authentik.providers.oauth2.tests.test_device_init
Device init tests
1"""Device init tests""" 2 3from urllib.parse import urlencode 4 5from django.urls import reverse 6from rest_framework.test import APIClient 7 8from authentik.core.models import Application, Group 9from authentik.core.tests.utils import create_test_admin_user, create_test_brand, create_test_flow 10from authentik.lib.generators import generate_id 11from authentik.policies.models import PolicyBinding 12from authentik.providers.oauth2.models import DeviceToken, OAuth2Provider 13from authentik.providers.oauth2.tests.utils import OAuthTestCase 14from authentik.providers.oauth2.views.device_init import QS_KEY_CODE 15 16 17class TesOAuth2DeviceInit(OAuthTestCase): 18 """Test device init""" 19 20 def setUp(self) -> None: 21 self.provider = OAuth2Provider.objects.create( 22 name=generate_id(), 23 client_id="test", 24 authorization_flow=create_test_flow(), 25 ) 26 self.application = Application.objects.create( 27 name=generate_id(), 28 slug=generate_id(), 29 provider=self.provider, 30 ) 31 self.user = create_test_admin_user() 32 self.client.force_login(self.user) 33 self.device_flow = create_test_flow() 34 self.brand = create_test_brand() 35 self.brand.flow_device_code = self.device_flow 36 self.brand.save() 37 38 self.api_client = APIClient() 39 self.api_client.force_login(self.user) 40 41 def test_device_init_get(self): 42 """Test device init""" 43 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 44 self.assertEqual(res.status_code, 302) 45 self.assertEqual( 46 res.url, 47 reverse( 48 "authentik_core:if-flow", 49 kwargs={ 50 "flow_slug": self.device_flow.slug, 51 }, 52 ) 53 + "?" 54 + urlencode({"inspector": "available"}), 55 ) 56 57 def test_device_init_post(self): 58 """Test device init""" 59 res = self.api_client.get(reverse("authentik_providers_oauth2_root:device-login")) 60 self.assertEqual(res.status_code, 302) 61 self.assertEqual( 62 res.url, 63 reverse( 64 "authentik_core:if-flow", 65 kwargs={ 66 "flow_slug": self.device_flow.slug, 67 }, 68 ) 69 + "?" 70 + urlencode({"inspector": "available"}), 71 ) 72 res = self.api_client.get( 73 reverse( 74 "authentik_api:flow-executor", 75 kwargs={ 76 "flow_slug": self.device_flow.slug, 77 }, 78 ), 79 ) 80 self.assertEqual(res.status_code, 200) 81 self.assertJSONEqual( 82 res.content, 83 { 84 "component": "ak-provider-oauth2-device-code", 85 "flow_info": { 86 "background": "/static/dist/assets/images/flow_background.jpg", 87 "background_themed_urls": None, 88 "cancel_url": "/flows/-/cancel/", 89 "layout": "stacked", 90 "title": self.device_flow.title, 91 }, 92 }, 93 ) 94 95 provider = OAuth2Provider.objects.create( 96 name=generate_id(), 97 authorization_flow=create_test_flow(), 98 ) 99 Application.objects.create(name=generate_id(), slug=generate_id(), provider=provider) 100 token = DeviceToken.objects.create( 101 provider=provider, 102 ) 103 104 res = self.api_client.post( 105 reverse( 106 "authentik_api:flow-executor", 107 kwargs={ 108 "flow_slug": self.device_flow.slug, 109 }, 110 ), 111 data={ 112 "component": "ak-provider-oauth2-device-code", 113 "code": token.user_code, 114 }, 115 ) 116 self.assertEqual(res.status_code, 200) 117 self.assertJSONEqual( 118 res.content, 119 { 120 "component": "xak-flow-redirect", 121 "to": reverse( 122 "authentik_core:if-flow", 123 kwargs={ 124 "flow_slug": provider.authorization_flow.slug, 125 }, 126 ) 127 + "?" 128 + urlencode({"inspector": "available"}), 129 }, 130 ) 131 132 def test_no_flow(self): 133 """Test no flow""" 134 self.brand.flow_device_code = None 135 self.brand.save() 136 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 137 self.assertEqual(res.status_code, 404) 138 139 def test_device_init_qs(self): 140 """Test device init""" 141 token = DeviceToken.objects.create( 142 user_code="foo", 143 provider=self.provider, 144 ) 145 res = self.client.get( 146 reverse("authentik_providers_oauth2_root:device-login") 147 + "?" 148 + urlencode({QS_KEY_CODE: token.user_code}) 149 ) 150 self.assertEqual(res.status_code, 302) 151 self.assertEqual( 152 res.url, 153 reverse( 154 "authentik_core:if-flow", 155 kwargs={ 156 "flow_slug": self.provider.authorization_flow.slug, 157 }, 158 ) 159 + "?" 160 + urlencode({QS_KEY_CODE: token.user_code, "inspector": "available"}), 161 ) 162 163 def test_device_init_denied(self): 164 """Test device init""" 165 group = Group.objects.create(name="foo") 166 PolicyBinding.objects.create( 167 group=group, 168 target=self.application, 169 order=0, 170 ) 171 token = DeviceToken.objects.create( 172 user_code="foo", 173 provider=self.provider, 174 ) 175 res = self.client.get( 176 reverse("authentik_providers_oauth2_root:device-login") 177 + "?" 178 + urlencode({QS_KEY_CODE: token.user_code}) 179 ) 180 self.assertEqual(res.status_code, 200) 181 self.assertIn(b"Permission denied", res.content)
18class TesOAuth2DeviceInit(OAuthTestCase): 19 """Test device init""" 20 21 def setUp(self) -> None: 22 self.provider = OAuth2Provider.objects.create( 23 name=generate_id(), 24 client_id="test", 25 authorization_flow=create_test_flow(), 26 ) 27 self.application = Application.objects.create( 28 name=generate_id(), 29 slug=generate_id(), 30 provider=self.provider, 31 ) 32 self.user = create_test_admin_user() 33 self.client.force_login(self.user) 34 self.device_flow = create_test_flow() 35 self.brand = create_test_brand() 36 self.brand.flow_device_code = self.device_flow 37 self.brand.save() 38 39 self.api_client = APIClient() 40 self.api_client.force_login(self.user) 41 42 def test_device_init_get(self): 43 """Test device init""" 44 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 45 self.assertEqual(res.status_code, 302) 46 self.assertEqual( 47 res.url, 48 reverse( 49 "authentik_core:if-flow", 50 kwargs={ 51 "flow_slug": self.device_flow.slug, 52 }, 53 ) 54 + "?" 55 + urlencode({"inspector": "available"}), 56 ) 57 58 def test_device_init_post(self): 59 """Test device init""" 60 res = self.api_client.get(reverse("authentik_providers_oauth2_root:device-login")) 61 self.assertEqual(res.status_code, 302) 62 self.assertEqual( 63 res.url, 64 reverse( 65 "authentik_core:if-flow", 66 kwargs={ 67 "flow_slug": self.device_flow.slug, 68 }, 69 ) 70 + "?" 71 + urlencode({"inspector": "available"}), 72 ) 73 res = self.api_client.get( 74 reverse( 75 "authentik_api:flow-executor", 76 kwargs={ 77 "flow_slug": self.device_flow.slug, 78 }, 79 ), 80 ) 81 self.assertEqual(res.status_code, 200) 82 self.assertJSONEqual( 83 res.content, 84 { 85 "component": "ak-provider-oauth2-device-code", 86 "flow_info": { 87 "background": "/static/dist/assets/images/flow_background.jpg", 88 "background_themed_urls": None, 89 "cancel_url": "/flows/-/cancel/", 90 "layout": "stacked", 91 "title": self.device_flow.title, 92 }, 93 }, 94 ) 95 96 provider = OAuth2Provider.objects.create( 97 name=generate_id(), 98 authorization_flow=create_test_flow(), 99 ) 100 Application.objects.create(name=generate_id(), slug=generate_id(), provider=provider) 101 token = DeviceToken.objects.create( 102 provider=provider, 103 ) 104 105 res = self.api_client.post( 106 reverse( 107 "authentik_api:flow-executor", 108 kwargs={ 109 "flow_slug": self.device_flow.slug, 110 }, 111 ), 112 data={ 113 "component": "ak-provider-oauth2-device-code", 114 "code": token.user_code, 115 }, 116 ) 117 self.assertEqual(res.status_code, 200) 118 self.assertJSONEqual( 119 res.content, 120 { 121 "component": "xak-flow-redirect", 122 "to": reverse( 123 "authentik_core:if-flow", 124 kwargs={ 125 "flow_slug": provider.authorization_flow.slug, 126 }, 127 ) 128 + "?" 129 + urlencode({"inspector": "available"}), 130 }, 131 ) 132 133 def test_no_flow(self): 134 """Test no flow""" 135 self.brand.flow_device_code = None 136 self.brand.save() 137 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 138 self.assertEqual(res.status_code, 404) 139 140 def test_device_init_qs(self): 141 """Test device init""" 142 token = DeviceToken.objects.create( 143 user_code="foo", 144 provider=self.provider, 145 ) 146 res = self.client.get( 147 reverse("authentik_providers_oauth2_root:device-login") 148 + "?" 149 + urlencode({QS_KEY_CODE: token.user_code}) 150 ) 151 self.assertEqual(res.status_code, 302) 152 self.assertEqual( 153 res.url, 154 reverse( 155 "authentik_core:if-flow", 156 kwargs={ 157 "flow_slug": self.provider.authorization_flow.slug, 158 }, 159 ) 160 + "?" 161 + urlencode({QS_KEY_CODE: token.user_code, "inspector": "available"}), 162 ) 163 164 def test_device_init_denied(self): 165 """Test device init""" 166 group = Group.objects.create(name="foo") 167 PolicyBinding.objects.create( 168 group=group, 169 target=self.application, 170 order=0, 171 ) 172 token = DeviceToken.objects.create( 173 user_code="foo", 174 provider=self.provider, 175 ) 176 res = self.client.get( 177 reverse("authentik_providers_oauth2_root:device-login") 178 + "?" 179 + urlencode({QS_KEY_CODE: token.user_code}) 180 ) 181 self.assertEqual(res.status_code, 200) 182 self.assertIn(b"Permission denied", res.content)
Test device init
def
setUp(self) -> None:
21 def setUp(self) -> None: 22 self.provider = OAuth2Provider.objects.create( 23 name=generate_id(), 24 client_id="test", 25 authorization_flow=create_test_flow(), 26 ) 27 self.application = Application.objects.create( 28 name=generate_id(), 29 slug=generate_id(), 30 provider=self.provider, 31 ) 32 self.user = create_test_admin_user() 33 self.client.force_login(self.user) 34 self.device_flow = create_test_flow() 35 self.brand = create_test_brand() 36 self.brand.flow_device_code = self.device_flow 37 self.brand.save() 38 39 self.api_client = APIClient() 40 self.api_client.force_login(self.user)
Hook method for setting up the test fixture before exercising it.
def
test_device_init_get(self):
42 def test_device_init_get(self): 43 """Test device init""" 44 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 45 self.assertEqual(res.status_code, 302) 46 self.assertEqual( 47 res.url, 48 reverse( 49 "authentik_core:if-flow", 50 kwargs={ 51 "flow_slug": self.device_flow.slug, 52 }, 53 ) 54 + "?" 55 + urlencode({"inspector": "available"}), 56 )
Test device init
def
test_device_init_post(self):
58 def test_device_init_post(self): 59 """Test device init""" 60 res = self.api_client.get(reverse("authentik_providers_oauth2_root:device-login")) 61 self.assertEqual(res.status_code, 302) 62 self.assertEqual( 63 res.url, 64 reverse( 65 "authentik_core:if-flow", 66 kwargs={ 67 "flow_slug": self.device_flow.slug, 68 }, 69 ) 70 + "?" 71 + urlencode({"inspector": "available"}), 72 ) 73 res = self.api_client.get( 74 reverse( 75 "authentik_api:flow-executor", 76 kwargs={ 77 "flow_slug": self.device_flow.slug, 78 }, 79 ), 80 ) 81 self.assertEqual(res.status_code, 200) 82 self.assertJSONEqual( 83 res.content, 84 { 85 "component": "ak-provider-oauth2-device-code", 86 "flow_info": { 87 "background": "/static/dist/assets/images/flow_background.jpg", 88 "background_themed_urls": None, 89 "cancel_url": "/flows/-/cancel/", 90 "layout": "stacked", 91 "title": self.device_flow.title, 92 }, 93 }, 94 ) 95 96 provider = OAuth2Provider.objects.create( 97 name=generate_id(), 98 authorization_flow=create_test_flow(), 99 ) 100 Application.objects.create(name=generate_id(), slug=generate_id(), provider=provider) 101 token = DeviceToken.objects.create( 102 provider=provider, 103 ) 104 105 res = self.api_client.post( 106 reverse( 107 "authentik_api:flow-executor", 108 kwargs={ 109 "flow_slug": self.device_flow.slug, 110 }, 111 ), 112 data={ 113 "component": "ak-provider-oauth2-device-code", 114 "code": token.user_code, 115 }, 116 ) 117 self.assertEqual(res.status_code, 200) 118 self.assertJSONEqual( 119 res.content, 120 { 121 "component": "xak-flow-redirect", 122 "to": reverse( 123 "authentik_core:if-flow", 124 kwargs={ 125 "flow_slug": provider.authorization_flow.slug, 126 }, 127 ) 128 + "?" 129 + urlencode({"inspector": "available"}), 130 }, 131 )
Test device init
def
test_no_flow(self):
133 def test_no_flow(self): 134 """Test no flow""" 135 self.brand.flow_device_code = None 136 self.brand.save() 137 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 138 self.assertEqual(res.status_code, 404)
Test no flow
def
test_device_init_qs(self):
140 def test_device_init_qs(self): 141 """Test device init""" 142 token = DeviceToken.objects.create( 143 user_code="foo", 144 provider=self.provider, 145 ) 146 res = self.client.get( 147 reverse("authentik_providers_oauth2_root:device-login") 148 + "?" 149 + urlencode({QS_KEY_CODE: token.user_code}) 150 ) 151 self.assertEqual(res.status_code, 302) 152 self.assertEqual( 153 res.url, 154 reverse( 155 "authentik_core:if-flow", 156 kwargs={ 157 "flow_slug": self.provider.authorization_flow.slug, 158 }, 159 ) 160 + "?" 161 + urlencode({QS_KEY_CODE: token.user_code, "inspector": "available"}), 162 )
Test device init
def
test_device_init_denied(self):
164 def test_device_init_denied(self): 165 """Test device init""" 166 group = Group.objects.create(name="foo") 167 PolicyBinding.objects.create( 168 group=group, 169 target=self.application, 170 order=0, 171 ) 172 token = DeviceToken.objects.create( 173 user_code="foo", 174 provider=self.provider, 175 ) 176 res = self.client.get( 177 reverse("authentik_providers_oauth2_root:device-login") 178 + "?" 179 + urlencode({QS_KEY_CODE: token.user_code}) 180 ) 181 self.assertEqual(res.status_code, 200) 182 self.assertIn(b"Permission denied", res.content)
Test device init