authentik.lib.tests.test_http
Test HTTP Helpers
1"""Test HTTP Helpers""" 2 3from django.test import RequestFactory, TestCase 4 5from authentik.core.models import Token, TokenIntents, UserTypes 6from authentik.core.tests.utils import create_test_admin_user 7from authentik.lib.views import bad_request_message 8from authentik.root.middleware import ClientIPMiddleware 9 10 11class TestHTTP(TestCase): 12 """Test HTTP Helpers""" 13 14 def setUp(self) -> None: 15 self.user = create_test_admin_user() 16 self.factory = RequestFactory() 17 18 def test_bad_request_message(self): 19 """test bad_request_message""" 20 request = self.factory.get("/") 21 self.assertEqual(bad_request_message(request, "foo").status_code, 400) 22 23 def test_normal(self): 24 """Test normal request""" 25 request = self.factory.get("/") 26 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 27 28 def test_forward_for(self): 29 """Test x-forwarded-for request""" 30 request = self.factory.get("/", HTTP_X_FORWARDED_FOR="127.0.0.2") 31 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.2") 32 33 def test_forward_for_invalid(self): 34 """Test invalid forward for""" 35 request = self.factory.get("/", HTTP_X_FORWARDED_FOR="foobar") 36 self.assertEqual(ClientIPMiddleware.get_client_ip(request), ClientIPMiddleware.default_ip) 37 38 def test_fake_outpost(self): 39 """Test faked IP which is overridden by an outpost""" 40 token = Token.objects.create( 41 identifier="test", user=self.user, intent=TokenIntents.INTENT_API 42 ) 43 # Invalid, non-existent token 44 request = self.factory.get( 45 "/", 46 **{ 47 ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4", 48 ClientIPMiddleware.outpost_token_header: "abc", 49 }, 50 ) 51 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 52 # Invalid, user doesn't have permissions 53 request = self.factory.get( 54 "/", 55 **{ 56 ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4", 57 ClientIPMiddleware.outpost_token_header: token.key, 58 }, 59 ) 60 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 61 # Invalid, not a real IP 62 self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT 63 self.user.save() 64 request = self.factory.get( 65 "/", 66 **{ 67 ClientIPMiddleware.outpost_remote_ip_header: "foobar", 68 ClientIPMiddleware.outpost_token_header: token.key, 69 }, 70 ) 71 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 72 # Valid 73 self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT 74 self.user.save() 75 request = self.factory.get( 76 "/", 77 **{ 78 ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4", 79 ClientIPMiddleware.outpost_token_header: token.key, 80 }, 81 ) 82 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "1.2.3.4")
class
TestHTTP(django.test.testcases.TestCase):
12class TestHTTP(TestCase): 13 """Test HTTP Helpers""" 14 15 def setUp(self) -> None: 16 self.user = create_test_admin_user() 17 self.factory = RequestFactory() 18 19 def test_bad_request_message(self): 20 """test bad_request_message""" 21 request = self.factory.get("/") 22 self.assertEqual(bad_request_message(request, "foo").status_code, 400) 23 24 def test_normal(self): 25 """Test normal request""" 26 request = self.factory.get("/") 27 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 28 29 def test_forward_for(self): 30 """Test x-forwarded-for request""" 31 request = self.factory.get("/", HTTP_X_FORWARDED_FOR="127.0.0.2") 32 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.2") 33 34 def test_forward_for_invalid(self): 35 """Test invalid forward for""" 36 request = self.factory.get("/", HTTP_X_FORWARDED_FOR="foobar") 37 self.assertEqual(ClientIPMiddleware.get_client_ip(request), ClientIPMiddleware.default_ip) 38 39 def test_fake_outpost(self): 40 """Test faked IP which is overridden by an outpost""" 41 token = Token.objects.create( 42 identifier="test", user=self.user, intent=TokenIntents.INTENT_API 43 ) 44 # Invalid, non-existent token 45 request = self.factory.get( 46 "/", 47 **{ 48 ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4", 49 ClientIPMiddleware.outpost_token_header: "abc", 50 }, 51 ) 52 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 53 # Invalid, user doesn't have permissions 54 request = self.factory.get( 55 "/", 56 **{ 57 ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4", 58 ClientIPMiddleware.outpost_token_header: token.key, 59 }, 60 ) 61 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 62 # Invalid, not a real IP 63 self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT 64 self.user.save() 65 request = self.factory.get( 66 "/", 67 **{ 68 ClientIPMiddleware.outpost_remote_ip_header: "foobar", 69 ClientIPMiddleware.outpost_token_header: token.key, 70 }, 71 ) 72 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 73 # Valid 74 self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT 75 self.user.save() 76 request = self.factory.get( 77 "/", 78 **{ 79 ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4", 80 ClientIPMiddleware.outpost_token_header: token.key, 81 }, 82 ) 83 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "1.2.3.4")
Test HTTP Helpers
def
setUp(self) -> None:
15 def setUp(self) -> None: 16 self.user = create_test_admin_user() 17 self.factory = RequestFactory()
Hook method for setting up the test fixture before exercising it.
def
test_bad_request_message(self):
19 def test_bad_request_message(self): 20 """test bad_request_message""" 21 request = self.factory.get("/") 22 self.assertEqual(bad_request_message(request, "foo").status_code, 400)
test bad_request_message
def
test_normal(self):
24 def test_normal(self): 25 """Test normal request""" 26 request = self.factory.get("/") 27 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1")
Test normal request
def
test_forward_for(self):
29 def test_forward_for(self): 30 """Test x-forwarded-for request""" 31 request = self.factory.get("/", HTTP_X_FORWARDED_FOR="127.0.0.2") 32 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.2")
Test x-forwarded-for request
def
test_forward_for_invalid(self):
34 def test_forward_for_invalid(self): 35 """Test invalid forward for""" 36 request = self.factory.get("/", HTTP_X_FORWARDED_FOR="foobar") 37 self.assertEqual(ClientIPMiddleware.get_client_ip(request), ClientIPMiddleware.default_ip)
Test invalid forward for
def
test_fake_outpost(self):
39 def test_fake_outpost(self): 40 """Test faked IP which is overridden by an outpost""" 41 token = Token.objects.create( 42 identifier="test", user=self.user, intent=TokenIntents.INTENT_API 43 ) 44 # Invalid, non-existent token 45 request = self.factory.get( 46 "/", 47 **{ 48 ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4", 49 ClientIPMiddleware.outpost_token_header: "abc", 50 }, 51 ) 52 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 53 # Invalid, user doesn't have permissions 54 request = self.factory.get( 55 "/", 56 **{ 57 ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4", 58 ClientIPMiddleware.outpost_token_header: token.key, 59 }, 60 ) 61 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 62 # Invalid, not a real IP 63 self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT 64 self.user.save() 65 request = self.factory.get( 66 "/", 67 **{ 68 ClientIPMiddleware.outpost_remote_ip_header: "foobar", 69 ClientIPMiddleware.outpost_token_header: token.key, 70 }, 71 ) 72 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "127.0.0.1") 73 # Valid 74 self.user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT 75 self.user.save() 76 request = self.factory.get( 77 "/", 78 **{ 79 ClientIPMiddleware.outpost_remote_ip_header: "1.2.3.4", 80 ClientIPMiddleware.outpost_token_header: token.key, 81 }, 82 ) 83 self.assertEqual(ClientIPMiddleware.get_client_ip(request), "1.2.3.4")
Test faked IP which is overridden by an outpost