*: don't return values in test suites
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
8599eba863
commit
1a39754fe9
|
@ -202,10 +202,10 @@ class ResponseProcessor:
|
||||||
"""Get all attributes sent"""
|
"""Get all attributes sent"""
|
||||||
attributes = {}
|
attributes = {}
|
||||||
assertion = self._root.find(f"{{{NS_SAML_ASSERTION}}}Assertion")
|
assertion = self._root.find(f"{{{NS_SAML_ASSERTION}}}Assertion")
|
||||||
if not assertion:
|
if assertion is None:
|
||||||
raise ValueError("Assertion element not found")
|
raise ValueError("Assertion element not found")
|
||||||
attribute_statement = assertion.find(f"{{{NS_SAML_ASSERTION}}}AttributeStatement")
|
attribute_statement = assertion.find(f"{{{NS_SAML_ASSERTION}}}AttributeStatement")
|
||||||
if not attribute_statement:
|
if attribute_statement is None:
|
||||||
raise ValueError("Attribute statement element not found")
|
raise ValueError("Attribute statement element not found")
|
||||||
# Get all attributes and their values into a dict
|
# Get all attributes and their values into a dict
|
||||||
for attribute in attribute_statement.iterchildren():
|
for attribute in attribute_statement.iterchildren():
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
"""Test validator stage"""
|
"""Test validator stage"""
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
from hashlib import sha256
|
from hashlib import sha256
|
||||||
from http.cookies import SimpleCookie
|
|
||||||
from time import sleep
|
from time import sleep
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
@ -76,7 +75,7 @@ class AuthenticatorValidateStageTOTPTests(FlowTestCase):
|
||||||
component="ak-stage-authenticator-validate",
|
component="ak-stage-authenticator-validate",
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_last_auth_threshold_valid(self) -> SimpleCookie:
|
def test_last_auth_threshold_valid(self):
|
||||||
"""Test last_auth_threshold"""
|
"""Test last_auth_threshold"""
|
||||||
ident_stage = IdentificationStage.objects.create(
|
ident_stage = IdentificationStage.objects.create(
|
||||||
name=generate_id(),
|
name=generate_id(),
|
||||||
|
@ -115,12 +114,47 @@ class AuthenticatorValidateStageTOTPTests(FlowTestCase):
|
||||||
)
|
)
|
||||||
self.assertIn(COOKIE_NAME_MFA, response.cookies)
|
self.assertIn(COOKIE_NAME_MFA, response.cookies)
|
||||||
self.assertStageResponse(response, component="xak-flow-redirect", to="/")
|
self.assertStageResponse(response, component="xak-flow-redirect", to="/")
|
||||||
return response.cookies
|
|
||||||
|
|
||||||
def test_last_auth_skip(self):
|
def test_last_auth_skip(self):
|
||||||
"""Test valid cookie"""
|
"""Test valid cookie"""
|
||||||
cookies = self.test_last_auth_threshold_valid()
|
ident_stage = IdentificationStage.objects.create(
|
||||||
mfa_cookie = cookies[COOKIE_NAME_MFA]
|
name=generate_id(),
|
||||||
|
user_fields=[
|
||||||
|
UserFields.USERNAME,
|
||||||
|
],
|
||||||
|
)
|
||||||
|
device: TOTPDevice = TOTPDevice.objects.create(
|
||||||
|
user=self.user,
|
||||||
|
confirmed=True,
|
||||||
|
)
|
||||||
|
stage = AuthenticatorValidateStage.objects.create(
|
||||||
|
name=generate_id(),
|
||||||
|
last_auth_threshold="hours=1",
|
||||||
|
not_configured_action=NotConfiguredAction.CONFIGURE,
|
||||||
|
device_classes=[DeviceClasses.TOTP],
|
||||||
|
)
|
||||||
|
stage.configuration_stages.set([ident_stage])
|
||||||
|
FlowStageBinding.objects.create(target=self.flow, stage=ident_stage, order=0)
|
||||||
|
FlowStageBinding.objects.create(target=self.flow, stage=stage, order=1)
|
||||||
|
|
||||||
|
response = self.client.post(
|
||||||
|
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
|
||||||
|
{"uid_field": self.user.username},
|
||||||
|
)
|
||||||
|
self.assertEqual(response.status_code, 302)
|
||||||
|
response = self.client.get(
|
||||||
|
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
|
||||||
|
)
|
||||||
|
# Verify token once here to set last_t etc
|
||||||
|
totp = TOTP(device.bin_key)
|
||||||
|
sleep(1)
|
||||||
|
response = self.client.post(
|
||||||
|
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
|
||||||
|
{"code": str(totp.token())},
|
||||||
|
)
|
||||||
|
self.assertIn(COOKIE_NAME_MFA, response.cookies)
|
||||||
|
self.assertStageResponse(response, component="xak-flow-redirect", to="/")
|
||||||
|
mfa_cookie = response.cookies[COOKIE_NAME_MFA]
|
||||||
self.client.logout()
|
self.client.logout()
|
||||||
self.client.cookies[COOKIE_NAME_MFA] = mfa_cookie
|
self.client.cookies[COOKIE_NAME_MFA] = mfa_cookie
|
||||||
response = self.client.post(
|
response = self.client.post(
|
||||||
|
|
|
@ -137,7 +137,7 @@ class TestPromptStage(FlowTestCase):
|
||||||
self.assertIn(prompt.label, response.content.decode())
|
self.assertIn(prompt.label, response.content.decode())
|
||||||
self.assertIn(prompt.placeholder, response.content.decode())
|
self.assertIn(prompt.placeholder, response.content.decode())
|
||||||
|
|
||||||
def test_valid_challenge_with_policy(self) -> PromptChallengeResponse:
|
def test_valid_challenge_with_policy(self):
|
||||||
"""Test challenge_response validation"""
|
"""Test challenge_response validation"""
|
||||||
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
|
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
|
||||||
expr = (
|
expr = (
|
||||||
|
@ -151,9 +151,8 @@ class TestPromptStage(FlowTestCase):
|
||||||
None, stage=self.stage, plan=plan, data=self.prompt_data
|
None, stage=self.stage, plan=plan, data=self.prompt_data
|
||||||
)
|
)
|
||||||
self.assertEqual(challenge_response.is_valid(), True)
|
self.assertEqual(challenge_response.is_valid(), True)
|
||||||
return challenge_response
|
|
||||||
|
|
||||||
def test_invalid_challenge(self) -> PromptChallengeResponse:
|
def test_invalid_challenge(self):
|
||||||
"""Test challenge_response validation"""
|
"""Test challenge_response validation"""
|
||||||
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
|
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
|
||||||
expr = "False"
|
expr = "False"
|
||||||
|
@ -164,7 +163,6 @@ class TestPromptStage(FlowTestCase):
|
||||||
None, stage=self.stage, plan=plan, data=self.prompt_data
|
None, stage=self.stage, plan=plan, data=self.prompt_data
|
||||||
)
|
)
|
||||||
self.assertEqual(challenge_response.is_valid(), False)
|
self.assertEqual(challenge_response.is_valid(), False)
|
||||||
return challenge_response
|
|
||||||
|
|
||||||
def test_valid_challenge_request(self):
|
def test_valid_challenge_request(self):
|
||||||
"""Test a request with valid challenge_response data"""
|
"""Test a request with valid challenge_response data"""
|
||||||
|
@ -173,7 +171,18 @@ class TestPromptStage(FlowTestCase):
|
||||||
session[SESSION_KEY_PLAN] = plan
|
session[SESSION_KEY_PLAN] = plan
|
||||||
session.save()
|
session.save()
|
||||||
|
|
||||||
challenge_response = self.test_valid_challenge_with_policy()
|
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
|
||||||
|
expr = (
|
||||||
|
"return request.context['prompt_data']['password_prompt'] "
|
||||||
|
"== request.context['prompt_data']['password2_prompt']"
|
||||||
|
)
|
||||||
|
expr_policy = ExpressionPolicy.objects.create(name="validate-form", expression=expr)
|
||||||
|
self.stage.validation_policies.set([expr_policy])
|
||||||
|
self.stage.save()
|
||||||
|
challenge_response = PromptChallengeResponse(
|
||||||
|
None, stage=self.stage, plan=plan, data=self.prompt_data
|
||||||
|
)
|
||||||
|
self.assertEqual(challenge_response.is_valid(), True)
|
||||||
|
|
||||||
with patch("authentik.flows.views.executor.FlowExecutorView.cancel", MagicMock()):
|
with patch("authentik.flows.views.executor.FlowExecutorView.cancel", MagicMock()):
|
||||||
response = self.client.post(
|
response = self.client.post(
|
||||||
|
|
Reference in a new issue