authentik.core.tests.test_transactional_applications_api

Test Transactional API

View Source

  1"""Test Transactional API"""
  2
  3from django.urls import reverse
  4from rest_framework.test import APITestCase
  5
  6from authentik.core.models import Application, Group
  7from authentik.core.tests.utils import create_test_flow, create_test_user
  8from authentik.lib.generators import generate_id
  9from authentik.policies.models import PolicyBinding
 10from authentik.providers.oauth2.models import OAuth2Provider
 11
 12
 13class TestTransactionalApplicationsAPI(APITestCase):
 14    """Test Transactional API"""
 15
 16    def setUp(self) -> None:
 17        self.user = create_test_user()
 18        self.user.assign_perms_to_managed_role("authentik_core.add_application")
 19        self.user.assign_perms_to_managed_role("authentik_providers_oauth2.add_oauth2provider")
 20
 21    def test_create_transactional(self):
 22        """Test transactional Application + provider creation"""
 23        self.client.force_login(self.user)
 24        uid = generate_id()
 25        response = self.client.put(
 26            reverse("authentik_api:core-transactional-application"),
 27            data={
 28                "app": {
 29                    "name": uid,
 30                    "slug": uid,
 31                },
 32                "provider_model": "authentik_providers_oauth2.oauth2provider",
 33                "provider": {
 34                    "name": uid,
 35                    "authorization_flow": str(create_test_flow().pk),
 36                    "invalidation_flow": str(create_test_flow().pk),
 37                    "redirect_uris": [],
 38                },
 39            },
 40        )
 41        self.assertJSONEqual(response.content.decode(), {"applied": True, "logs": []})
 42        provider = OAuth2Provider.objects.filter(name=uid).first()
 43        self.assertIsNotNone(provider)
 44        app = Application.objects.filter(slug=uid).first()
 45        self.assertIsNotNone(app)
 46        self.assertEqual(app.provider.pk, provider.pk)
 47
 48    def test_create_transactional_permission_denied(self):
 49        """Test transactional Application + provider creation (missing permissions)"""
 50        self.client.force_login(self.user)
 51        uid = generate_id()
 52        response = self.client.put(
 53            reverse("authentik_api:core-transactional-application"),
 54            data={
 55                "app": {
 56                    "name": uid,
 57                    "slug": uid,
 58                },
 59                "provider_model": "authentik_providers_saml.samlprovider",
 60                "provider": {
 61                    "name": uid,
 62                    "authorization_flow": str(create_test_flow().pk),
 63                    "invalidation_flow": str(create_test_flow().pk),
 64                    "acs_url": "https://goauthentik.io",
 65                },
 66            },
 67        )
 68        self.assertJSONEqual(
 69            response.content.decode(),
 70            {"provider": "User lacks permission to create authentik_providers_saml.samlprovider"},
 71        )
 72
 73    def test_create_transactional_bindings(self):
 74        """Test transactional Application + provider creation"""
 75        self.user.assign_perms_to_managed_role("authentik_policies.add_policybinding")
 76        self.client.force_login(self.user)
 77        uid = generate_id()
 78        group = Group.objects.create(name=generate_id())
 79        authorization_flow = create_test_flow()
 80        response = self.client.put(
 81            reverse("authentik_api:core-transactional-application"),
 82            data={
 83                "app": {
 84                    "name": uid,
 85                    "slug": uid,
 86                },
 87                "provider_model": "authentik_providers_oauth2.oauth2provider",
 88                "provider": {
 89                    "name": uid,
 90                    "authorization_flow": str(authorization_flow.pk),
 91                    "invalidation_flow": str(authorization_flow.pk),
 92                    "redirect_uris": [],
 93                },
 94                "policy_bindings": [{"group": group.pk, "order": 0}],
 95            },
 96        )
 97        self.assertJSONEqual(response.content.decode(), {"applied": True, "logs": []})
 98        provider = OAuth2Provider.objects.filter(name=uid).first()
 99        self.assertIsNotNone(provider)
100        app = Application.objects.filter(slug=uid).first()
101        self.assertIsNotNone(app)
102        self.assertEqual(app.provider.pk, provider.pk)
103        binding = PolicyBinding.objects.filter(target=app).first()
104        self.assertIsNotNone(binding)
105        self.assertEqual(binding.target, app)
106        self.assertEqual(binding.group, group)
107
108    def test_create_transactional_invalid(self):
109        """Test transactional Application + provider creation"""
110        self.client.force_login(self.user)
111        uid = generate_id()
112        response = self.client.put(
113            reverse("authentik_api:core-transactional-application"),
114            data={
115                "app": {
116                    "name": uid,
117                    "slug": uid,
118                },
119                "provider_model": "authentik_providers_oauth2.oauth2provider",
120                "provider": {
121                    "name": uid,
122                    "authorization_flow": "",
123                    "invalidation_flow": "",
124                    "redirect_uris": [],
125                },
126            },
127        )
128        self.assertJSONEqual(
129            response.content.decode(),
130            {
131                "provider": {
132                    "authorization_flow": ["This field may not be null."],
133                    "invalidation_flow": ["This field may not be null."],
134                }
135            },
136        )
137
138    def test_create_transactional_duplicate_name_provider(self):
139        """Test transactional Application + provider creation"""
140        self.client.force_login(self.user)
141        uid = generate_id()
142        OAuth2Provider.objects.create(
143            name=uid,
144            authorization_flow=create_test_flow(),
145            invalidation_flow=create_test_flow(),
146        )
147        response = self.client.put(
148            reverse("authentik_api:core-transactional-application"),
149            data={
150                "app": {
151                    "name": uid,
152                    "slug": uid,
153                },
154                "provider_model": "authentik_providers_oauth2.oauth2provider",
155                "provider": {
156                    "name": uid,
157                    "authorization_flow": str(create_test_flow().pk),
158                    "invalidation_flow": str(create_test_flow().pk),
159                },
160            },
161        )
162        self.assertJSONEqual(
163            response.content.decode(),
164            {"provider": {"name": ["State is set to must_created and object exists already"]}},
165        )

class TestTransactionalApplicationsAPI(rest_framework.test.APITestCase): View Source

 14class TestTransactionalApplicationsAPI(APITestCase):
 15    """Test Transactional API"""
 16
 17    def setUp(self) -> None:
 18        self.user = create_test_user()
 19        self.user.assign_perms_to_managed_role("authentik_core.add_application")
 20        self.user.assign_perms_to_managed_role("authentik_providers_oauth2.add_oauth2provider")
 21
 22    def test_create_transactional(self):
 23        """Test transactional Application + provider creation"""
 24        self.client.force_login(self.user)
 25        uid = generate_id()
 26        response = self.client.put(
 27            reverse("authentik_api:core-transactional-application"),
 28            data={
 29                "app": {
 30                    "name": uid,
 31                    "slug": uid,
 32                },
 33                "provider_model": "authentik_providers_oauth2.oauth2provider",
 34                "provider": {
 35                    "name": uid,
 36                    "authorization_flow": str(create_test_flow().pk),
 37                    "invalidation_flow": str(create_test_flow().pk),
 38                    "redirect_uris": [],
 39                },
 40            },
 41        )
 42        self.assertJSONEqual(response.content.decode(), {"applied": True, "logs": []})
 43        provider = OAuth2Provider.objects.filter(name=uid).first()
 44        self.assertIsNotNone(provider)
 45        app = Application.objects.filter(slug=uid).first()
 46        self.assertIsNotNone(app)
 47        self.assertEqual(app.provider.pk, provider.pk)
 48
 49    def test_create_transactional_permission_denied(self):
 50        """Test transactional Application + provider creation (missing permissions)"""
 51        self.client.force_login(self.user)
 52        uid = generate_id()
 53        response = self.client.put(
 54            reverse("authentik_api:core-transactional-application"),
 55            data={
 56                "app": {
 57                    "name": uid,
 58                    "slug": uid,
 59                },
 60                "provider_model": "authentik_providers_saml.samlprovider",
 61                "provider": {
 62                    "name": uid,
 63                    "authorization_flow": str(create_test_flow().pk),
 64                    "invalidation_flow": str(create_test_flow().pk),
 65                    "acs_url": "https://goauthentik.io",
 66                },
 67            },
 68        )
 69        self.assertJSONEqual(
 70            response.content.decode(),
 71            {"provider": "User lacks permission to create authentik_providers_saml.samlprovider"},
 72        )
 73
 74    def test_create_transactional_bindings(self):
 75        """Test transactional Application + provider creation"""
 76        self.user.assign_perms_to_managed_role("authentik_policies.add_policybinding")
 77        self.client.force_login(self.user)
 78        uid = generate_id()
 79        group = Group.objects.create(name=generate_id())
 80        authorization_flow = create_test_flow()
 81        response = self.client.put(
 82            reverse("authentik_api:core-transactional-application"),
 83            data={
 84                "app": {
 85                    "name": uid,
 86                    "slug": uid,
 87                },
 88                "provider_model": "authentik_providers_oauth2.oauth2provider",
 89                "provider": {
 90                    "name": uid,
 91                    "authorization_flow": str(authorization_flow.pk),
 92                    "invalidation_flow": str(authorization_flow.pk),
 93                    "redirect_uris": [],
 94                },
 95                "policy_bindings": [{"group": group.pk, "order": 0}],
 96            },
 97        )
 98        self.assertJSONEqual(response.content.decode(), {"applied": True, "logs": []})
 99        provider = OAuth2Provider.objects.filter(name=uid).first()
100        self.assertIsNotNone(provider)
101        app = Application.objects.filter(slug=uid).first()
102        self.assertIsNotNone(app)
103        self.assertEqual(app.provider.pk, provider.pk)
104        binding = PolicyBinding.objects.filter(target=app).first()
105        self.assertIsNotNone(binding)
106        self.assertEqual(binding.target, app)
107        self.assertEqual(binding.group, group)
108
109    def test_create_transactional_invalid(self):
110        """Test transactional Application + provider creation"""
111        self.client.force_login(self.user)
112        uid = generate_id()
113        response = self.client.put(
114            reverse("authentik_api:core-transactional-application"),
115            data={
116                "app": {
117                    "name": uid,
118                    "slug": uid,
119                },
120                "provider_model": "authentik_providers_oauth2.oauth2provider",
121                "provider": {
122                    "name": uid,
123                    "authorization_flow": "",
124                    "invalidation_flow": "",
125                    "redirect_uris": [],
126                },
127            },
128        )
129        self.assertJSONEqual(
130            response.content.decode(),
131            {
132                "provider": {
133                    "authorization_flow": ["This field may not be null."],
134                    "invalidation_flow": ["This field may not be null."],
135                }
136            },
137        )
138
139    def test_create_transactional_duplicate_name_provider(self):
140        """Test transactional Application + provider creation"""
141        self.client.force_login(self.user)
142        uid = generate_id()
143        OAuth2Provider.objects.create(
144            name=uid,
145            authorization_flow=create_test_flow(),
146            invalidation_flow=create_test_flow(),
147        )
148        response = self.client.put(
149            reverse("authentik_api:core-transactional-application"),
150            data={
151                "app": {
152                    "name": uid,
153                    "slug": uid,
154                },
155                "provider_model": "authentik_providers_oauth2.oauth2provider",
156                "provider": {
157                    "name": uid,
158                    "authorization_flow": str(create_test_flow().pk),
159                    "invalidation_flow": str(create_test_flow().pk),
160                },
161            },
162        )
163        self.assertJSONEqual(
164            response.content.decode(),
165            {"provider": {"name": ["State is set to must_created and object exists already"]}},
166        )

Test Transactional API

def setUp(self) -> None: View Source

17    def setUp(self) -> None:
18        self.user = create_test_user()
19        self.user.assign_perms_to_managed_role("authentik_core.add_application")
20        self.user.assign_perms_to_managed_role("authentik_providers_oauth2.add_oauth2provider")

Hook method for setting up the test fixture before exercising it.

def test_create_transactional(self): View Source

22    def test_create_transactional(self):
23        """Test transactional Application + provider creation"""
24        self.client.force_login(self.user)
25        uid = generate_id()
26        response = self.client.put(
27            reverse("authentik_api:core-transactional-application"),
28            data={
29                "app": {
30                    "name": uid,
31                    "slug": uid,
32                },
33                "provider_model": "authentik_providers_oauth2.oauth2provider",
34                "provider": {
35                    "name": uid,
36                    "authorization_flow": str(create_test_flow().pk),
37                    "invalidation_flow": str(create_test_flow().pk),
38                    "redirect_uris": [],
39                },
40            },
41        )
42        self.assertJSONEqual(response.content.decode(), {"applied": True, "logs": []})
43        provider = OAuth2Provider.objects.filter(name=uid).first()
44        self.assertIsNotNone(provider)
45        app = Application.objects.filter(slug=uid).first()
46        self.assertIsNotNone(app)
47        self.assertEqual(app.provider.pk, provider.pk)

Test transactional Application + provider creation

def test_create_transactional_permission_denied(self): View Source

49    def test_create_transactional_permission_denied(self):
50        """Test transactional Application + provider creation (missing permissions)"""
51        self.client.force_login(self.user)
52        uid = generate_id()
53        response = self.client.put(
54            reverse("authentik_api:core-transactional-application"),
55            data={
56                "app": {
57                    "name": uid,
58                    "slug": uid,
59                },
60                "provider_model": "authentik_providers_saml.samlprovider",
61                "provider": {
62                    "name": uid,
63                    "authorization_flow": str(create_test_flow().pk),
64                    "invalidation_flow": str(create_test_flow().pk),
65                    "acs_url": "https://goauthentik.io",
66                },
67            },
68        )
69        self.assertJSONEqual(
70            response.content.decode(),
71            {"provider": "User lacks permission to create authentik_providers_saml.samlprovider"},
72        )

Test transactional Application + provider creation (missing permissions)

def test_create_transactional_bindings(self): View Source

 74    def test_create_transactional_bindings(self):
 75        """Test transactional Application + provider creation"""
 76        self.user.assign_perms_to_managed_role("authentik_policies.add_policybinding")
 77        self.client.force_login(self.user)
 78        uid = generate_id()
 79        group = Group.objects.create(name=generate_id())
 80        authorization_flow = create_test_flow()
 81        response = self.client.put(
 82            reverse("authentik_api:core-transactional-application"),
 83            data={
 84                "app": {
 85                    "name": uid,
 86                    "slug": uid,
 87                },
 88                "provider_model": "authentik_providers_oauth2.oauth2provider",
 89                "provider": {
 90                    "name": uid,
 91                    "authorization_flow": str(authorization_flow.pk),
 92                    "invalidation_flow": str(authorization_flow.pk),
 93                    "redirect_uris": [],
 94                },
 95                "policy_bindings": [{"group": group.pk, "order": 0}],
 96            },
 97        )
 98        self.assertJSONEqual(response.content.decode(), {"applied": True, "logs": []})
 99        provider = OAuth2Provider.objects.filter(name=uid).first()
100        self.assertIsNotNone(provider)
101        app = Application.objects.filter(slug=uid).first()
102        self.assertIsNotNone(app)
103        self.assertEqual(app.provider.pk, provider.pk)
104        binding = PolicyBinding.objects.filter(target=app).first()
105        self.assertIsNotNone(binding)
106        self.assertEqual(binding.target, app)
107        self.assertEqual(binding.group, group)

Test transactional Application + provider creation

def test_create_transactional_invalid(self): View Source

109    def test_create_transactional_invalid(self):
110        """Test transactional Application + provider creation"""
111        self.client.force_login(self.user)
112        uid = generate_id()
113        response = self.client.put(
114            reverse("authentik_api:core-transactional-application"),
115            data={
116                "app": {
117                    "name": uid,
118                    "slug": uid,
119                },
120                "provider_model": "authentik_providers_oauth2.oauth2provider",
121                "provider": {
122                    "name": uid,
123                    "authorization_flow": "",
124                    "invalidation_flow": "",
125                    "redirect_uris": [],
126                },
127            },
128        )
129        self.assertJSONEqual(
130            response.content.decode(),
131            {
132                "provider": {
133                    "authorization_flow": ["This field may not be null."],
134                    "invalidation_flow": ["This field may not be null."],
135                }
136            },
137        )

Test transactional Application + provider creation

def test_create_transactional_duplicate_name_provider(self): View Source

139    def test_create_transactional_duplicate_name_provider(self):
140        """Test transactional Application + provider creation"""
141        self.client.force_login(self.user)
142        uid = generate_id()
143        OAuth2Provider.objects.create(
144            name=uid,
145            authorization_flow=create_test_flow(),
146            invalidation_flow=create_test_flow(),
147        )
148        response = self.client.put(
149            reverse("authentik_api:core-transactional-application"),
150            data={
151                "app": {
152                    "name": uid,
153                    "slug": uid,
154                },
155                "provider_model": "authentik_providers_oauth2.oauth2provider",
156                "provider": {
157                    "name": uid,
158                    "authorization_flow": str(create_test_flow().pk),
159                    "invalidation_flow": str(create_test_flow().pk),
160                },
161            },
162        )
163        self.assertJSONEqual(
164            response.content.decode(),
165            {"provider": {"name": ["State is set to must_created and object exists already"]}},
166        )

Test transactional Application + provider creation