From aa209efa904236402fa30a766d27ee67cb59fd43 Mon Sep 17 00:00:00 2001 From: Jens L Date: Tue, 5 Sep 2023 21:58:11 +0200 Subject: [PATCH] =?UTF-8?q?stages/password:=20fix=20failed=5Fattempts=5Fbe?= =?UTF-8?q?fore=5Fcancel=20allowing=20one=20too=20m=E2=80=A6=20(#6763)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * stages/password: fix failed_attempts_before_cancel allowing one too many tries Signed-off-by: Jens Langhammer * fix tests Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- authentik/stages/password/stage.py | 2 +- authentik/stages/password/tests.py | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/authentik/stages/password/stage.py b/authentik/stages/password/stage.py index 9b87a6691..bdf3650bf 100644 --- a/authentik/stages/password/stage.py +++ b/authentik/stages/password/stage.py @@ -111,7 +111,7 @@ class PasswordStageView(ChallengeStageView): current_stage: PasswordStage = self.executor.current_stage if ( self.request.session[SESSION_KEY_INVALID_TRIES] - > current_stage.failed_attempts_before_cancel + >= current_stage.failed_attempts_before_cancel ): self.logger.debug("User has exceeded maximum tries") del self.request.session[SESSION_KEY_INVALID_TRIES] diff --git a/authentik/stages/password/tests.py b/authentik/stages/password/tests.py index 33abe5961..4d8b9a38f 100644 --- a/authentik/stages/password/tests.py +++ b/authentik/stages/password/tests.py @@ -108,7 +108,7 @@ class TestPasswordStage(FlowTestCase): session[SESSION_KEY_PLAN] = plan session.save() - for _ in range(self.stage.failed_attempts_before_cancel): + for _ in range(self.stage.failed_attempts_before_cancel - 1): response = self.client.post( reverse( "authentik_api:flow-executor", @@ -118,6 +118,11 @@ class TestPasswordStage(FlowTestCase): {"password": self.user.username + "test"}, ) self.assertEqual(response.status_code, 200) + self.assertStageResponse( + response, + flow=self.flow, + response_errors={"password": [{"string": "Invalid password", "code": "invalid"}]}, + ) response = self.client.post( reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}), @@ -127,6 +132,7 @@ class TestPasswordStage(FlowTestCase): self.assertEqual(response.status_code, 200) # To ensure the plan has been cancelled, check SESSION_KEY_PLAN self.assertNotIn(SESSION_KEY_PLAN, self.client.session) + self.assertStageResponse(response, flow=self.flow, error_message="Unknown error") @patch( "authentik.flows.views.executor.to_stage_response",