authentik.enterprise.providers.scim.tests.test_auth
SCIM OAuth tests
1"""SCIM OAuth tests""" 2 3from requests_mock import Mocker 4from rest_framework.test import APITestCase 5 6from authentik.blueprints.tests import apply_blueprint 7from authentik.core.models import Application, Group, User 8from authentik.lib.generators import generate_id 9from authentik.providers.scim.models import SCIMAuthenticationMode, SCIMMapping, SCIMProvider 10from authentik.sources.oauth.models import OAuthSource 11from authentik.tenants.models import Tenant 12 13 14class TestSCIMOAuthAuth(APITestCase): 15 """SCIM User tests""" 16 17 @apply_blueprint("system/providers-scim.yaml") 18 def setUp(self) -> None: 19 # Delete all users and groups as the mocked HTTP responses only return one ID 20 # which will cause errors with multiple users 21 Tenant.objects.update(avatars="none") 22 User.objects.all().exclude_anonymous().delete() 23 Group.objects.all().delete() 24 self.source = OAuthSource.objects.create( 25 name=generate_id(), 26 slug=generate_id(), 27 access_token_url="http://localhost/token", # nosec 28 consumer_key=generate_id(), 29 consumer_secret=generate_id(), 30 provider_type="openidconnect", 31 ) 32 self.provider = SCIMProvider.objects.create( 33 name=generate_id(), 34 url="https://localhost", 35 auth_mode=SCIMAuthenticationMode.OAUTH_SILENT, 36 auth_oauth=self.source, 37 auth_oauth_params={ 38 "foo": "bar", 39 }, 40 exclude_users_service_account=True, 41 ) 42 self.app: Application = Application.objects.create( 43 name=generate_id(), 44 slug=generate_id(), 45 ) 46 self.app.backchannel_providers.add(self.provider) 47 self.provider.property_mappings.add( 48 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user") 49 ) 50 self.provider.property_mappings_group.add( 51 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group") 52 ) 53 54 @Mocker() 55 def test_user_create(self, mock: Mocker): 56 """Test user creation""" 57 scim_id = generate_id() 58 token = generate_id() 59 mock.post("http://localhost/token", json={"access_token": token, "expires_in": 3600}) 60 mock.get( 61 "https://localhost/ServiceProviderConfig", 62 json={}, 63 ) 64 mock.post( 65 "https://localhost/Users", 66 json={ 67 "id": scim_id, 68 }, 69 ) 70 uid = generate_id() 71 user = User.objects.create( 72 username=uid, 73 name=f"{uid} {uid}", 74 email=f"{uid}@goauthentik.io", 75 ) 76 self.assertEqual(mock.call_count, 3) 77 self.assertEqual(mock.request_history[1].method, "GET") 78 self.assertEqual(mock.request_history[2].method, "POST") 79 self.assertJSONEqual( 80 mock.request_history[2].body, 81 { 82 "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], 83 "active": True, 84 "emails": [ 85 { 86 "primary": True, 87 "type": "other", 88 "value": f"{uid}@goauthentik.io", 89 } 90 ], 91 "externalId": user.uid, 92 "name": { 93 "familyName": uid, 94 "formatted": f"{uid} {uid}", 95 "givenName": uid, 96 }, 97 "displayName": f"{uid} {uid}", 98 "userName": uid, 99 }, 100 )
class
TestSCIMOAuthAuth(rest_framework.test.APITestCase):
15class TestSCIMOAuthAuth(APITestCase): 16 """SCIM User tests""" 17 18 @apply_blueprint("system/providers-scim.yaml") 19 def setUp(self) -> None: 20 # Delete all users and groups as the mocked HTTP responses only return one ID 21 # which will cause errors with multiple users 22 Tenant.objects.update(avatars="none") 23 User.objects.all().exclude_anonymous().delete() 24 Group.objects.all().delete() 25 self.source = OAuthSource.objects.create( 26 name=generate_id(), 27 slug=generate_id(), 28 access_token_url="http://localhost/token", # nosec 29 consumer_key=generate_id(), 30 consumer_secret=generate_id(), 31 provider_type="openidconnect", 32 ) 33 self.provider = SCIMProvider.objects.create( 34 name=generate_id(), 35 url="https://localhost", 36 auth_mode=SCIMAuthenticationMode.OAUTH_SILENT, 37 auth_oauth=self.source, 38 auth_oauth_params={ 39 "foo": "bar", 40 }, 41 exclude_users_service_account=True, 42 ) 43 self.app: Application = Application.objects.create( 44 name=generate_id(), 45 slug=generate_id(), 46 ) 47 self.app.backchannel_providers.add(self.provider) 48 self.provider.property_mappings.add( 49 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user") 50 ) 51 self.provider.property_mappings_group.add( 52 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group") 53 ) 54 55 @Mocker() 56 def test_user_create(self, mock: Mocker): 57 """Test user creation""" 58 scim_id = generate_id() 59 token = generate_id() 60 mock.post("http://localhost/token", json={"access_token": token, "expires_in": 3600}) 61 mock.get( 62 "https://localhost/ServiceProviderConfig", 63 json={}, 64 ) 65 mock.post( 66 "https://localhost/Users", 67 json={ 68 "id": scim_id, 69 }, 70 ) 71 uid = generate_id() 72 user = User.objects.create( 73 username=uid, 74 name=f"{uid} {uid}", 75 email=f"{uid}@goauthentik.io", 76 ) 77 self.assertEqual(mock.call_count, 3) 78 self.assertEqual(mock.request_history[1].method, "GET") 79 self.assertEqual(mock.request_history[2].method, "POST") 80 self.assertJSONEqual( 81 mock.request_history[2].body, 82 { 83 "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], 84 "active": True, 85 "emails": [ 86 { 87 "primary": True, 88 "type": "other", 89 "value": f"{uid}@goauthentik.io", 90 } 91 ], 92 "externalId": user.uid, 93 "name": { 94 "familyName": uid, 95 "formatted": f"{uid} {uid}", 96 "givenName": uid, 97 }, 98 "displayName": f"{uid} {uid}", 99 "userName": uid, 100 }, 101 )
SCIM User tests
@apply_blueprint('system/providers-scim.yaml')
def
setUp(self) -> None:
18 @apply_blueprint("system/providers-scim.yaml") 19 def setUp(self) -> None: 20 # Delete all users and groups as the mocked HTTP responses only return one ID 21 # which will cause errors with multiple users 22 Tenant.objects.update(avatars="none") 23 User.objects.all().exclude_anonymous().delete() 24 Group.objects.all().delete() 25 self.source = OAuthSource.objects.create( 26 name=generate_id(), 27 slug=generate_id(), 28 access_token_url="http://localhost/token", # nosec 29 consumer_key=generate_id(), 30 consumer_secret=generate_id(), 31 provider_type="openidconnect", 32 ) 33 self.provider = SCIMProvider.objects.create( 34 name=generate_id(), 35 url="https://localhost", 36 auth_mode=SCIMAuthenticationMode.OAUTH_SILENT, 37 auth_oauth=self.source, 38 auth_oauth_params={ 39 "foo": "bar", 40 }, 41 exclude_users_service_account=True, 42 ) 43 self.app: Application = Application.objects.create( 44 name=generate_id(), 45 slug=generate_id(), 46 ) 47 self.app.backchannel_providers.add(self.provider) 48 self.provider.property_mappings.add( 49 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user") 50 ) 51 self.provider.property_mappings_group.add( 52 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group") 53 )
Hook method for setting up the test fixture before exercising it.
@Mocker()
def
test_user_create(self, mock: requests_mock.mocker.Mocker):
55 @Mocker() 56 def test_user_create(self, mock: Mocker): 57 """Test user creation""" 58 scim_id = generate_id() 59 token = generate_id() 60 mock.post("http://localhost/token", json={"access_token": token, "expires_in": 3600}) 61 mock.get( 62 "https://localhost/ServiceProviderConfig", 63 json={}, 64 ) 65 mock.post( 66 "https://localhost/Users", 67 json={ 68 "id": scim_id, 69 }, 70 ) 71 uid = generate_id() 72 user = User.objects.create( 73 username=uid, 74 name=f"{uid} {uid}", 75 email=f"{uid}@goauthentik.io", 76 ) 77 self.assertEqual(mock.call_count, 3) 78 self.assertEqual(mock.request_history[1].method, "GET") 79 self.assertEqual(mock.request_history[2].method, "POST") 80 self.assertJSONEqual( 81 mock.request_history[2].body, 82 { 83 "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], 84 "active": True, 85 "emails": [ 86 { 87 "primary": True, 88 "type": "other", 89 "value": f"{uid}@goauthentik.io", 90 } 91 ], 92 "externalId": user.uid, 93 "name": { 94 "familyName": uid, 95 "formatted": f"{uid} {uid}", 96 "givenName": uid, 97 }, 98 "displayName": f"{uid} {uid}", 99 "userName": uid, 100 }, 101 )
Test user creation