core: fix token's set_key accessing data incorrectly
also add tests closes #4551 Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
6e5ad60cea
commit
ecb1ce8135
|
@ -134,9 +134,10 @@ class TokenViewSet(UsedByMixin, ModelViewSet):
|
|||
)
|
||||
@action(detail=True, pagination_class=None, filter_backends=[], methods=["POST"])
|
||||
def set_key(self, request: Request, identifier: str) -> Response:
|
||||
"""Return token key and log access"""
|
||||
"""Set token key. Action is logged as event. `authentik_core.set_token_key` permission
|
||||
is required."""
|
||||
token: Token = self.get_object()
|
||||
key = request.POST.get("key")
|
||||
key = request.data.get("key")
|
||||
if not key:
|
||||
return Response(status=400)
|
||||
token.key = key
|
||||
|
|
|
@ -7,6 +7,7 @@ from rest_framework.test import APITestCase
|
|||
|
||||
from authentik.core.models import USER_ATTRIBUTE_TOKEN_EXPIRING, Token, TokenIntents, User
|
||||
from authentik.core.tests.utils import create_test_admin_user
|
||||
from authentik.lib.generators import generate_id
|
||||
|
||||
|
||||
class TestTokenAPI(APITestCase):
|
||||
|
@ -30,6 +31,28 @@ class TestTokenAPI(APITestCase):
|
|||
self.assertEqual(token.expiring, True)
|
||||
self.assertTrue(self.user.has_perm("authentik_core.view_token_key", token))
|
||||
|
||||
def test_token_set_key(self):
|
||||
"""Test token creation endpoint"""
|
||||
response = self.client.post(
|
||||
reverse("authentik_api:token-list"), {"identifier": "test-token"}
|
||||
)
|
||||
self.assertEqual(response.status_code, 201)
|
||||
token = Token.objects.get(identifier="test-token")
|
||||
self.assertEqual(token.user, self.user)
|
||||
self.assertEqual(token.intent, TokenIntents.INTENT_API)
|
||||
self.assertEqual(token.expiring, True)
|
||||
self.assertTrue(self.user.has_perm("authentik_core.view_token_key", token))
|
||||
|
||||
self.client.force_login(self.admin)
|
||||
new_key = generate_id()
|
||||
response = self.client.post(
|
||||
reverse("authentik_api:token-set-key", kwargs={"identifier": token.identifier}),
|
||||
{"key": new_key},
|
||||
)
|
||||
self.assertEqual(response.status_code, 204)
|
||||
token.refresh_from_db()
|
||||
self.assertEqual(token.key, new_key)
|
||||
|
||||
def test_token_create_invalid(self):
|
||||
"""Test token creation endpoint (invalid data)"""
|
||||
response = self.client.post(
|
||||
|
|
Reference in a new issue