authentik.providers.rac.tests.test_endpoints_api
Test Endpoints API
1"""Test Endpoints API""" 2 3from django.urls import reverse 4from rest_framework.test import APITestCase 5 6from authentik.core.models import Application 7from authentik.core.tests.utils import create_test_admin_user 8from authentik.lib.generators import generate_id 9from authentik.policies.dummy.models import DummyPolicy 10from authentik.policies.models import PolicyBinding 11from authentik.providers.rac.models import Endpoint, Protocols, RACProvider 12 13 14class TestEndpointsAPI(APITestCase): 15 """Test endpoints API""" 16 17 def setUp(self) -> None: 18 self.user = create_test_admin_user() 19 self.provider = RACProvider.objects.create( 20 name=generate_id(), 21 ) 22 self.app = Application.objects.create( 23 name=generate_id(), 24 slug=generate_id(), 25 provider=self.provider, 26 ) 27 self.allowed = Endpoint.objects.create( 28 name=f"a-{generate_id()}", 29 host=generate_id(), 30 protocol=Protocols.RDP, 31 provider=self.provider, 32 ) 33 self.denied = Endpoint.objects.create( 34 name=f"b-{generate_id()}", 35 host=generate_id(), 36 protocol=Protocols.RDP, 37 provider=self.provider, 38 ) 39 PolicyBinding.objects.create( 40 target=self.denied, 41 policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), 42 order=0, 43 ) 44 45 def test_list(self): 46 """Test list operation without superuser_full_list""" 47 self.client.force_login(self.user) 48 response = self.client.get(reverse("authentik_api:endpoint-list")) 49 self.assertJSONEqual( 50 response.content.decode(), 51 { 52 "autocomplete": {}, 53 "pagination": { 54 "next": 0, 55 "previous": 0, 56 "count": 2, 57 "current": 1, 58 "total_pages": 1, 59 "start_index": 1, 60 "end_index": 2, 61 }, 62 "results": [ 63 { 64 "pk": str(self.allowed.pk), 65 "name": self.allowed.name, 66 "provider": self.provider.pk, 67 "provider_obj": { 68 "pk": self.provider.pk, 69 "name": self.provider.name, 70 "authentication_flow": None, 71 "authorization_flow": None, 72 "property_mappings": [], 73 "connection_expiry": "hours=8", 74 "delete_token_on_disconnect": False, 75 "component": "ak-provider-rac-form", 76 "assigned_application_slug": self.app.slug, 77 "assigned_application_name": self.app.name, 78 "assigned_backchannel_application_name": None, 79 "assigned_backchannel_application_slug": None, 80 "verbose_name": "RAC Provider", 81 "verbose_name_plural": "RAC Providers", 82 "meta_model_name": "authentik_providers_rac.racprovider", 83 "settings": {}, 84 "outpost_set": [], 85 }, 86 "protocol": "rdp", 87 "host": self.allowed.host, 88 "maximum_connections": 1, 89 "settings": {}, 90 "property_mappings": [], 91 "auth_mode": "", 92 "launch_url": f"/application/rac/{self.app.slug}/{str(self.allowed.pk)}/", 93 }, 94 ], 95 }, 96 ) 97 98 def test_list_superuser_full_list(self): 99 """Test list operation with superuser_full_list""" 100 self.client.force_login(self.user) 101 response = self.client.get( 102 reverse("authentik_api:endpoint-list") + "?superuser_full_list=true" 103 ) 104 self.assertJSONEqual( 105 response.content.decode(), 106 { 107 "autocomplete": {}, 108 "pagination": { 109 "next": 0, 110 "previous": 0, 111 "count": 2, 112 "current": 1, 113 "total_pages": 1, 114 "start_index": 1, 115 "end_index": 2, 116 }, 117 "results": [ 118 { 119 "pk": str(self.allowed.pk), 120 "name": self.allowed.name, 121 "provider": self.provider.pk, 122 "provider_obj": { 123 "pk": self.provider.pk, 124 "name": self.provider.name, 125 "authentication_flow": None, 126 "authorization_flow": None, 127 "property_mappings": [], 128 "component": "ak-provider-rac-form", 129 "assigned_application_slug": self.app.slug, 130 "assigned_application_name": self.app.name, 131 "assigned_backchannel_application_name": None, 132 "assigned_backchannel_application_slug": None, 133 "connection_expiry": "hours=8", 134 "delete_token_on_disconnect": False, 135 "verbose_name": "RAC Provider", 136 "verbose_name_plural": "RAC Providers", 137 "meta_model_name": "authentik_providers_rac.racprovider", 138 "settings": {}, 139 "outpost_set": [], 140 }, 141 "protocol": "rdp", 142 "host": self.allowed.host, 143 "maximum_connections": 1, 144 "settings": {}, 145 "property_mappings": [], 146 "auth_mode": "", 147 "launch_url": f"/application/rac/{self.app.slug}/{str(self.allowed.pk)}/", 148 }, 149 { 150 "pk": str(self.denied.pk), 151 "name": self.denied.name, 152 "provider": self.provider.pk, 153 "provider_obj": { 154 "pk": self.provider.pk, 155 "name": self.provider.name, 156 "authentication_flow": None, 157 "authorization_flow": None, 158 "property_mappings": [], 159 "component": "ak-provider-rac-form", 160 "assigned_application_slug": self.app.slug, 161 "assigned_application_name": self.app.name, 162 "assigned_backchannel_application_name": None, 163 "assigned_backchannel_application_slug": None, 164 "connection_expiry": "hours=8", 165 "delete_token_on_disconnect": False, 166 "verbose_name": "RAC Provider", 167 "verbose_name_plural": "RAC Providers", 168 "meta_model_name": "authentik_providers_rac.racprovider", 169 "settings": {}, 170 "outpost_set": [], 171 }, 172 "protocol": "rdp", 173 "host": self.denied.host, 174 "maximum_connections": 1, 175 "settings": {}, 176 "property_mappings": [], 177 "auth_mode": "", 178 "launch_url": f"/application/rac/{self.app.slug}/{str(self.denied.pk)}/", 179 }, 180 ], 181 }, 182 )
class
TestEndpointsAPI(rest_framework.test.APITestCase):
15class TestEndpointsAPI(APITestCase): 16 """Test endpoints API""" 17 18 def setUp(self) -> None: 19 self.user = create_test_admin_user() 20 self.provider = RACProvider.objects.create( 21 name=generate_id(), 22 ) 23 self.app = Application.objects.create( 24 name=generate_id(), 25 slug=generate_id(), 26 provider=self.provider, 27 ) 28 self.allowed = Endpoint.objects.create( 29 name=f"a-{generate_id()}", 30 host=generate_id(), 31 protocol=Protocols.RDP, 32 provider=self.provider, 33 ) 34 self.denied = Endpoint.objects.create( 35 name=f"b-{generate_id()}", 36 host=generate_id(), 37 protocol=Protocols.RDP, 38 provider=self.provider, 39 ) 40 PolicyBinding.objects.create( 41 target=self.denied, 42 policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), 43 order=0, 44 ) 45 46 def test_list(self): 47 """Test list operation without superuser_full_list""" 48 self.client.force_login(self.user) 49 response = self.client.get(reverse("authentik_api:endpoint-list")) 50 self.assertJSONEqual( 51 response.content.decode(), 52 { 53 "autocomplete": {}, 54 "pagination": { 55 "next": 0, 56 "previous": 0, 57 "count": 2, 58 "current": 1, 59 "total_pages": 1, 60 "start_index": 1, 61 "end_index": 2, 62 }, 63 "results": [ 64 { 65 "pk": str(self.allowed.pk), 66 "name": self.allowed.name, 67 "provider": self.provider.pk, 68 "provider_obj": { 69 "pk": self.provider.pk, 70 "name": self.provider.name, 71 "authentication_flow": None, 72 "authorization_flow": None, 73 "property_mappings": [], 74 "connection_expiry": "hours=8", 75 "delete_token_on_disconnect": False, 76 "component": "ak-provider-rac-form", 77 "assigned_application_slug": self.app.slug, 78 "assigned_application_name": self.app.name, 79 "assigned_backchannel_application_name": None, 80 "assigned_backchannel_application_slug": None, 81 "verbose_name": "RAC Provider", 82 "verbose_name_plural": "RAC Providers", 83 "meta_model_name": "authentik_providers_rac.racprovider", 84 "settings": {}, 85 "outpost_set": [], 86 }, 87 "protocol": "rdp", 88 "host": self.allowed.host, 89 "maximum_connections": 1, 90 "settings": {}, 91 "property_mappings": [], 92 "auth_mode": "", 93 "launch_url": f"/application/rac/{self.app.slug}/{str(self.allowed.pk)}/", 94 }, 95 ], 96 }, 97 ) 98 99 def test_list_superuser_full_list(self): 100 """Test list operation with superuser_full_list""" 101 self.client.force_login(self.user) 102 response = self.client.get( 103 reverse("authentik_api:endpoint-list") + "?superuser_full_list=true" 104 ) 105 self.assertJSONEqual( 106 response.content.decode(), 107 { 108 "autocomplete": {}, 109 "pagination": { 110 "next": 0, 111 "previous": 0, 112 "count": 2, 113 "current": 1, 114 "total_pages": 1, 115 "start_index": 1, 116 "end_index": 2, 117 }, 118 "results": [ 119 { 120 "pk": str(self.allowed.pk), 121 "name": self.allowed.name, 122 "provider": self.provider.pk, 123 "provider_obj": { 124 "pk": self.provider.pk, 125 "name": self.provider.name, 126 "authentication_flow": None, 127 "authorization_flow": None, 128 "property_mappings": [], 129 "component": "ak-provider-rac-form", 130 "assigned_application_slug": self.app.slug, 131 "assigned_application_name": self.app.name, 132 "assigned_backchannel_application_name": None, 133 "assigned_backchannel_application_slug": None, 134 "connection_expiry": "hours=8", 135 "delete_token_on_disconnect": False, 136 "verbose_name": "RAC Provider", 137 "verbose_name_plural": "RAC Providers", 138 "meta_model_name": "authentik_providers_rac.racprovider", 139 "settings": {}, 140 "outpost_set": [], 141 }, 142 "protocol": "rdp", 143 "host": self.allowed.host, 144 "maximum_connections": 1, 145 "settings": {}, 146 "property_mappings": [], 147 "auth_mode": "", 148 "launch_url": f"/application/rac/{self.app.slug}/{str(self.allowed.pk)}/", 149 }, 150 { 151 "pk": str(self.denied.pk), 152 "name": self.denied.name, 153 "provider": self.provider.pk, 154 "provider_obj": { 155 "pk": self.provider.pk, 156 "name": self.provider.name, 157 "authentication_flow": None, 158 "authorization_flow": None, 159 "property_mappings": [], 160 "component": "ak-provider-rac-form", 161 "assigned_application_slug": self.app.slug, 162 "assigned_application_name": self.app.name, 163 "assigned_backchannel_application_name": None, 164 "assigned_backchannel_application_slug": None, 165 "connection_expiry": "hours=8", 166 "delete_token_on_disconnect": False, 167 "verbose_name": "RAC Provider", 168 "verbose_name_plural": "RAC Providers", 169 "meta_model_name": "authentik_providers_rac.racprovider", 170 "settings": {}, 171 "outpost_set": [], 172 }, 173 "protocol": "rdp", 174 "host": self.denied.host, 175 "maximum_connections": 1, 176 "settings": {}, 177 "property_mappings": [], 178 "auth_mode": "", 179 "launch_url": f"/application/rac/{self.app.slug}/{str(self.denied.pk)}/", 180 }, 181 ], 182 }, 183 )
Test endpoints API
def
setUp(self) -> None:
18 def setUp(self) -> None: 19 self.user = create_test_admin_user() 20 self.provider = RACProvider.objects.create( 21 name=generate_id(), 22 ) 23 self.app = Application.objects.create( 24 name=generate_id(), 25 slug=generate_id(), 26 provider=self.provider, 27 ) 28 self.allowed = Endpoint.objects.create( 29 name=f"a-{generate_id()}", 30 host=generate_id(), 31 protocol=Protocols.RDP, 32 provider=self.provider, 33 ) 34 self.denied = Endpoint.objects.create( 35 name=f"b-{generate_id()}", 36 host=generate_id(), 37 protocol=Protocols.RDP, 38 provider=self.provider, 39 ) 40 PolicyBinding.objects.create( 41 target=self.denied, 42 policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), 43 order=0, 44 )
Hook method for setting up the test fixture before exercising it.
def
test_list(self):
46 def test_list(self): 47 """Test list operation without superuser_full_list""" 48 self.client.force_login(self.user) 49 response = self.client.get(reverse("authentik_api:endpoint-list")) 50 self.assertJSONEqual( 51 response.content.decode(), 52 { 53 "autocomplete": {}, 54 "pagination": { 55 "next": 0, 56 "previous": 0, 57 "count": 2, 58 "current": 1, 59 "total_pages": 1, 60 "start_index": 1, 61 "end_index": 2, 62 }, 63 "results": [ 64 { 65 "pk": str(self.allowed.pk), 66 "name": self.allowed.name, 67 "provider": self.provider.pk, 68 "provider_obj": { 69 "pk": self.provider.pk, 70 "name": self.provider.name, 71 "authentication_flow": None, 72 "authorization_flow": None, 73 "property_mappings": [], 74 "connection_expiry": "hours=8", 75 "delete_token_on_disconnect": False, 76 "component": "ak-provider-rac-form", 77 "assigned_application_slug": self.app.slug, 78 "assigned_application_name": self.app.name, 79 "assigned_backchannel_application_name": None, 80 "assigned_backchannel_application_slug": None, 81 "verbose_name": "RAC Provider", 82 "verbose_name_plural": "RAC Providers", 83 "meta_model_name": "authentik_providers_rac.racprovider", 84 "settings": {}, 85 "outpost_set": [], 86 }, 87 "protocol": "rdp", 88 "host": self.allowed.host, 89 "maximum_connections": 1, 90 "settings": {}, 91 "property_mappings": [], 92 "auth_mode": "", 93 "launch_url": f"/application/rac/{self.app.slug}/{str(self.allowed.pk)}/", 94 }, 95 ], 96 }, 97 )
Test list operation without superuser_full_list
def
test_list_superuser_full_list(self):
99 def test_list_superuser_full_list(self): 100 """Test list operation with superuser_full_list""" 101 self.client.force_login(self.user) 102 response = self.client.get( 103 reverse("authentik_api:endpoint-list") + "?superuser_full_list=true" 104 ) 105 self.assertJSONEqual( 106 response.content.decode(), 107 { 108 "autocomplete": {}, 109 "pagination": { 110 "next": 0, 111 "previous": 0, 112 "count": 2, 113 "current": 1, 114 "total_pages": 1, 115 "start_index": 1, 116 "end_index": 2, 117 }, 118 "results": [ 119 { 120 "pk": str(self.allowed.pk), 121 "name": self.allowed.name, 122 "provider": self.provider.pk, 123 "provider_obj": { 124 "pk": self.provider.pk, 125 "name": self.provider.name, 126 "authentication_flow": None, 127 "authorization_flow": None, 128 "property_mappings": [], 129 "component": "ak-provider-rac-form", 130 "assigned_application_slug": self.app.slug, 131 "assigned_application_name": self.app.name, 132 "assigned_backchannel_application_name": None, 133 "assigned_backchannel_application_slug": None, 134 "connection_expiry": "hours=8", 135 "delete_token_on_disconnect": False, 136 "verbose_name": "RAC Provider", 137 "verbose_name_plural": "RAC Providers", 138 "meta_model_name": "authentik_providers_rac.racprovider", 139 "settings": {}, 140 "outpost_set": [], 141 }, 142 "protocol": "rdp", 143 "host": self.allowed.host, 144 "maximum_connections": 1, 145 "settings": {}, 146 "property_mappings": [], 147 "auth_mode": "", 148 "launch_url": f"/application/rac/{self.app.slug}/{str(self.allowed.pk)}/", 149 }, 150 { 151 "pk": str(self.denied.pk), 152 "name": self.denied.name, 153 "provider": self.provider.pk, 154 "provider_obj": { 155 "pk": self.provider.pk, 156 "name": self.provider.name, 157 "authentication_flow": None, 158 "authorization_flow": None, 159 "property_mappings": [], 160 "component": "ak-provider-rac-form", 161 "assigned_application_slug": self.app.slug, 162 "assigned_application_name": self.app.name, 163 "assigned_backchannel_application_name": None, 164 "assigned_backchannel_application_slug": None, 165 "connection_expiry": "hours=8", 166 "delete_token_on_disconnect": False, 167 "verbose_name": "RAC Provider", 168 "verbose_name_plural": "RAC Providers", 169 "meta_model_name": "authentik_providers_rac.racprovider", 170 "settings": {}, 171 "outpost_set": [], 172 }, 173 "protocol": "rdp", 174 "host": self.denied.host, 175 "maximum_connections": 1, 176 "settings": {}, 177 "property_mappings": [], 178 "auth_mode": "", 179 "launch_url": f"/application/rac/{self.app.slug}/{str(self.denied.pk)}/", 180 }, 181 ], 182 }, 183 )
Test list operation with superuser_full_list