mirror of
https://github.com/goauthentik/authentik
synced 2026-05-15 11:26:31 +02:00
Compare commits
4 Commits
website/do
...
flows/corr
| Author | SHA1 | Date | |
|---|---|---|---|
|
4470fcba1d | ||
|
|
253d1532da | ||
|
|
c91139fd89 | ||
|
|
1db6104bef |
@@ -255,7 +255,7 @@ class ChallengeStageView(StageView):
|
||||
"f(ch): invalid challenge response",
|
||||
errors=challenge_response.errors,
|
||||
)
|
||||
return HttpChallengeResponse(challenge_response)
|
||||
return HttpChallengeResponse(challenge_response, status=400)
|
||||
|
||||
|
||||
class AccessDeniedStage(ChallengeStageView):
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
from collections.abc import Callable, Generator
|
||||
from contextlib import contextmanager
|
||||
from http import HTTPStatus
|
||||
from json import loads
|
||||
from typing import Any
|
||||
from unittest.mock import MagicMock, patch
|
||||
@@ -27,7 +28,7 @@ class FlowTestCase(APITestCase):
|
||||
**kwargs,
|
||||
) -> dict[str, Any]:
|
||||
"""Assert various attributes of a stage response"""
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertIn(response.status_code, [HTTPStatus.OK, HTTPStatus.BAD_REQUEST])
|
||||
raw_response = loads(response.content.decode())
|
||||
self.assertIsNotNone(raw_response["component"])
|
||||
if flow:
|
||||
|
||||
@@ -259,6 +259,11 @@ class FlowExecutorView(APIView):
|
||||
serializers=challenge_types,
|
||||
resource_type_field_name="component",
|
||||
),
|
||||
400: PolymorphicProxySerializer(
|
||||
component_name="ChallengeTypes",
|
||||
serializers=challenge_types,
|
||||
resource_type_field_name="component",
|
||||
),
|
||||
},
|
||||
request=OpenApiTypes.NONE,
|
||||
parameters=[
|
||||
@@ -306,6 +311,11 @@ class FlowExecutorView(APIView):
|
||||
serializers=challenge_types,
|
||||
resource_type_field_name="component",
|
||||
),
|
||||
400: PolymorphicProxySerializer(
|
||||
component_name="ChallengeTypes",
|
||||
serializers=challenge_types,
|
||||
resource_type_field_name="component",
|
||||
),
|
||||
},
|
||||
request=PolymorphicProxySerializer(
|
||||
component_name="FlowChallengeResponse",
|
||||
|
||||
@@ -8,6 +8,7 @@ from authentik.flows.models import FlowStageBinding, NotConfiguredAction
|
||||
from authentik.flows.tests import FlowTestCase
|
||||
from authentik.lib.generators import generate_id
|
||||
from authentik.lib.utils.email import mask_email
|
||||
from authentik.stages.authenticator.models import Device
|
||||
from authentik.stages.authenticator_email.models import AuthenticatorEmailStage, EmailDevice
|
||||
from authentik.stages.authenticator_validate.models import AuthenticatorValidateStage, DeviceClasses
|
||||
from authentik.stages.identification.models import IdentificationStage, UserFields
|
||||
@@ -50,7 +51,7 @@ class AuthenticatorValidateStageEmailTests(FlowTestCase):
|
||||
self.assertEqual(response.status_code, 200)
|
||||
return response
|
||||
|
||||
def _send_challenge(self, device):
|
||||
def _send_challenge(self, device: Device):
|
||||
"""Helper to send challenge for device"""
|
||||
response = self.client.post(
|
||||
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
|
||||
@@ -64,7 +65,7 @@ class AuthenticatorValidateStageEmailTests(FlowTestCase):
|
||||
},
|
||||
},
|
||||
)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(response.status_code, 400)
|
||||
return response
|
||||
|
||||
def test_happy_path(self):
|
||||
@@ -125,7 +126,6 @@ class AuthenticatorValidateStageEmailTests(FlowTestCase):
|
||||
reverse("authentik_api:flow-executor", kwargs={"flow_slug": flow.slug}),
|
||||
{"component": "ak-stage-authenticator-validate"},
|
||||
)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
response_data = self.assertStageResponse(
|
||||
response,
|
||||
flow=flow,
|
||||
|
||||
@@ -501,7 +501,6 @@ class AuthenticatorValidateStageWebAuthnTests(FlowTestCase):
|
||||
SERVER_NAME="localhost",
|
||||
SERVER_PORT="9000",
|
||||
)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertStageResponse(
|
||||
response,
|
||||
flow,
|
||||
|
||||
@@ -47,7 +47,6 @@ class TestEmailStageSending(FlowTestCase):
|
||||
PropertyMock(return_value=EmailBackend),
|
||||
):
|
||||
response = self.client.post(url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertStageResponse(
|
||||
response,
|
||||
self.flow,
|
||||
@@ -85,7 +84,6 @@ class TestEmailStageSending(FlowTestCase):
|
||||
PropertyMock(return_value=EmailBackend),
|
||||
):
|
||||
response = self.client.post(url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertStageResponse(
|
||||
response,
|
||||
self.flow,
|
||||
@@ -116,10 +114,10 @@ class TestEmailStageSending(FlowTestCase):
|
||||
PropertyMock(return_value=EmailBackend),
|
||||
):
|
||||
response = self.client.post(url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertStageResponse(
|
||||
response,
|
||||
self.flow,
|
||||
component="ak-stage-email",
|
||||
response_errors={
|
||||
"non_field_errors": [{"string": "email-sent", "code": "email-sent"}]
|
||||
},
|
||||
@@ -144,10 +142,10 @@ class TestEmailStageSending(FlowTestCase):
|
||||
PropertyMock(return_value=EmailBackend),
|
||||
):
|
||||
response = self.client.post(url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertStageResponse(
|
||||
response,
|
||||
self.flow,
|
||||
component="ak-stage-email",
|
||||
response_errors={
|
||||
"non_field_errors": [{"string": "email-sent", "code": "email-sent"}]
|
||||
},
|
||||
@@ -173,6 +171,13 @@ class TestEmailStageSending(FlowTestCase):
|
||||
):
|
||||
response = self.client.post(url)
|
||||
response = self.client.post(url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertStageResponse(
|
||||
response,
|
||||
self.flow,
|
||||
component="ak-stage-email",
|
||||
response_errors={
|
||||
"non_field_errors": [{"string": "email-sent", "code": "email-sent"}]
|
||||
},
|
||||
)
|
||||
self.assertGreaterEqual(len(mail.outbox), 1)
|
||||
self.assertEqual(mail.outbox[0].subject, "authentik")
|
||||
|
||||
@@ -99,7 +99,11 @@ class TestEmailStage(FlowTestCase):
|
||||
|
||||
url = reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
|
||||
response = self.client.post(url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertStageResponse(
|
||||
response,
|
||||
self.flow,
|
||||
response_errors={"non_field_errors": [{"string": "email-sent", "code": "email-sent"}]},
|
||||
)
|
||||
self.assertEqual(len(mail.outbox), 1)
|
||||
self.assertEqual(mail.outbox[0].subject, "authentik")
|
||||
self.assertEqual(mail.outbox[0].to, [f"{self.user.name} <{self.user.email}>"])
|
||||
@@ -119,7 +123,12 @@ class TestEmailStage(FlowTestCase):
|
||||
|
||||
url = reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
|
||||
response = self.client.post(url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertStageResponse(
|
||||
response,
|
||||
self.flow,
|
||||
component="ak-stage-email",
|
||||
response_errors={"non_field_errors": [{"string": "email-sent", "code": "email-sent"}]},
|
||||
)
|
||||
self.assertEqual(len(mail.outbox), 1)
|
||||
self.assertEqual(mail.outbox[0].subject, "authentik")
|
||||
self.assertEqual(mail.outbox[0].to, [f"{self.user.name} <foo@bar.baz>"])
|
||||
@@ -430,7 +439,7 @@ class TestEmailStage(FlowTestCase):
|
||||
with patch.object(stage_view, "send_email") as mock_send_email:
|
||||
result = stage_view.challenge_invalid(challenge_response)
|
||||
|
||||
self.assertEqual(result.status_code, 200)
|
||||
self.assertEqual(result.status_code, 400)
|
||||
|
||||
mock_send_email.assert_called_once()
|
||||
|
||||
@@ -453,7 +462,7 @@ class TestEmailStage(FlowTestCase):
|
||||
# This next request should be rate limited
|
||||
result = stage_view.challenge_invalid(challenge_response)
|
||||
|
||||
self.assertEqual(result.status_code, 200)
|
||||
self.assertEqual(result.status_code, 400)
|
||||
|
||||
mock_send_email.assert_not_called()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user