From 7eed70cfe96fa8e3ac6b80d7cd33215fa31fe436 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 13 Dec 2020 18:42:07 +0100
Subject: [PATCH] policies/hibp: add invalid test case

---
 authentik/policies/hibp/models.py |  1 +
 authentik/policies/hibp/tests.py  | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/authentik/policies/hibp/models.py b/authentik/policies/hibp/models.py
index 916252629..8dec5a018 100644
--- a/authentik/policies/hibp/models.py
+++ b/authentik/policies/hibp/models.py
@@ -50,6 +50,7 @@ class HaveIBeenPwendPolicy(Policy):
                 field=self.password_field,
                 fields=request.context.keys(),
             )
+            return PolicyResult(False, _("Password not set in context"))
         password = request.context[self.password_field]
 
         pw_hash = sha1(password.encode("utf-8")).hexdigest()  # nosec
diff --git a/authentik/policies/hibp/tests.py b/authentik/policies/hibp/tests.py
index f74994711..a93076406 100644
--- a/authentik/policies/hibp/tests.py
+++ b/authentik/policies/hibp/tests.py
@@ -10,6 +10,16 @@ from authentik.providers.oauth2.generators import generate_client_secret
 class TestHIBPPolicy(TestCase):
     """Test HIBP Policy"""
 
+    def test_invalid(self):
+        """Test without password"""
+        policy = HaveIBeenPwendPolicy.objects.create(
+            name="test_invalid",
+        )
+        request = PolicyRequest(get_anonymous_user())
+        result: PolicyResult = policy.passes(request)
+        self.assertFalse(result.passing)
+        self.assertEqual(result.messages[0], "Password not set in context")
+
     def test_false(self):
         """Failing password case"""
         policy = HaveIBeenPwendPolicy.objects.create(