authentik.enterprise.endpoints.connectors.agent.tests.test_apple_register
1from json import loads 2from unittest.mock import MagicMock, patch 3 4from django.urls import reverse 5from rest_framework.test import APITestCase 6 7from authentik.blueprints.tests import reconcile_app 8from authentik.core.tests.utils import create_test_user 9from authentik.endpoints.connectors.agent.models import ( 10 AgentConnector, 11 AgentDeviceConnection, 12 DeviceAuthenticationToken, 13 DeviceToken, 14 EnrollmentToken, 15) 16from authentik.endpoints.models import Device 17from authentik.enterprise.license import LicenseKey 18from authentik.enterprise.models import License 19from authentik.enterprise.tests.test_license import expiry_valid 20from authentik.lib.generators import generate_id 21 22 23class TestAppleRegister(APITestCase): 24 25 def setUp(self): 26 self.connector = AgentConnector.objects.create(name=generate_id()) 27 self.token = EnrollmentToken.objects.create(name=generate_id(), connector=self.connector) 28 self.device = Device.objects.create( 29 name=generate_id(), 30 identifier=generate_id(), 31 ) 32 self.connection = AgentDeviceConnection.objects.create( 33 device=self.device, 34 connector=self.connector, 35 ) 36 self.user = create_test_user() 37 self.device_token = DeviceToken.objects.create(device=self.connection) 38 39 @patch( 40 "authentik.enterprise.license.LicenseKey.validate", 41 MagicMock( 42 return_value=LicenseKey( 43 aud="", 44 exp=expiry_valid, 45 name=generate_id(), 46 internal_users=100, 47 external_users=100, 48 ) 49 ), 50 ) 51 @reconcile_app("authentik_crypto") 52 def test_register_device(self): 53 License.objects.create(key=generate_id()) 54 response = self.client.post( 55 reverse("authentik_api:psso-register-device"), 56 data={ 57 "device_signing_key": generate_id(), 58 "device_encryption_key": generate_id(), 59 "sign_key_id": generate_id(), 60 "enc_key_id": generate_id(), 61 }, 62 HTTP_AUTHORIZATION=f"Bearer+agent {self.device_token.key}", 63 ) 64 self.assertEqual(response.status_code, 200) 65 self.assertJSONEqual( 66 response.content, 67 { 68 "client_id": str(self.connector.pk), 69 "audience": str(self.device.pk), 70 "issuer": "http://testserver/endpoints/agent/psso/token/", 71 "jwks_endpoint": "http://testserver/endpoints/agent/psso/jwks/", 72 "nonce_endpoint": "http://testserver/endpoints/agent/psso/nonce/", 73 "token_endpoint": "http://testserver/endpoints/agent/psso/token/", 74 }, 75 ) 76 77 @patch( 78 "authentik.enterprise.license.LicenseKey.validate", 79 MagicMock( 80 return_value=LicenseKey( 81 aud="", 82 exp=expiry_valid, 83 name=generate_id(), 84 internal_users=100, 85 external_users=100, 86 ) 87 ), 88 ) 89 @reconcile_app("authentik_crypto") 90 def test_register_user(self): 91 License.objects.create(key=generate_id()) 92 device_auth = DeviceAuthenticationToken.objects.create( 93 device=self.device, 94 device_token=self.device_token, 95 connector=self.connector, 96 user=self.user, 97 token=generate_id(), 98 ) 99 response = self.client.post( 100 reverse("authentik_api:psso-register-user"), 101 data={ 102 "user_auth": device_auth.token, 103 "user_secure_enclave_key": generate_id(), 104 "enclave_key_id": generate_id(), 105 }, 106 HTTP_AUTHORIZATION=f"Bearer+agent {self.device_token.key}", 107 ) 108 self.assertEqual(response.status_code, 200) 109 body = loads(response.content) 110 self.assertEqual(body["username"], self.user.username)
class
TestAppleRegister(rest_framework.test.APITestCase):
24class TestAppleRegister(APITestCase): 25 26 def setUp(self): 27 self.connector = AgentConnector.objects.create(name=generate_id()) 28 self.token = EnrollmentToken.objects.create(name=generate_id(), connector=self.connector) 29 self.device = Device.objects.create( 30 name=generate_id(), 31 identifier=generate_id(), 32 ) 33 self.connection = AgentDeviceConnection.objects.create( 34 device=self.device, 35 connector=self.connector, 36 ) 37 self.user = create_test_user() 38 self.device_token = DeviceToken.objects.create(device=self.connection) 39 40 @patch( 41 "authentik.enterprise.license.LicenseKey.validate", 42 MagicMock( 43 return_value=LicenseKey( 44 aud="", 45 exp=expiry_valid, 46 name=generate_id(), 47 internal_users=100, 48 external_users=100, 49 ) 50 ), 51 ) 52 @reconcile_app("authentik_crypto") 53 def test_register_device(self): 54 License.objects.create(key=generate_id()) 55 response = self.client.post( 56 reverse("authentik_api:psso-register-device"), 57 data={ 58 "device_signing_key": generate_id(), 59 "device_encryption_key": generate_id(), 60 "sign_key_id": generate_id(), 61 "enc_key_id": generate_id(), 62 }, 63 HTTP_AUTHORIZATION=f"Bearer+agent {self.device_token.key}", 64 ) 65 self.assertEqual(response.status_code, 200) 66 self.assertJSONEqual( 67 response.content, 68 { 69 "client_id": str(self.connector.pk), 70 "audience": str(self.device.pk), 71 "issuer": "http://testserver/endpoints/agent/psso/token/", 72 "jwks_endpoint": "http://testserver/endpoints/agent/psso/jwks/", 73 "nonce_endpoint": "http://testserver/endpoints/agent/psso/nonce/", 74 "token_endpoint": "http://testserver/endpoints/agent/psso/token/", 75 }, 76 ) 77 78 @patch( 79 "authentik.enterprise.license.LicenseKey.validate", 80 MagicMock( 81 return_value=LicenseKey( 82 aud="", 83 exp=expiry_valid, 84 name=generate_id(), 85 internal_users=100, 86 external_users=100, 87 ) 88 ), 89 ) 90 @reconcile_app("authentik_crypto") 91 def test_register_user(self): 92 License.objects.create(key=generate_id()) 93 device_auth = DeviceAuthenticationToken.objects.create( 94 device=self.device, 95 device_token=self.device_token, 96 connector=self.connector, 97 user=self.user, 98 token=generate_id(), 99 ) 100 response = self.client.post( 101 reverse("authentik_api:psso-register-user"), 102 data={ 103 "user_auth": device_auth.token, 104 "user_secure_enclave_key": generate_id(), 105 "enclave_key_id": generate_id(), 106 }, 107 HTTP_AUTHORIZATION=f"Bearer+agent {self.device_token.key}", 108 ) 109 self.assertEqual(response.status_code, 200) 110 body = loads(response.content) 111 self.assertEqual(body["username"], self.user.username)
Similar to TransactionTestCase, but use transaction.atomic() to achieve
test isolation.
In most situations, TestCase should be preferred to TransactionTestCase as it allows faster execution. However, there are some situations where using TransactionTestCase might be necessary (e.g. testing some transactional behavior).
On database backends with no transaction support, TestCase behaves as TransactionTestCase.
def
setUp(self):
26 def setUp(self): 27 self.connector = AgentConnector.objects.create(name=generate_id()) 28 self.token = EnrollmentToken.objects.create(name=generate_id(), connector=self.connector) 29 self.device = Device.objects.create( 30 name=generate_id(), 31 identifier=generate_id(), 32 ) 33 self.connection = AgentDeviceConnection.objects.create( 34 device=self.device, 35 connector=self.connector, 36 ) 37 self.user = create_test_user() 38 self.device_token = DeviceToken.objects.create(device=self.connection)
Hook method for setting up the test fixture before exercising it.
@patch('authentik.enterprise.license.LicenseKey.validate', MagicMock(return_value=LicenseKey(aud='', exp=expiry_valid, name=generate_id(), internal_users=100, external_users=100)))
@reconcile_app('authentik_crypto')
def
test_register_device(self):
40 @patch( 41 "authentik.enterprise.license.LicenseKey.validate", 42 MagicMock( 43 return_value=LicenseKey( 44 aud="", 45 exp=expiry_valid, 46 name=generate_id(), 47 internal_users=100, 48 external_users=100, 49 ) 50 ), 51 ) 52 @reconcile_app("authentik_crypto") 53 def test_register_device(self): 54 License.objects.create(key=generate_id()) 55 response = self.client.post( 56 reverse("authentik_api:psso-register-device"), 57 data={ 58 "device_signing_key": generate_id(), 59 "device_encryption_key": generate_id(), 60 "sign_key_id": generate_id(), 61 "enc_key_id": generate_id(), 62 }, 63 HTTP_AUTHORIZATION=f"Bearer+agent {self.device_token.key}", 64 ) 65 self.assertEqual(response.status_code, 200) 66 self.assertJSONEqual( 67 response.content, 68 { 69 "client_id": str(self.connector.pk), 70 "audience": str(self.device.pk), 71 "issuer": "http://testserver/endpoints/agent/psso/token/", 72 "jwks_endpoint": "http://testserver/endpoints/agent/psso/jwks/", 73 "nonce_endpoint": "http://testserver/endpoints/agent/psso/nonce/", 74 "token_endpoint": "http://testserver/endpoints/agent/psso/token/", 75 }, 76 )
@patch('authentik.enterprise.license.LicenseKey.validate', MagicMock(return_value=LicenseKey(aud='', exp=expiry_valid, name=generate_id(), internal_users=100, external_users=100)))
@reconcile_app('authentik_crypto')
def
test_register_user(self):
78 @patch( 79 "authentik.enterprise.license.LicenseKey.validate", 80 MagicMock( 81 return_value=LicenseKey( 82 aud="", 83 exp=expiry_valid, 84 name=generate_id(), 85 internal_users=100, 86 external_users=100, 87 ) 88 ), 89 ) 90 @reconcile_app("authentik_crypto") 91 def test_register_user(self): 92 License.objects.create(key=generate_id()) 93 device_auth = DeviceAuthenticationToken.objects.create( 94 device=self.device, 95 device_token=self.device_token, 96 connector=self.connector, 97 user=self.user, 98 token=generate_id(), 99 ) 100 response = self.client.post( 101 reverse("authentik_api:psso-register-user"), 102 data={ 103 "user_auth": device_auth.token, 104 "user_secure_enclave_key": generate_id(), 105 "enclave_key_id": generate_id(), 106 }, 107 HTTP_AUTHORIZATION=f"Bearer+agent {self.device_token.key}", 108 ) 109 self.assertEqual(response.status_code, 200) 110 body = loads(response.content) 111 self.assertEqual(body["username"], self.user.username)