authentik.providers.rac.tests.test_views
RAC Views tests
1"""RAC Views tests""" 2 3from json import loads 4 5from django.urls import reverse 6from rest_framework.test import APITestCase 7 8from authentik.core.models import Application 9from authentik.core.tests.utils import create_test_admin_user, create_test_flow 10from authentik.lib.generators import generate_id 11from authentik.policies.denied import AccessDeniedResponse 12from authentik.policies.dummy.models import DummyPolicy 13from authentik.policies.models import PolicyBinding 14from authentik.providers.rac.models import Endpoint, Protocols, RACProvider 15 16 17class TestRACViews(APITestCase): 18 """RAC Views tests""" 19 20 def setUp(self): 21 self.user = create_test_admin_user() 22 self.flow = create_test_flow() 23 self.provider = RACProvider.objects.create(name=generate_id(), authorization_flow=self.flow) 24 self.app = Application.objects.create( 25 name=generate_id(), 26 slug=generate_id(), 27 provider=self.provider, 28 ) 29 self.endpoint = Endpoint.objects.create( 30 name=generate_id(), 31 host=f"{generate_id()}:1324", 32 protocol=Protocols.RDP, 33 provider=self.provider, 34 ) 35 36 def test_no_policy(self): 37 """Test request""" 38 self.client.force_login(self.user) 39 response = self.client.get( 40 reverse( 41 "authentik_providers_rac:start", 42 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 43 ) 44 ) 45 self.assertEqual(response.status_code, 302) 46 flow_response = self.client.get( 47 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 48 ) 49 body = loads(flow_response.content) 50 next_url = body["to"] 51 final_response = self.client.get(next_url) 52 self.assertEqual(final_response.status_code, 200) 53 54 def test_app_deny(self): 55 """Test request (deny on app level)""" 56 PolicyBinding.objects.create( 57 target=self.app, 58 policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), 59 order=0, 60 ) 61 self.client.force_login(self.user) 62 response = self.client.get( 63 reverse( 64 "authentik_providers_rac:start", 65 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 66 ) 67 ) 68 self.assertIsInstance(response, AccessDeniedResponse) 69 70 def test_endpoint_deny(self): 71 """Test request (deny on endpoint level)""" 72 PolicyBinding.objects.create( 73 target=self.endpoint, 74 policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), 75 order=0, 76 ) 77 self.client.force_login(self.user) 78 response = self.client.get( 79 reverse( 80 "authentik_providers_rac:start", 81 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 82 ) 83 ) 84 self.assertEqual(response.status_code, 302) 85 flow_response = self.client.get( 86 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 87 ) 88 body = loads(flow_response.content) 89 self.assertEqual(body["component"], "ak-stage-access-denied") 90 91 def test_different_session(self): 92 """Test request""" 93 self.client.force_login(self.user) 94 response = self.client.get( 95 reverse( 96 "authentik_providers_rac:start", 97 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 98 ) 99 ) 100 self.assertEqual(response.status_code, 302) 101 flow_response = self.client.get( 102 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 103 ) 104 body = loads(flow_response.content) 105 next_url = body["to"] 106 self.client.logout() 107 final_response = self.client.get(next_url) 108 self.assertEqual(final_response.url, reverse("authentik_core:if-user"))
class
TestRACViews(rest_framework.test.APITestCase):
18class TestRACViews(APITestCase): 19 """RAC Views tests""" 20 21 def setUp(self): 22 self.user = create_test_admin_user() 23 self.flow = create_test_flow() 24 self.provider = RACProvider.objects.create(name=generate_id(), authorization_flow=self.flow) 25 self.app = Application.objects.create( 26 name=generate_id(), 27 slug=generate_id(), 28 provider=self.provider, 29 ) 30 self.endpoint = Endpoint.objects.create( 31 name=generate_id(), 32 host=f"{generate_id()}:1324", 33 protocol=Protocols.RDP, 34 provider=self.provider, 35 ) 36 37 def test_no_policy(self): 38 """Test request""" 39 self.client.force_login(self.user) 40 response = self.client.get( 41 reverse( 42 "authentik_providers_rac:start", 43 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 44 ) 45 ) 46 self.assertEqual(response.status_code, 302) 47 flow_response = self.client.get( 48 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 49 ) 50 body = loads(flow_response.content) 51 next_url = body["to"] 52 final_response = self.client.get(next_url) 53 self.assertEqual(final_response.status_code, 200) 54 55 def test_app_deny(self): 56 """Test request (deny on app level)""" 57 PolicyBinding.objects.create( 58 target=self.app, 59 policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), 60 order=0, 61 ) 62 self.client.force_login(self.user) 63 response = self.client.get( 64 reverse( 65 "authentik_providers_rac:start", 66 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 67 ) 68 ) 69 self.assertIsInstance(response, AccessDeniedResponse) 70 71 def test_endpoint_deny(self): 72 """Test request (deny on endpoint level)""" 73 PolicyBinding.objects.create( 74 target=self.endpoint, 75 policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), 76 order=0, 77 ) 78 self.client.force_login(self.user) 79 response = self.client.get( 80 reverse( 81 "authentik_providers_rac:start", 82 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 83 ) 84 ) 85 self.assertEqual(response.status_code, 302) 86 flow_response = self.client.get( 87 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 88 ) 89 body = loads(flow_response.content) 90 self.assertEqual(body["component"], "ak-stage-access-denied") 91 92 def test_different_session(self): 93 """Test request""" 94 self.client.force_login(self.user) 95 response = self.client.get( 96 reverse( 97 "authentik_providers_rac:start", 98 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 99 ) 100 ) 101 self.assertEqual(response.status_code, 302) 102 flow_response = self.client.get( 103 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 104 ) 105 body = loads(flow_response.content) 106 next_url = body["to"] 107 self.client.logout() 108 final_response = self.client.get(next_url) 109 self.assertEqual(final_response.url, reverse("authentik_core:if-user"))
RAC Views tests
def
setUp(self):
21 def setUp(self): 22 self.user = create_test_admin_user() 23 self.flow = create_test_flow() 24 self.provider = RACProvider.objects.create(name=generate_id(), authorization_flow=self.flow) 25 self.app = Application.objects.create( 26 name=generate_id(), 27 slug=generate_id(), 28 provider=self.provider, 29 ) 30 self.endpoint = Endpoint.objects.create( 31 name=generate_id(), 32 host=f"{generate_id()}:1324", 33 protocol=Protocols.RDP, 34 provider=self.provider, 35 )
Hook method for setting up the test fixture before exercising it.
def
test_no_policy(self):
37 def test_no_policy(self): 38 """Test request""" 39 self.client.force_login(self.user) 40 response = self.client.get( 41 reverse( 42 "authentik_providers_rac:start", 43 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 44 ) 45 ) 46 self.assertEqual(response.status_code, 302) 47 flow_response = self.client.get( 48 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 49 ) 50 body = loads(flow_response.content) 51 next_url = body["to"] 52 final_response = self.client.get(next_url) 53 self.assertEqual(final_response.status_code, 200)
Test request
def
test_app_deny(self):
55 def test_app_deny(self): 56 """Test request (deny on app level)""" 57 PolicyBinding.objects.create( 58 target=self.app, 59 policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), 60 order=0, 61 ) 62 self.client.force_login(self.user) 63 response = self.client.get( 64 reverse( 65 "authentik_providers_rac:start", 66 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 67 ) 68 ) 69 self.assertIsInstance(response, AccessDeniedResponse)
Test request (deny on app level)
def
test_endpoint_deny(self):
71 def test_endpoint_deny(self): 72 """Test request (deny on endpoint level)""" 73 PolicyBinding.objects.create( 74 target=self.endpoint, 75 policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), 76 order=0, 77 ) 78 self.client.force_login(self.user) 79 response = self.client.get( 80 reverse( 81 "authentik_providers_rac:start", 82 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 83 ) 84 ) 85 self.assertEqual(response.status_code, 302) 86 flow_response = self.client.get( 87 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 88 ) 89 body = loads(flow_response.content) 90 self.assertEqual(body["component"], "ak-stage-access-denied")
Test request (deny on endpoint level)
def
test_different_session(self):
92 def test_different_session(self): 93 """Test request""" 94 self.client.force_login(self.user) 95 response = self.client.get( 96 reverse( 97 "authentik_providers_rac:start", 98 kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, 99 ) 100 ) 101 self.assertEqual(response.status_code, 302) 102 flow_response = self.client.get( 103 reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) 104 ) 105 body = loads(flow_response.content) 106 next_url = body["to"] 107 self.client.logout() 108 final_response = self.client.get(next_url) 109 self.assertEqual(final_response.url, reverse("authentik_core:if-user"))
Test request