.tenant_uuid], + ), + data={"user": "invalid"}, + headers=HEADERS, + ) + self.assertEqual(response.status_code, 404) + + @CONFIG.patch("outposts.disable_embedded_outpost", True) + @CONFIG.patch("tenants.enabled", True) + @CONFIG.patch("tenants.api_key", TENANTS_API_KEY) + def test_create_key(self): + """Test creation of a new key""" + response = self.client.post( + reverse( + "authentik_api:tenant-create-recovery-key", + args=[self.tenant.tenant_uuid], + ), + data={"user": self.user.username, "duration_days": 365}, + headers=HEADERS, + ) + self.assertEqual(response.status_code, 200) + body = loads(response.content.decode()) + token = Token.objects.get(intent=TokenIntents.INTENT_RECOVERY, user=self.user) + self.assertIn(token.key, body["url"]) + self.assertEqual(len(Token.objects.all()), 1) + + @CONFIG.patch("outposts.disable_embedded_outpost", True) + @CONFIG.patch("tenants.enabled", True) + @CONFIG.patch("tenants.api_key", TENANTS_API_KEY) + def test_create_key_invalid(self): + """Test creation of a new key (invalid)""" + response = self.client.post( + reverse( + "authentik_api:tenant-create-recovery-key", + args=[self.tenant.tenant_uuid], + ), + data={"user": "invalid", "duration_days": 365}, + headers=HEADERS, + ) + self.assertEqual(response.status_code, 404)