authentik.core.tests.test_groups_api
Test Groups API
1"""Test Groups API""" 2 3from django.urls.base import reverse 4from rest_framework.test import APITestCase 5 6from authentik.core.models import Group 7from authentik.core.tests.utils import create_test_admin_user, create_test_user 8from authentik.lib.generators import generate_id 9 10 11class TestGroupsAPI(APITestCase): 12 """Test Groups API""" 13 14 def setUp(self) -> None: 15 self.login_user = create_test_user() 16 self.user = create_test_user() 17 18 def test_list_with_users(self): 19 """Test listing with users""" 20 admin = create_test_admin_user() 21 self.client.force_login(admin) 22 response = self.client.get(reverse("authentik_api:group-list"), {"include_users": "true"}) 23 self.assertEqual(response.status_code, 200) 24 25 def test_retrieve_with_users(self): 26 """Test retrieve with users""" 27 admin = create_test_admin_user() 28 group = Group.objects.create(name=generate_id()) 29 self.client.force_login(admin) 30 response = self.client.get( 31 reverse("authentik_api:group-detail", kwargs={"pk": group.pk}), 32 {"include_users": "true"}, 33 ) 34 self.assertEqual(response.status_code, 200) 35 36 def test_add_user(self): 37 """Test add_user""" 38 group = Group.objects.create(name=generate_id()) 39 self.login_user.assign_perms_to_managed_role("authentik_core.add_user_to_group", group) 40 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 41 self.client.force_login(self.login_user) 42 res = self.client.post( 43 reverse("authentik_api:group-add-user", kwargs={"pk": group.pk}), 44 data={ 45 "pk": self.user.pk, 46 }, 47 ) 48 self.assertEqual(res.status_code, 204) 49 group.refresh_from_db() 50 self.assertEqual(list(group.users.all()), [self.user]) 51 52 def test_add_user_404(self): 53 """Test add_user""" 54 group = Group.objects.create(name=generate_id()) 55 self.login_user.assign_perms_to_managed_role("authentik_core.add_user_to_group", group) 56 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 57 self.client.force_login(self.login_user) 58 res = self.client.post( 59 reverse("authentik_api:group-add-user", kwargs={"pk": group.pk}), 60 data={ 61 "pk": self.user.pk + 3, 62 }, 63 ) 64 self.assertEqual(res.status_code, 404) 65 66 def test_remove_user(self): 67 """Test remove_user""" 68 group = Group.objects.create(name=generate_id()) 69 self.login_user.assign_perms_to_managed_role("authentik_core.remove_user_from_group", group) 70 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 71 group.users.add(self.user) 72 self.client.force_login(self.login_user) 73 res = self.client.post( 74 reverse("authentik_api:group-remove-user", kwargs={"pk": group.pk}), 75 data={ 76 "pk": self.user.pk, 77 }, 78 ) 79 self.assertEqual(res.status_code, 204) 80 group.refresh_from_db() 81 self.assertEqual(list(group.users.all()), []) 82 83 def test_remove_user_404(self): 84 """Test remove_user""" 85 group = Group.objects.create(name=generate_id()) 86 self.login_user.assign_perms_to_managed_role("authentik_core.remove_user_from_group", group) 87 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 88 group.users.add(self.user) 89 self.client.force_login(self.login_user) 90 res = self.client.post( 91 reverse("authentik_api:group-remove-user", kwargs={"pk": group.pk}), 92 data={ 93 "pk": self.user.pk + 3, 94 }, 95 ) 96 self.assertEqual(res.status_code, 404) 97 98 def test_superuser_no_perm(self): 99 """Test creating a superuser group without permission""" 100 self.login_user.assign_perms_to_managed_role("authentik_core.add_group") 101 self.client.force_login(self.login_user) 102 res = self.client.post( 103 reverse("authentik_api:group-list"), 104 data={"name": generate_id(), "is_superuser": True}, 105 ) 106 self.assertEqual(res.status_code, 400) 107 self.assertJSONEqual( 108 res.content, 109 {"is_superuser": ["User does not have permission to set superuser status to True."]}, 110 ) 111 112 def test_superuser_no_perm_no_superuser(self): 113 """Test creating a group without permission and without superuser flag""" 114 self.login_user.assign_perms_to_managed_role("authentik_core.add_group") 115 self.client.force_login(self.login_user) 116 res = self.client.post( 117 reverse("authentik_api:group-list"), 118 data={"name": generate_id(), "is_superuser": False}, 119 ) 120 self.assertEqual(res.status_code, 201) 121 122 def test_superuser_update_no_perm(self): 123 """Test updating a superuser group without permission""" 124 group = Group.objects.create(name=generate_id(), is_superuser=True) 125 self.login_user.assign_perms_to_managed_role("authentik_core.view_group", group) 126 self.login_user.assign_perms_to_managed_role("authentik_core.change_group", group) 127 self.client.force_login(self.login_user) 128 res = self.client.patch( 129 reverse("authentik_api:group-detail", kwargs={"pk": group.pk}), 130 data={"is_superuser": False}, 131 ) 132 self.assertEqual(res.status_code, 400) 133 self.assertJSONEqual( 134 res.content, 135 {"is_superuser": ["User does not have permission to set superuser status to False."]}, 136 ) 137 138 def test_superuser_update_no_change(self): 139 """Test updating a superuser group without permission 140 and without changing the superuser status""" 141 group = Group.objects.create(name=generate_id(), is_superuser=True) 142 self.login_user.assign_perms_to_managed_role("authentik_core.view_group", group) 143 self.login_user.assign_perms_to_managed_role("authentik_core.change_group", group) 144 self.client.force_login(self.login_user) 145 res = self.client.patch( 146 reverse("authentik_api:group-detail", kwargs={"pk": group.pk}), 147 data={"name": generate_id(), "is_superuser": True}, 148 ) 149 self.assertEqual(res.status_code, 200) 150 151 def test_superuser_create(self): 152 """Test creating a superuser group with permission""" 153 self.login_user.assign_perms_to_managed_role("authentik_core.add_group") 154 self.login_user.assign_perms_to_managed_role("authentik_core.enable_group_superuser") 155 self.client.force_login(self.login_user) 156 res = self.client.post( 157 reverse("authentik_api:group-list"), 158 data={"name": generate_id(), "is_superuser": True}, 159 ) 160 self.assertEqual(res.status_code, 201)
class
TestGroupsAPI(rest_framework.test.APITestCase):
12class TestGroupsAPI(APITestCase): 13 """Test Groups API""" 14 15 def setUp(self) -> None: 16 self.login_user = create_test_user() 17 self.user = create_test_user() 18 19 def test_list_with_users(self): 20 """Test listing with users""" 21 admin = create_test_admin_user() 22 self.client.force_login(admin) 23 response = self.client.get(reverse("authentik_api:group-list"), {"include_users": "true"}) 24 self.assertEqual(response.status_code, 200) 25 26 def test_retrieve_with_users(self): 27 """Test retrieve with users""" 28 admin = create_test_admin_user() 29 group = Group.objects.create(name=generate_id()) 30 self.client.force_login(admin) 31 response = self.client.get( 32 reverse("authentik_api:group-detail", kwargs={"pk": group.pk}), 33 {"include_users": "true"}, 34 ) 35 self.assertEqual(response.status_code, 200) 36 37 def test_add_user(self): 38 """Test add_user""" 39 group = Group.objects.create(name=generate_id()) 40 self.login_user.assign_perms_to_managed_role("authentik_core.add_user_to_group", group) 41 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 42 self.client.force_login(self.login_user) 43 res = self.client.post( 44 reverse("authentik_api:group-add-user", kwargs={"pk": group.pk}), 45 data={ 46 "pk": self.user.pk, 47 }, 48 ) 49 self.assertEqual(res.status_code, 204) 50 group.refresh_from_db() 51 self.assertEqual(list(group.users.all()), [self.user]) 52 53 def test_add_user_404(self): 54 """Test add_user""" 55 group = Group.objects.create(name=generate_id()) 56 self.login_user.assign_perms_to_managed_role("authentik_core.add_user_to_group", group) 57 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 58 self.client.force_login(self.login_user) 59 res = self.client.post( 60 reverse("authentik_api:group-add-user", kwargs={"pk": group.pk}), 61 data={ 62 "pk": self.user.pk + 3, 63 }, 64 ) 65 self.assertEqual(res.status_code, 404) 66 67 def test_remove_user(self): 68 """Test remove_user""" 69 group = Group.objects.create(name=generate_id()) 70 self.login_user.assign_perms_to_managed_role("authentik_core.remove_user_from_group", group) 71 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 72 group.users.add(self.user) 73 self.client.force_login(self.login_user) 74 res = self.client.post( 75 reverse("authentik_api:group-remove-user", kwargs={"pk": group.pk}), 76 data={ 77 "pk": self.user.pk, 78 }, 79 ) 80 self.assertEqual(res.status_code, 204) 81 group.refresh_from_db() 82 self.assertEqual(list(group.users.all()), []) 83 84 def test_remove_user_404(self): 85 """Test remove_user""" 86 group = Group.objects.create(name=generate_id()) 87 self.login_user.assign_perms_to_managed_role("authentik_core.remove_user_from_group", group) 88 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 89 group.users.add(self.user) 90 self.client.force_login(self.login_user) 91 res = self.client.post( 92 reverse("authentik_api:group-remove-user", kwargs={"pk": group.pk}), 93 data={ 94 "pk": self.user.pk + 3, 95 }, 96 ) 97 self.assertEqual(res.status_code, 404) 98 99 def test_superuser_no_perm(self): 100 """Test creating a superuser group without permission""" 101 self.login_user.assign_perms_to_managed_role("authentik_core.add_group") 102 self.client.force_login(self.login_user) 103 res = self.client.post( 104 reverse("authentik_api:group-list"), 105 data={"name": generate_id(), "is_superuser": True}, 106 ) 107 self.assertEqual(res.status_code, 400) 108 self.assertJSONEqual( 109 res.content, 110 {"is_superuser": ["User does not have permission to set superuser status to True."]}, 111 ) 112 113 def test_superuser_no_perm_no_superuser(self): 114 """Test creating a group without permission and without superuser flag""" 115 self.login_user.assign_perms_to_managed_role("authentik_core.add_group") 116 self.client.force_login(self.login_user) 117 res = self.client.post( 118 reverse("authentik_api:group-list"), 119 data={"name": generate_id(), "is_superuser": False}, 120 ) 121 self.assertEqual(res.status_code, 201) 122 123 def test_superuser_update_no_perm(self): 124 """Test updating a superuser group without permission""" 125 group = Group.objects.create(name=generate_id(), is_superuser=True) 126 self.login_user.assign_perms_to_managed_role("authentik_core.view_group", group) 127 self.login_user.assign_perms_to_managed_role("authentik_core.change_group", group) 128 self.client.force_login(self.login_user) 129 res = self.client.patch( 130 reverse("authentik_api:group-detail", kwargs={"pk": group.pk}), 131 data={"is_superuser": False}, 132 ) 133 self.assertEqual(res.status_code, 400) 134 self.assertJSONEqual( 135 res.content, 136 {"is_superuser": ["User does not have permission to set superuser status to False."]}, 137 ) 138 139 def test_superuser_update_no_change(self): 140 """Test updating a superuser group without permission 141 and without changing the superuser status""" 142 group = Group.objects.create(name=generate_id(), is_superuser=True) 143 self.login_user.assign_perms_to_managed_role("authentik_core.view_group", group) 144 self.login_user.assign_perms_to_managed_role("authentik_core.change_group", group) 145 self.client.force_login(self.login_user) 146 res = self.client.patch( 147 reverse("authentik_api:group-detail", kwargs={"pk": group.pk}), 148 data={"name": generate_id(), "is_superuser": True}, 149 ) 150 self.assertEqual(res.status_code, 200) 151 152 def test_superuser_create(self): 153 """Test creating a superuser group with permission""" 154 self.login_user.assign_perms_to_managed_role("authentik_core.add_group") 155 self.login_user.assign_perms_to_managed_role("authentik_core.enable_group_superuser") 156 self.client.force_login(self.login_user) 157 res = self.client.post( 158 reverse("authentik_api:group-list"), 159 data={"name": generate_id(), "is_superuser": True}, 160 ) 161 self.assertEqual(res.status_code, 201)
Test Groups API
def
setUp(self) -> None:
15 def setUp(self) -> None: 16 self.login_user = create_test_user() 17 self.user = create_test_user()
Hook method for setting up the test fixture before exercising it.
def
test_list_with_users(self):
19 def test_list_with_users(self): 20 """Test listing with users""" 21 admin = create_test_admin_user() 22 self.client.force_login(admin) 23 response = self.client.get(reverse("authentik_api:group-list"), {"include_users": "true"}) 24 self.assertEqual(response.status_code, 200)
Test listing with users
def
test_retrieve_with_users(self):
26 def test_retrieve_with_users(self): 27 """Test retrieve with users""" 28 admin = create_test_admin_user() 29 group = Group.objects.create(name=generate_id()) 30 self.client.force_login(admin) 31 response = self.client.get( 32 reverse("authentik_api:group-detail", kwargs={"pk": group.pk}), 33 {"include_users": "true"}, 34 ) 35 self.assertEqual(response.status_code, 200)
Test retrieve with users
def
test_add_user(self):
37 def test_add_user(self): 38 """Test add_user""" 39 group = Group.objects.create(name=generate_id()) 40 self.login_user.assign_perms_to_managed_role("authentik_core.add_user_to_group", group) 41 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 42 self.client.force_login(self.login_user) 43 res = self.client.post( 44 reverse("authentik_api:group-add-user", kwargs={"pk": group.pk}), 45 data={ 46 "pk": self.user.pk, 47 }, 48 ) 49 self.assertEqual(res.status_code, 204) 50 group.refresh_from_db() 51 self.assertEqual(list(group.users.all()), [self.user])
Test add_user
def
test_add_user_404(self):
53 def test_add_user_404(self): 54 """Test add_user""" 55 group = Group.objects.create(name=generate_id()) 56 self.login_user.assign_perms_to_managed_role("authentik_core.add_user_to_group", group) 57 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 58 self.client.force_login(self.login_user) 59 res = self.client.post( 60 reverse("authentik_api:group-add-user", kwargs={"pk": group.pk}), 61 data={ 62 "pk": self.user.pk + 3, 63 }, 64 ) 65 self.assertEqual(res.status_code, 404)
Test add_user
def
test_remove_user(self):
67 def test_remove_user(self): 68 """Test remove_user""" 69 group = Group.objects.create(name=generate_id()) 70 self.login_user.assign_perms_to_managed_role("authentik_core.remove_user_from_group", group) 71 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 72 group.users.add(self.user) 73 self.client.force_login(self.login_user) 74 res = self.client.post( 75 reverse("authentik_api:group-remove-user", kwargs={"pk": group.pk}), 76 data={ 77 "pk": self.user.pk, 78 }, 79 ) 80 self.assertEqual(res.status_code, 204) 81 group.refresh_from_db() 82 self.assertEqual(list(group.users.all()), [])
Test remove_user
def
test_remove_user_404(self):
84 def test_remove_user_404(self): 85 """Test remove_user""" 86 group = Group.objects.create(name=generate_id()) 87 self.login_user.assign_perms_to_managed_role("authentik_core.remove_user_from_group", group) 88 self.login_user.assign_perms_to_managed_role("authentik_core.view_user") 89 group.users.add(self.user) 90 self.client.force_login(self.login_user) 91 res = self.client.post( 92 reverse("authentik_api:group-remove-user", kwargs={"pk": group.pk}), 93 data={ 94 "pk": self.user.pk + 3, 95 }, 96 ) 97 self.assertEqual(res.status_code, 404)
Test remove_user
def
test_superuser_no_perm(self):
99 def test_superuser_no_perm(self): 100 """Test creating a superuser group without permission""" 101 self.login_user.assign_perms_to_managed_role("authentik_core.add_group") 102 self.client.force_login(self.login_user) 103 res = self.client.post( 104 reverse("authentik_api:group-list"), 105 data={"name": generate_id(), "is_superuser": True}, 106 ) 107 self.assertEqual(res.status_code, 400) 108 self.assertJSONEqual( 109 res.content, 110 {"is_superuser": ["User does not have permission to set superuser status to True."]}, 111 )
Test creating a superuser group without permission
def
test_superuser_no_perm_no_superuser(self):
113 def test_superuser_no_perm_no_superuser(self): 114 """Test creating a group without permission and without superuser flag""" 115 self.login_user.assign_perms_to_managed_role("authentik_core.add_group") 116 self.client.force_login(self.login_user) 117 res = self.client.post( 118 reverse("authentik_api:group-list"), 119 data={"name": generate_id(), "is_superuser": False}, 120 ) 121 self.assertEqual(res.status_code, 201)
Test creating a group without permission and without superuser flag
def
test_superuser_update_no_perm(self):
123 def test_superuser_update_no_perm(self): 124 """Test updating a superuser group without permission""" 125 group = Group.objects.create(name=generate_id(), is_superuser=True) 126 self.login_user.assign_perms_to_managed_role("authentik_core.view_group", group) 127 self.login_user.assign_perms_to_managed_role("authentik_core.change_group", group) 128 self.client.force_login(self.login_user) 129 res = self.client.patch( 130 reverse("authentik_api:group-detail", kwargs={"pk": group.pk}), 131 data={"is_superuser": False}, 132 ) 133 self.assertEqual(res.status_code, 400) 134 self.assertJSONEqual( 135 res.content, 136 {"is_superuser": ["User does not have permission to set superuser status to False."]}, 137 )
Test updating a superuser group without permission
def
test_superuser_update_no_change(self):
139 def test_superuser_update_no_change(self): 140 """Test updating a superuser group without permission 141 and without changing the superuser status""" 142 group = Group.objects.create(name=generate_id(), is_superuser=True) 143 self.login_user.assign_perms_to_managed_role("authentik_core.view_group", group) 144 self.login_user.assign_perms_to_managed_role("authentik_core.change_group", group) 145 self.client.force_login(self.login_user) 146 res = self.client.patch( 147 reverse("authentik_api:group-detail", kwargs={"pk": group.pk}), 148 data={"name": generate_id(), "is_superuser": True}, 149 ) 150 self.assertEqual(res.status_code, 200)
Test updating a superuser group without permission and without changing the superuser status
def
test_superuser_create(self):
152 def test_superuser_create(self): 153 """Test creating a superuser group with permission""" 154 self.login_user.assign_perms_to_managed_role("authentik_core.add_group") 155 self.login_user.assign_perms_to_managed_role("authentik_core.enable_group_superuser") 156 self.client.force_login(self.login_user) 157 res = self.client.post( 158 reverse("authentik_api:group-list"), 159 data={"name": generate_id(), "is_superuser": True}, 160 ) 161 self.assertEqual(res.status_code, 201)
Test creating a superuser group with permission