authentik.providers.scim.tests.test_application_policies
SCIM Application Policies tests
1"""SCIM Application Policies tests""" 2 3from django.test import TestCase 4 5from authentik.blueprints.tests import apply_blueprint 6from authentik.core.models import Application, Group, User 7from authentik.lib.generators import generate_id 8from authentik.policies.models import PolicyBinding 9from authentik.providers.scim.models import SCIMMapping, SCIMProvider 10from authentik.tenants.models import Tenant 11 12 13class SCIMApplicationPoliciesTests(TestCase): 14 """SCIM Application Policies tests""" 15 16 @apply_blueprint("system/providers-scim.yaml") 17 def setUp(self) -> None: 18 # Delete all users and groups as to only have the test users and groups 19 User.objects.all().exclude_anonymous().delete() 20 Group.objects.all().delete() 21 Tenant.objects.update(avatars="none") 22 23 self.provider: SCIMProvider = SCIMProvider.objects.create( 24 name=generate_id(), 25 url="https://localhost", 26 token=generate_id(), 27 exclude_users_service_account=True, 28 ) 29 self.provider.property_mappings.add( 30 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user") 31 ) 32 self.provider.property_mappings_group.add( 33 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group") 34 ) 35 36 self.app: Application = Application.objects.create( 37 name=generate_id(), 38 slug=generate_id(), 39 ) 40 self.app.backchannel_providers.add(self.provider) 41 42 self.group1 = Group.objects.create(name="group-1") 43 self.group2 = Group.objects.create(name="group-2") 44 self.group3 = Group.objects.create(name="group-3") 45 46 self.users = {} 47 for i in range(1, 5): 48 uid = generate_id() 49 self.users[i] = User.objects.create( 50 username=uid, 51 name=f"{uid} User", 52 email=f"{uid}@goauthentik.io", 53 ) 54 55 self.users[1].groups.add(self.group1) 56 self.users[2].groups.add(self.group2) 57 self.users[4].groups.add(self.group1) 58 self.users[4].groups.add(self.group2) 59 60 def test_no_group_policy(self): 61 """Test with no group policy set""" 62 user_qs = self.provider.get_object_qs(User) 63 64 self.assertEqual( 65 set([self.users[1].pk, self.users[2].pk, self.users[3].pk, self.users[4].pk]), 66 set(user_qs.values_list("pk", flat=True)), 67 ) 68 69 def test_single_group_policy(self): 70 """Test with one group policy set""" 71 PolicyBinding.objects.create(target=self.app, group=self.group1, order=0) 72 73 user_qs = self.provider.get_object_qs(User) 74 75 self.assertEqual( 76 set([self.users[1].pk, self.users[4].pk]), 77 set(user_qs.values_list("pk", flat=True)), 78 ) 79 80 def test_multiple_group_policies(self): 81 """Test with multiple group policies set""" 82 PolicyBinding.objects.create(target=self.app, group=self.group1, order=0) 83 PolicyBinding.objects.create(target=self.app, group=self.group2, order=0) 84 85 user_qs = self.provider.get_object_qs(User) 86 87 self.assertEqual( 88 set([self.users[1].pk, self.users[2].pk, self.users[4].pk]), 89 set(user_qs.values_list("pk", flat=True)), 90 )
class
SCIMApplicationPoliciesTests(django.test.testcases.TestCase):
14class SCIMApplicationPoliciesTests(TestCase): 15 """SCIM Application Policies tests""" 16 17 @apply_blueprint("system/providers-scim.yaml") 18 def setUp(self) -> None: 19 # Delete all users and groups as to only have the test users and groups 20 User.objects.all().exclude_anonymous().delete() 21 Group.objects.all().delete() 22 Tenant.objects.update(avatars="none") 23 24 self.provider: SCIMProvider = SCIMProvider.objects.create( 25 name=generate_id(), 26 url="https://localhost", 27 token=generate_id(), 28 exclude_users_service_account=True, 29 ) 30 self.provider.property_mappings.add( 31 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user") 32 ) 33 self.provider.property_mappings_group.add( 34 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group") 35 ) 36 37 self.app: Application = Application.objects.create( 38 name=generate_id(), 39 slug=generate_id(), 40 ) 41 self.app.backchannel_providers.add(self.provider) 42 43 self.group1 = Group.objects.create(name="group-1") 44 self.group2 = Group.objects.create(name="group-2") 45 self.group3 = Group.objects.create(name="group-3") 46 47 self.users = {} 48 for i in range(1, 5): 49 uid = generate_id() 50 self.users[i] = User.objects.create( 51 username=uid, 52 name=f"{uid} User", 53 email=f"{uid}@goauthentik.io", 54 ) 55 56 self.users[1].groups.add(self.group1) 57 self.users[2].groups.add(self.group2) 58 self.users[4].groups.add(self.group1) 59 self.users[4].groups.add(self.group2) 60 61 def test_no_group_policy(self): 62 """Test with no group policy set""" 63 user_qs = self.provider.get_object_qs(User) 64 65 self.assertEqual( 66 set([self.users[1].pk, self.users[2].pk, self.users[3].pk, self.users[4].pk]), 67 set(user_qs.values_list("pk", flat=True)), 68 ) 69 70 def test_single_group_policy(self): 71 """Test with one group policy set""" 72 PolicyBinding.objects.create(target=self.app, group=self.group1, order=0) 73 74 user_qs = self.provider.get_object_qs(User) 75 76 self.assertEqual( 77 set([self.users[1].pk, self.users[4].pk]), 78 set(user_qs.values_list("pk", flat=True)), 79 ) 80 81 def test_multiple_group_policies(self): 82 """Test with multiple group policies set""" 83 PolicyBinding.objects.create(target=self.app, group=self.group1, order=0) 84 PolicyBinding.objects.create(target=self.app, group=self.group2, order=0) 85 86 user_qs = self.provider.get_object_qs(User) 87 88 self.assertEqual( 89 set([self.users[1].pk, self.users[2].pk, self.users[4].pk]), 90 set(user_qs.values_list("pk", flat=True)), 91 )
SCIM Application Policies tests
@apply_blueprint('system/providers-scim.yaml')
def
setUp(self) -> None:
17 @apply_blueprint("system/providers-scim.yaml") 18 def setUp(self) -> None: 19 # Delete all users and groups as to only have the test users and groups 20 User.objects.all().exclude_anonymous().delete() 21 Group.objects.all().delete() 22 Tenant.objects.update(avatars="none") 23 24 self.provider: SCIMProvider = SCIMProvider.objects.create( 25 name=generate_id(), 26 url="https://localhost", 27 token=generate_id(), 28 exclude_users_service_account=True, 29 ) 30 self.provider.property_mappings.add( 31 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user") 32 ) 33 self.provider.property_mappings_group.add( 34 SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group") 35 ) 36 37 self.app: Application = Application.objects.create( 38 name=generate_id(), 39 slug=generate_id(), 40 ) 41 self.app.backchannel_providers.add(self.provider) 42 43 self.group1 = Group.objects.create(name="group-1") 44 self.group2 = Group.objects.create(name="group-2") 45 self.group3 = Group.objects.create(name="group-3") 46 47 self.users = {} 48 for i in range(1, 5): 49 uid = generate_id() 50 self.users[i] = User.objects.create( 51 username=uid, 52 name=f"{uid} User", 53 email=f"{uid}@goauthentik.io", 54 ) 55 56 self.users[1].groups.add(self.group1) 57 self.users[2].groups.add(self.group2) 58 self.users[4].groups.add(self.group1) 59 self.users[4].groups.add(self.group2)
Hook method for setting up the test fixture before exercising it.
def
test_no_group_policy(self):
61 def test_no_group_policy(self): 62 """Test with no group policy set""" 63 user_qs = self.provider.get_object_qs(User) 64 65 self.assertEqual( 66 set([self.users[1].pk, self.users[2].pk, self.users[3].pk, self.users[4].pk]), 67 set(user_qs.values_list("pk", flat=True)), 68 )
Test with no group policy set
def
test_single_group_policy(self):
70 def test_single_group_policy(self): 71 """Test with one group policy set""" 72 PolicyBinding.objects.create(target=self.app, group=self.group1, order=0) 73 74 user_qs = self.provider.get_object_qs(User) 75 76 self.assertEqual( 77 set([self.users[1].pk, self.users[4].pk]), 78 set(user_qs.values_list("pk", flat=True)), 79 )
Test with one group policy set
def
test_multiple_group_policies(self):
81 def test_multiple_group_policies(self): 82 """Test with multiple group policies set""" 83 PolicyBinding.objects.create(target=self.app, group=self.group1, order=0) 84 PolicyBinding.objects.create(target=self.app, group=self.group2, order=0) 85 86 user_qs = self.provider.get_object_qs(User) 87 88 self.assertEqual( 89 set([self.users[1].pk, self.users[2].pk, self.users[4].pk]), 90 set(user_qs.values_list("pk", flat=True)), 91 )
Test with multiple group policies set