stages/user_login: add check for user.is_active and tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
418e491799
commit
b5649bdcc4
|
@ -5,6 +5,7 @@ from django.http import HttpRequest, HttpResponse
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
from structlog.stdlib import get_logger
|
from structlog.stdlib import get_logger
|
||||||
|
|
||||||
|
from authentik.core.models import User
|
||||||
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
|
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
|
||||||
from authentik.flows.stage import StageView
|
from authentik.flows.stage import StageView
|
||||||
from authentik.lib.utils.time import timedelta_from_string
|
from authentik.lib.utils.time import timedelta_from_string
|
||||||
|
@ -32,9 +33,12 @@ class UserLoginStageView(StageView):
|
||||||
backend = self.executor.plan.context.get(
|
backend = self.executor.plan.context.get(
|
||||||
PLAN_CONTEXT_AUTHENTICATION_BACKEND, BACKEND_INBUILT
|
PLAN_CONTEXT_AUTHENTICATION_BACKEND, BACKEND_INBUILT
|
||||||
)
|
)
|
||||||
|
user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
|
||||||
|
if not user.is_active:
|
||||||
|
LOGGER.warning("User is not active, login will not work.")
|
||||||
login(
|
login(
|
||||||
self.request,
|
self.request,
|
||||||
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],
|
user,
|
||||||
backend=backend,
|
backend=backend,
|
||||||
)
|
)
|
||||||
delta = timedelta_from_string(self.executor.current_stage.session_duration)
|
delta = timedelta_from_string(self.executor.current_stage.session_duration)
|
||||||
|
@ -45,7 +49,7 @@ class UserLoginStageView(StageView):
|
||||||
LOGGER.debug(
|
LOGGER.debug(
|
||||||
"Logged in",
|
"Logged in",
|
||||||
backend=backend,
|
backend=backend,
|
||||||
user=self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],
|
user=user,
|
||||||
flow_slug=self.executor.flow.slug,
|
flow_slug=self.executor.flow.slug,
|
||||||
session_duration=self.executor.current_stage.session_duration,
|
session_duration=self.executor.current_stage.session_duration,
|
||||||
)
|
)
|
||||||
|
|
|
@ -109,3 +109,29 @@ class TestUserLoginStage(APITestCase):
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_inactive_account(self):
|
||||||
|
"""Test with a valid pending user and backend"""
|
||||||
|
self.user.is_active = False
|
||||||
|
self.user.save()
|
||||||
|
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
|
||||||
|
plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
|
||||||
|
session = self.client.session
|
||||||
|
session[SESSION_KEY_PLAN] = plan
|
||||||
|
session.save()
|
||||||
|
|
||||||
|
response = self.client.get(
|
||||||
|
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assertEqual(response.status_code, 200)
|
||||||
|
self.assertJSONEqual(
|
||||||
|
force_str(response.content),
|
||||||
|
{
|
||||||
|
"component": "xak-flow-redirect",
|
||||||
|
"to": reverse("authentik_core:root-redirect"),
|
||||||
|
"type": ChallengeTypes.REDIRECT.value,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
response = self.client.get(reverse("authentik_api:application-list"))
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
Reference in a new issue