authentik.providers.oauth2.tests.test_device_init
Device init tests
1"""Device init tests""" 2 3from urllib.parse import urlencode 4 5from django.urls import reverse 6from rest_framework.test import APIClient 7 8from authentik.core.models import Application, Group 9from authentik.core.tests.utils import create_test_admin_user, create_test_brand, create_test_flow 10from authentik.lib.generators import generate_id 11from authentik.policies.models import PolicyBinding 12from authentik.providers.oauth2.models import DeviceToken, GrantType, OAuth2Provider 13from authentik.providers.oauth2.tests.utils import OAuthTestCase 14from authentik.providers.oauth2.views.device_init import QS_KEY_CODE 15 16 17class TesOAuth2DeviceInit(OAuthTestCase): 18 """Test device init""" 19 20 def setUp(self) -> None: 21 self.provider = OAuth2Provider.objects.create( 22 name=generate_id(), 23 client_id="test", 24 authorization_flow=create_test_flow(), 25 grant_types=[GrantType.DEVICE_CODE], 26 ) 27 self.application = Application.objects.create( 28 name=generate_id(), 29 slug=generate_id(), 30 provider=self.provider, 31 ) 32 self.user = create_test_admin_user() 33 self.client.force_login(self.user) 34 self.device_flow = create_test_flow() 35 self.brand = create_test_brand() 36 self.brand.flow_device_code = self.device_flow 37 self.brand.save() 38 39 self.api_client = APIClient() 40 self.api_client.force_login(self.user) 41 42 def test_device_init_get(self): 43 """Test device init""" 44 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 45 self.assertEqual(res.status_code, 302) 46 self.assertEqual( 47 res.url, 48 reverse( 49 "authentik_core:if-flow", 50 kwargs={ 51 "flow_slug": self.device_flow.slug, 52 }, 53 ) 54 + "?" 55 + urlencode({"inspector": "available"}), 56 ) 57 58 def test_device_init_post(self): 59 """Test device init""" 60 res = self.api_client.get(reverse("authentik_providers_oauth2_root:device-login")) 61 self.assertEqual(res.status_code, 302) 62 self.assertEqual( 63 res.url, 64 reverse( 65 "authentik_core:if-flow", 66 kwargs={ 67 "flow_slug": self.device_flow.slug, 68 }, 69 ) 70 + "?" 71 + urlencode({"inspector": "available"}), 72 ) 73 res = self.api_client.get( 74 reverse( 75 "authentik_api:flow-executor", 76 kwargs={ 77 "flow_slug": self.device_flow.slug, 78 }, 79 ), 80 ) 81 self.assertEqual(res.status_code, 200) 82 self.assertJSONEqual( 83 res.content, 84 { 85 "component": "ak-provider-oauth2-device-code", 86 "flow_info": { 87 "background": "/static/dist/assets/images/flow_background.jpg", 88 "background_themed_urls": None, 89 "cancel_url": "/flows/-/cancel/", 90 "layout": "stacked", 91 "title": self.device_flow.title, 92 }, 93 }, 94 ) 95 96 provider = OAuth2Provider.objects.create( 97 name=generate_id(), 98 authorization_flow=create_test_flow(), 99 ) 100 Application.objects.create(name=generate_id(), slug=generate_id(), provider=provider) 101 token = DeviceToken.objects.create( 102 provider=provider, 103 ) 104 105 res = self.api_client.post( 106 reverse( 107 "authentik_api:flow-executor", 108 kwargs={ 109 "flow_slug": self.device_flow.slug, 110 }, 111 ), 112 data={ 113 "component": "ak-provider-oauth2-device-code", 114 "code": token.user_code, 115 }, 116 ) 117 self.assertEqual(res.status_code, 200) 118 self.assertJSONEqual( 119 res.content, 120 { 121 "component": "xak-flow-redirect", 122 "to": reverse( 123 "authentik_core:if-flow", 124 kwargs={ 125 "flow_slug": provider.authorization_flow.slug, 126 }, 127 ) 128 + "?" 129 + urlencode({"inspector": "available"}), 130 }, 131 ) 132 133 def test_no_flow(self): 134 """Test no flow""" 135 self.brand.flow_device_code = None 136 self.brand.save() 137 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 138 self.assertEqual(res.status_code, 404) 139 140 def test_device_init_qs(self): 141 """Test device init""" 142 token = DeviceToken.objects.create( 143 user_code="foo", 144 provider=self.provider, 145 ) 146 res = self.client.get( 147 reverse("authentik_providers_oauth2_root:device-login") 148 + "?" 149 + urlencode({QS_KEY_CODE: token.user_code}) 150 ) 151 self.assertEqual(res.status_code, 302) 152 self.assertEqual( 153 res.url, 154 reverse( 155 "authentik_core:if-flow", 156 kwargs={ 157 "flow_slug": self.provider.authorization_flow.slug, 158 }, 159 ) 160 + "?" 161 + urlencode({QS_KEY_CODE: token.user_code, "inspector": "available"}), 162 ) 163 164 def test_device_init_denied(self): 165 """Test device init""" 166 group = Group.objects.create(name="foo") 167 PolicyBinding.objects.create( 168 group=group, 169 target=self.application, 170 order=0, 171 ) 172 token = DeviceToken.objects.create( 173 user_code="foo", 174 provider=self.provider, 175 ) 176 res = self.client.get( 177 reverse("authentik_providers_oauth2_root:device-login") 178 + "?" 179 + urlencode({QS_KEY_CODE: token.user_code}) 180 ) 181 self.assertEqual(res.status_code, 200) 182 self.assertIn(b"Permission denied", res.content)
18class TesOAuth2DeviceInit(OAuthTestCase): 19 """Test device init""" 20 21 def setUp(self) -> None: 22 self.provider = OAuth2Provider.objects.create( 23 name=generate_id(), 24 client_id="test", 25 authorization_flow=create_test_flow(), 26 grant_types=[GrantType.DEVICE_CODE], 27 ) 28 self.application = Application.objects.create( 29 name=generate_id(), 30 slug=generate_id(), 31 provider=self.provider, 32 ) 33 self.user = create_test_admin_user() 34 self.client.force_login(self.user) 35 self.device_flow = create_test_flow() 36 self.brand = create_test_brand() 37 self.brand.flow_device_code = self.device_flow 38 self.brand.save() 39 40 self.api_client = APIClient() 41 self.api_client.force_login(self.user) 42 43 def test_device_init_get(self): 44 """Test device init""" 45 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 46 self.assertEqual(res.status_code, 302) 47 self.assertEqual( 48 res.url, 49 reverse( 50 "authentik_core:if-flow", 51 kwargs={ 52 "flow_slug": self.device_flow.slug, 53 }, 54 ) 55 + "?" 56 + urlencode({"inspector": "available"}), 57 ) 58 59 def test_device_init_post(self): 60 """Test device init""" 61 res = self.api_client.get(reverse("authentik_providers_oauth2_root:device-login")) 62 self.assertEqual(res.status_code, 302) 63 self.assertEqual( 64 res.url, 65 reverse( 66 "authentik_core:if-flow", 67 kwargs={ 68 "flow_slug": self.device_flow.slug, 69 }, 70 ) 71 + "?" 72 + urlencode({"inspector": "available"}), 73 ) 74 res = self.api_client.get( 75 reverse( 76 "authentik_api:flow-executor", 77 kwargs={ 78 "flow_slug": self.device_flow.slug, 79 }, 80 ), 81 ) 82 self.assertEqual(res.status_code, 200) 83 self.assertJSONEqual( 84 res.content, 85 { 86 "component": "ak-provider-oauth2-device-code", 87 "flow_info": { 88 "background": "/static/dist/assets/images/flow_background.jpg", 89 "background_themed_urls": None, 90 "cancel_url": "/flows/-/cancel/", 91 "layout": "stacked", 92 "title": self.device_flow.title, 93 }, 94 }, 95 ) 96 97 provider = OAuth2Provider.objects.create( 98 name=generate_id(), 99 authorization_flow=create_test_flow(), 100 ) 101 Application.objects.create(name=generate_id(), slug=generate_id(), provider=provider) 102 token = DeviceToken.objects.create( 103 provider=provider, 104 ) 105 106 res = self.api_client.post( 107 reverse( 108 "authentik_api:flow-executor", 109 kwargs={ 110 "flow_slug": self.device_flow.slug, 111 }, 112 ), 113 data={ 114 "component": "ak-provider-oauth2-device-code", 115 "code": token.user_code, 116 }, 117 ) 118 self.assertEqual(res.status_code, 200) 119 self.assertJSONEqual( 120 res.content, 121 { 122 "component": "xak-flow-redirect", 123 "to": reverse( 124 "authentik_core:if-flow", 125 kwargs={ 126 "flow_slug": provider.authorization_flow.slug, 127 }, 128 ) 129 + "?" 130 + urlencode({"inspector": "available"}), 131 }, 132 ) 133 134 def test_no_flow(self): 135 """Test no flow""" 136 self.brand.flow_device_code = None 137 self.brand.save() 138 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 139 self.assertEqual(res.status_code, 404) 140 141 def test_device_init_qs(self): 142 """Test device init""" 143 token = DeviceToken.objects.create( 144 user_code="foo", 145 provider=self.provider, 146 ) 147 res = self.client.get( 148 reverse("authentik_providers_oauth2_root:device-login") 149 + "?" 150 + urlencode({QS_KEY_CODE: token.user_code}) 151 ) 152 self.assertEqual(res.status_code, 302) 153 self.assertEqual( 154 res.url, 155 reverse( 156 "authentik_core:if-flow", 157 kwargs={ 158 "flow_slug": self.provider.authorization_flow.slug, 159 }, 160 ) 161 + "?" 162 + urlencode({QS_KEY_CODE: token.user_code, "inspector": "available"}), 163 ) 164 165 def test_device_init_denied(self): 166 """Test device init""" 167 group = Group.objects.create(name="foo") 168 PolicyBinding.objects.create( 169 group=group, 170 target=self.application, 171 order=0, 172 ) 173 token = DeviceToken.objects.create( 174 user_code="foo", 175 provider=self.provider, 176 ) 177 res = self.client.get( 178 reverse("authentik_providers_oauth2_root:device-login") 179 + "?" 180 + urlencode({QS_KEY_CODE: token.user_code}) 181 ) 182 self.assertEqual(res.status_code, 200) 183 self.assertIn(b"Permission denied", res.content)
Test device init
def
setUp(self) -> None:
21 def setUp(self) -> None: 22 self.provider = OAuth2Provider.objects.create( 23 name=generate_id(), 24 client_id="test", 25 authorization_flow=create_test_flow(), 26 grant_types=[GrantType.DEVICE_CODE], 27 ) 28 self.application = Application.objects.create( 29 name=generate_id(), 30 slug=generate_id(), 31 provider=self.provider, 32 ) 33 self.user = create_test_admin_user() 34 self.client.force_login(self.user) 35 self.device_flow = create_test_flow() 36 self.brand = create_test_brand() 37 self.brand.flow_device_code = self.device_flow 38 self.brand.save() 39 40 self.api_client = APIClient() 41 self.api_client.force_login(self.user)
Hook method for setting up the test fixture before exercising it.
def
test_device_init_get(self):
43 def test_device_init_get(self): 44 """Test device init""" 45 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 46 self.assertEqual(res.status_code, 302) 47 self.assertEqual( 48 res.url, 49 reverse( 50 "authentik_core:if-flow", 51 kwargs={ 52 "flow_slug": self.device_flow.slug, 53 }, 54 ) 55 + "?" 56 + urlencode({"inspector": "available"}), 57 )
Test device init
def
test_device_init_post(self):
59 def test_device_init_post(self): 60 """Test device init""" 61 res = self.api_client.get(reverse("authentik_providers_oauth2_root:device-login")) 62 self.assertEqual(res.status_code, 302) 63 self.assertEqual( 64 res.url, 65 reverse( 66 "authentik_core:if-flow", 67 kwargs={ 68 "flow_slug": self.device_flow.slug, 69 }, 70 ) 71 + "?" 72 + urlencode({"inspector": "available"}), 73 ) 74 res = self.api_client.get( 75 reverse( 76 "authentik_api:flow-executor", 77 kwargs={ 78 "flow_slug": self.device_flow.slug, 79 }, 80 ), 81 ) 82 self.assertEqual(res.status_code, 200) 83 self.assertJSONEqual( 84 res.content, 85 { 86 "component": "ak-provider-oauth2-device-code", 87 "flow_info": { 88 "background": "/static/dist/assets/images/flow_background.jpg", 89 "background_themed_urls": None, 90 "cancel_url": "/flows/-/cancel/", 91 "layout": "stacked", 92 "title": self.device_flow.title, 93 }, 94 }, 95 ) 96 97 provider = OAuth2Provider.objects.create( 98 name=generate_id(), 99 authorization_flow=create_test_flow(), 100 ) 101 Application.objects.create(name=generate_id(), slug=generate_id(), provider=provider) 102 token = DeviceToken.objects.create( 103 provider=provider, 104 ) 105 106 res = self.api_client.post( 107 reverse( 108 "authentik_api:flow-executor", 109 kwargs={ 110 "flow_slug": self.device_flow.slug, 111 }, 112 ), 113 data={ 114 "component": "ak-provider-oauth2-device-code", 115 "code": token.user_code, 116 }, 117 ) 118 self.assertEqual(res.status_code, 200) 119 self.assertJSONEqual( 120 res.content, 121 { 122 "component": "xak-flow-redirect", 123 "to": reverse( 124 "authentik_core:if-flow", 125 kwargs={ 126 "flow_slug": provider.authorization_flow.slug, 127 }, 128 ) 129 + "?" 130 + urlencode({"inspector": "available"}), 131 }, 132 )
Test device init
def
test_no_flow(self):
134 def test_no_flow(self): 135 """Test no flow""" 136 self.brand.flow_device_code = None 137 self.brand.save() 138 res = self.client.get(reverse("authentik_providers_oauth2_root:device-login")) 139 self.assertEqual(res.status_code, 404)
Test no flow
def
test_device_init_qs(self):
141 def test_device_init_qs(self): 142 """Test device init""" 143 token = DeviceToken.objects.create( 144 user_code="foo", 145 provider=self.provider, 146 ) 147 res = self.client.get( 148 reverse("authentik_providers_oauth2_root:device-login") 149 + "?" 150 + urlencode({QS_KEY_CODE: token.user_code}) 151 ) 152 self.assertEqual(res.status_code, 302) 153 self.assertEqual( 154 res.url, 155 reverse( 156 "authentik_core:if-flow", 157 kwargs={ 158 "flow_slug": self.provider.authorization_flow.slug, 159 }, 160 ) 161 + "?" 162 + urlencode({QS_KEY_CODE: token.user_code, "inspector": "available"}), 163 )
Test device init
def
test_device_init_denied(self):
165 def test_device_init_denied(self): 166 """Test device init""" 167 group = Group.objects.create(name="foo") 168 PolicyBinding.objects.create( 169 group=group, 170 target=self.application, 171 order=0, 172 ) 173 token = DeviceToken.objects.create( 174 user_code="foo", 175 provider=self.provider, 176 ) 177 res = self.client.get( 178 reverse("authentik_providers_oauth2_root:device-login") 179 + "?" 180 + urlencode({QS_KEY_CODE: token.user_code}) 181 ) 182 self.assertEqual(res.status_code, 200) 183 self.assertIn(b"Permission denied", res.content)
Test device init