stages/password: fix failed_attempts_before_cancel allowing one too m… (#6763)
* stages/password: fix failed_attempts_before_cancel allowing one too many tries Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
7e9e2ec53d
commit
aa209efa90
|
@ -111,7 +111,7 @@ class PasswordStageView(ChallengeStageView):
|
||||||
current_stage: PasswordStage = self.executor.current_stage
|
current_stage: PasswordStage = self.executor.current_stage
|
||||||
if (
|
if (
|
||||||
self.request.session[SESSION_KEY_INVALID_TRIES]
|
self.request.session[SESSION_KEY_INVALID_TRIES]
|
||||||
> current_stage.failed_attempts_before_cancel
|
>= current_stage.failed_attempts_before_cancel
|
||||||
):
|
):
|
||||||
self.logger.debug("User has exceeded maximum tries")
|
self.logger.debug("User has exceeded maximum tries")
|
||||||
del self.request.session[SESSION_KEY_INVALID_TRIES]
|
del self.request.session[SESSION_KEY_INVALID_TRIES]
|
||||||
|
|
|
@ -108,7 +108,7 @@ class TestPasswordStage(FlowTestCase):
|
||||||
session[SESSION_KEY_PLAN] = plan
|
session[SESSION_KEY_PLAN] = plan
|
||||||
session.save()
|
session.save()
|
||||||
|
|
||||||
for _ in range(self.stage.failed_attempts_before_cancel):
|
for _ in range(self.stage.failed_attempts_before_cancel - 1):
|
||||||
response = self.client.post(
|
response = self.client.post(
|
||||||
reverse(
|
reverse(
|
||||||
"authentik_api:flow-executor",
|
"authentik_api:flow-executor",
|
||||||
|
@ -118,6 +118,11 @@ class TestPasswordStage(FlowTestCase):
|
||||||
{"password": self.user.username + "test"},
|
{"password": self.user.username + "test"},
|
||||||
)
|
)
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
self.assertStageResponse(
|
||||||
|
response,
|
||||||
|
flow=self.flow,
|
||||||
|
response_errors={"password": [{"string": "Invalid password", "code": "invalid"}]},
|
||||||
|
)
|
||||||
|
|
||||||
response = self.client.post(
|
response = self.client.post(
|
||||||
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
|
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
|
||||||
|
@ -127,6 +132,7 @@ class TestPasswordStage(FlowTestCase):
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
# To ensure the plan has been cancelled, check SESSION_KEY_PLAN
|
# To ensure the plan has been cancelled, check SESSION_KEY_PLAN
|
||||||
self.assertNotIn(SESSION_KEY_PLAN, self.client.session)
|
self.assertNotIn(SESSION_KEY_PLAN, self.client.session)
|
||||||
|
self.assertStageResponse(response, flow=self.flow, error_message="Unknown error")
|
||||||
|
|
||||||
@patch(
|
@patch(
|
||||||
"authentik.flows.views.executor.to_stage_response",
|
"authentik.flows.views.executor.to_stage_response",
|
||||||
|
|
Reference in a new issue